3103 Workbook

8/10/2019 3103 Workbook

http://slidepdf.com/reader/full/3103-workbook 1/91

Self Study Manuals

SUSE Linux Enterprise Server 11 Administration / Workbook - Course 3103

SUSE Linux Enterprise Server 11 Administration / Workbook

Introduction

This workbook is designed to help you practice the skills associated with SUSE LinuxEnterprise Server 11 Administration (Course 3103) objectives.

These skills, along with those taught in the SUSE Linux Enterprise 11 Fundamentals (3101)

and SUSE Linux Enterprise 11 Administration (3102) courses, prepare you to take theNovell ® Certified Linux ® Professional 11 (Novell CLP11) certification practicum test.

NOTE: Instructions for setting up a self-study environment are in the directory Setup on theCourse DVD.

Before starting the exercises in this workbook, you need to review the following:

• "Course Scenario"

• "Exercise Conventions"

Course Scenario

The exercises in this course center around the fictional Digital Airlines Company that hasoffices at various airports around the globe.

The Digital Airlines management has made the decision to migrate several back-end servicesto Linux servers running SUSE Linux Enterprise Server 11.

You have already installed SUSE Linux Enterprise Server 11 before and are familiar withadministering SUSE Linux Enterprise Server 11 from YaST and from the command line.

The migration plan includes the following:

• Providing basic networking services as well as file and print services

• Introducing of IPv6

• Automating tasks using shell scripts

• Installing of desktops and servers using AutoYaST

8/10/2019 3103 Workbook


• Virtualizing with Xen

Your task is to set up a test server in the lab to enhance your skills in these areas.

Exercise Conventions

When working through an exercise, you will see conventions that indicate information youneed to enter that is specific to your server.

The following describes the most common conventions:

• italicized text : This is refers to your unique situation, such as the hostname of your

server.

For example, supposing the hostname of your server is da50 and you see the following

hostname .digitalairlines.com

You would enter

da50.digitalairlines.com

• 172.17.8. xx : This is the IP address that is assigned to your SUSE Linux EnterpriseServer 11.

For example, supposing your IP address is 172.17.8.50 and you see the following

172.17.8. xx

You would enter

172.17.8.50

• Select: The word select is used in exercise steps with reference to menus where you

can choose between different entries, such as drop-down menus.

• Enter and Type: The words enter and type have distinct meanings.

The word enter means to type text in a field or at a command line and press the Enterkey when necessary. The word type means to type text without pressing the Enter key.

If you are directed to type a value, make sure you do not press the Enter key or you

might activate a process that you are not ready to start.

8/10/2019 3103 Workbook


Enable Fundamental Network Services

This section contains the following exercises:

• "Set Up and Manage Network File System (NFS)"

Set up and manage NFS on the server and on the client.

• "Configure ntpd"

Configure your server to get time information from another server.

• "Configure the Internet Daemon (xinetd)"

Use xinetd to run the Telnet and the Finger service on your server.

• "Configure Anonymous PureFTPd Access"

Configure anonymous FTP access with the permission to upload files, but make the

download of those files depend on administrator approval.

Set Up and Manage Network File System (NFS)

In the first part of this exercise, you create a /export/documentation directory, copydocuments from /usr/share/doc/manual/ into it, and export it to others using NFS.

In the second part, you create the /import/docs directory and use it as mountpoint to import

the /export/documentation directory from your own server using NFS. Create an /etc/fstabentry to mount the directory automatically at boot time.

In the third part, you create the /data and /export/data directories, and then create some filesin /data. Export the /export and /data directories using NFSv4. The /export directory should bethe pseudo-root directory, with the content of /data appearing in /mountpoint/data for the

clients. Mount the exported pseudo-root directory to /mnt using NFSv4 and check if thecontent of /mnt/ and /mnt/data is as expected.

In the fourth part, you configure the automounter on da-host to mount the /home directory

from the server to the /remote-home directory.

You can use the command line interface or YaST to do parts one to three. The following step-by-step description uses YaST. The automounter configuration is done with a text editor.

Detailed Steps to Complete the Exercise

• "Part I: Set Up an NFS Server"

8/10/2019 3103 Workbook


• "Part II: Add a Remote File System to the NFS Client"

• "Part III: Export a File System Using NFS Version 4"

• "Part IV: Configure the automounter"

Part I: Set Up an NFS Server

On da-host, do the following:

1. Open a terminal window and su - to root (password: novell).

2. Create the /export/documentation directory by entering

mkdir -p /export/documentation

3. Copy some files into that directory using the following commands

cd /export/documentation

cp /usr/share/doc/manual/sles-admin_en-pdf/* .

4. Start the YaST NFS Server Configuration module by entering yast2 nfs_server &.

If a dialog appears that informs you that packages, such as nfs-kernel-server, need tobe installed, select Install.

A NFS Server Configuration dialog appears.

5. Select the Start button in the NFS server section of the dialog.

6. Deselect the Enable NFSv4 check box, then continue by selecting Next.

A Directories to Export dialog appears.

7. Add the /export/documentation directory to the list of directories:

1. Select Add Directory.

A dialog appears where you have to specify the directory to export.

2. Type /export/documentation, then select OK.

In case the directory does not exist, a message informs you of the fact and asks

if you want to create it. After confirmation, a dialog appears with fields forspecifying a Host Wild Card and Options.

8/10/2019 3103 Workbook


3. Change the preset values to match the following, then select OK.

• Hosts Wild Card: *

• Options: rw,root_squash,sync,no_subtree_check (make sure you replace"ro" with "rw")

The directory is added to the list.

8. Save the changes to the system by selecting Finish.

9. At the terminal window, verify that the file system was exported by entering the

following:

showmount -e localhost

10.View the entry made by YaST to the file /etc/exports by entering cat /etc/exports

.

You should see the settings you entered in YaST.

Part II: Add a Remote File System to the NFS Client

This exercise uses localhost as the NFS server. This does not require a separate NFS server.

On da-host, do the following:

1. In the terminal window where you switched to the root account, create a mountpoint

named /import/docs for the remote file system to be mounted on your server byentering the following:

mkdir -p /import/docs

2. Add a remote file system to the NFS Client Configuration.

1. Start the NFS Client Configuration from the terminal window by entering yast2

nfs &.

Mount a remote file system by selecting the NFS Shares tab, then click Add.

A dialog appears for adding the remote file system.

2. Specify the following, then select OK.

• NFS Server Hostname: 127.0.0.1 (this is the local host address)

• Remote Directory: /export/documentation/

8/10/2019 3103 Workbook


• Mount Point (local): /import/docs

• NFSv4 Share: unchecked

• Options: defaults,soft

You are returned to the NFS Client Configuration dialog which now lists theremote Directory.

3. Select the NFS Settings tab and deselect Enable NFSv4 .

4. Save the changes to the system by selecting OK.

5. At the terminal window, verify that the file system is mounted by entering mount.

You see the remote host's directory mounted on /import/docs.

6. List the files in the mounted file system by entering

ls -l /import/docs

7. Check the entry entered by YaST in the /etc/fstab file by entering

cat /etc/fstab.

This entry ensures that the file system is mounted each time the server boots.

Part III: Export a File System Using NFS Version 4

Do the following:

1. If your da1 virtual machine is not running, start the VMware player and the da1 virtualmachine.

2. Log in to da1 as geeko, open a terminal window, and su - to root (password: novell).

3. On da1, create the /data directory and some files in it using these commands:

mkdir /data

touch /data/file{1,2,3}

4. Edit the /etc/exports file so it contains the following lines (delete any lines that mightalready exist in the file first):

/export *(fsid=0,crossmnt,ro,no_subtree_check,sync)

8/10/2019 3103 Workbook


/export/data

*(ro,no_subtree_check,sync,bind=/data)

5. Save the file and close the editor

6. Make sure that NFSv4 support is turned on.

Open the /etc/sysconfig/nfs file in an editor and make sure the variable NFS4 support

is set to "yes". If set to "no," change it so it looks like the following:

NFS4_SUPPORT="yes"

7. Save the file and close the editor.

8. Restart the NFS server with this command:

rcnfsserver restart

9. Check if the bind-mount is correct using these commands:

mount

ls /export/data

You should see the files you created in /data.

10.On da-host, open a terminal window, su - to root, and mount the directories you justexported on da1 to the /mnt directory using NFSv4:

mount -t nfs4 da1.digitalairlines.com:/ /mnt

11.Using ls, check if the files from /data on the server are visible in /mnt/data on theclient.

Part IV: Configure the automounter

Do the following:

1. If your da1 virtual machine is not running, start the VMware player and the virtual

machine.

2. Log in to da1 as geeko, open a terminal window, and su - to root (password: novell).

3. On da1, open the /etc/exports file in an editor to include the following two lines (the firstline should already exist from Part III of this exercise, and the line starting with

/export/data can remain in the file):

8/10/2019 3103 Workbook


/export *(fsid=0,crossmnt,ro,root_squash,sync,no_subtree_check)

/export/home

*(rw,root_squash,sync,no_subtree_check,bind=/home)


5. On da1, restart the NFS server with the command rcnfsserver restart .

6. On da1, make sure the NFS server is started automatically when the system boots byentering the command chkconfig nfsserver on .

7. On da-host, open a terminal window and su - to root.

8. Open the /etc/auto.master file in an editor and make the following changes:

• Add a comment sign ( #) in front of +auto.master.

• Add the following line at the end of the file:

/remote-home /etc/auto.remote-home


10.Create the /remote-home directory with this command:

mkdir /remote-home

11.Create the new /etc/auto.remote-home file by entering

vi /etc/auto.remote-home

then add the following line to it:

* -fstype=nfs4,rw,nosuid,nodev 172.17.8.101:/home/&

12.Save the file and close the editor.

13.Start the automounter with the command rcautofs start.

14.View the content of /remote-home using ls.

15.View the content of /remote-home/geeko using ls.

16.View the mounted file system using mount

8/10/2019 3103 Workbook


17.Stop the automounter again with rcautofs stop.

Configure ntpd

In this exercise, you configure your server to get time information from another server.

Set up an NTP server on your machine that gets its time from a server on the Internet. (If youdo not have Internet access, you can still do the exercise, but your time won't be

synchronized with an external server.)


Do the following on da-host:

1. At a terminal window, su - to root (password: novell).

2. View the system date and time by entering date.

Record the time:

3. View the hardware clock time by entering hwclock.

4. Configure the NTP server with YaST.

1. Start the YaST Control Center and select Network Services > NTP Configuration.

The Advanced NTP Configuration dialog appears.

2. On the General Settings tab, under Start NTP daemon , select Now and On

Boot.

3. Make sure the Runtime Configuration Policy is set to Auto and click Add.

The New Synchronization dialog appears.

4. Select Server as the type, then click Next.

The NTP Server dialog appears.

5. In the Server Settings pane, select Public NTP Server from the drop-downmenu.

The Public NTP Server dialog appears.

6. From the Country drop-down menu, select your country or a country

geographically near your country.

8/10/2019 3103 Workbook


7. From the Public NTP Servers drop-down menu, select a public NTP server that

according to its policy allows you to use it as time source.

8. Click OK > OK.

You are returned to the Advanced NTP Configuration dialog

9. Save the NTP configuration by clicking OK.

5. At the terminal window, view the status of the NTP time synchronization by entering

rcntp status.

The output will vary depending on the time passed since ntpd was started and whetheror not the NTP server you configured can actually be reached from your computer.

6. View the log of the NTP server by entering

tail -f /var/log/ntp

Stop tail by pressing Ctrl+c.

7. View the changes made to the /etc/ntp.conf file by entering less /etc/ntp.conf

Notice that the NTP server is the server you selected earlier.

8. Check the hardware clock time by entering hwclock.

9. Set the hardware clock from the system time by entering the following:

hwclock --systohc

10.Check the new hardware clock time by entering hwclock.

11.Close all open windows.

Configure the Internet Daemon (xinetd)

In the first part of this exercise, use the YaST Network Services (xinetd) module to set up a

Telnet server on your computer.

In the second part, install the Finger service, and edit its configuration in /etc/xinetd.d/ toactivate the service.


• "Part I: Enable xinetd Services with YaST"

8/10/2019 3103 Workbook


• "Part II: Enable an xinetd Services Manually"

Part I: Enable xinetd Services with YaST


1. Start the YaST Control Center and select Network Services > Network Services(xinetd) .

The Network Services Configuration (xinetd) dialog appears.

2. Select Enable.

A list of currently available services becomes active.

3. Scroll down and select the service telnet (Server: /usr/sbin/in.telnetd), then set the

service to On by selecting Toggle Status (On or Off).

If the telnet-server package is not yet installed, it will be installed now. Insert theinstallation DVD as needed and select Install.

4. Save the configuration to the system by selecting Finish.

5. Test the configuration.

1. Open a terminal window and telnet to localhost by entering telnet

localhost.

2. Log in as geeko (password: novell).

3. Log out by entering exit.

4. On da1, open a terminal window and telnet to da-host.digitalairlines.com byentering

telnet da-host.digitalairlines.com

5. Log in as geeko (password: novell).

6. Log out by entering exit.

Part II: Enable an xinetd Services Manually

Enable the finger server on da-host by doing the following:


8/10/2019 3103 Workbook


2. Install the finger-server package if it is not yet installed:

rpm -q finger-server || yast -i finger-server

3. At the terminal window, edit the /etc/xinetd.d/finger file by entering

vi /etc/xinetd.d/finger

4. At the bottom of the file, change the disable = yes setting to the following:

disable = no

5. Save the changes and close vi.

6. Restart the service xinetd by entering rcxinetd restart.

7. Test the Finger service by doing the following:

1. On da1, open a terminal window.

2. Get the finger information available at da-host by entering

finger @da-host.digitalairlines.com

3. Get the finger information available for a specific user by entering

finger [email protected]

8. Optional: Change the Finger configuration to allow access only at certain times during

the day. Test your configuration.

9. Stop the service xinetd by entering rcxinetd stop.

Configure Anonymous PureFTPd Access

In this exercise, you configure anonymous FTP access with the permission to upload files.

Make sure that the files cannot be downloaded again without permission from the system

administrator. Test your setup by uploading a file and trying to download it again. As a systemadministrator, allow downloading the file, then try again to do so.


Do the following on da1:

1. Open a terminal window, then su - to root (password: novell).

8/10/2019 3103 Workbook


2. Install the pure-ftpd package if it is not yet installed:

rpm -q pure-ftpd || yast -i pure-ftpd

3. Open the /etc/pure-ftpd/pure-ftpd.conf file in an editor.

Allow anonymous users to upload files to the FTP server by changing theAnonymousCantUpload parameter to no.

4. Make sure that files that are owned by the user ftp cannot be downloaded by verifying

that AntiWarez is set to yes.

5. When you finish, save the file and close the editor.

6. Start the PureFTPd server by entering rcpure-ftpd start .

7. Change the ownership of the /srv/ftp directory to the user ftp by entering .

chown ftp /srv/ftp

8. Log in by entering ftp localhost; log in using the name ftp.

9. Verify that you can upload files as the anonymous ftp user.

1. Change to binary transfer mode by entering bin.

2. Upload the /usr/lib/rpm/gnupg/suse-build-key file by entering the following:

lcd /usr/lib/rpm/gnupg put suse-build-key.gpg

3. Try to download the file by entering:

get suse-build-key.gpg

You should see a message that the file has not yet been approved fordownload.

4. Exit the FTP session by entering bye.

10.Verify that the file was uploaded by entering

cd /srv/ftp

ls -l.

The file is listed.

8/10/2019 3103 Workbook


11.Change ownership of the file and make sure that the FTP server can access the file:

chown geeko /srv/ftp/suse-build-key.gpg

chmod 444 /srv/ftp/suse-build-key.gpg

12.Change to your home directory by entering cd.

13.Enter ftp localhost, log in with the username ftp and again try to download thesuse-build-key.gpg file.

This should succeed now.

14.Close the ftp client by entering bye.

15.Close the terminal window.

Manage Printing


• "Configure Printers"

Add a local printer and print to a remote queue.

• "Manage Printers from the Command Line"

Practice managing printer queues from the command line.

• "Manage Access"

Administer access to your CUPS server.

• "Use the Web Interface to Manage a CUPS Server"

Add a second printer via the web frontend of CUPS

Configure Printers

In this exercise, you add a local printer and print to a remote queue. (For the purpose of thisexercise it is not necessary for a printer to be connected to your computer.)

The exercise has two parts.

In the first part, use YaST to add a printer to your printer configuration. Configure a parallel

8/10/2019 3103 Workbook


printer model HP Laserjet 4 with hplj4 as the name of the print queue. Configure the printer to

use A4 as the default paper size.

In the second part, configure a queue called colorlaserjet on the host da1. Access this queue

from your host da-host.

Detailed Steps to Complete This Exercise:

• "Part I: Add a Printer"

• "Part II: Print to a Remote CUPS Printer"

Part I: Add a Printer

To add a printer on da-host, do the following:

1. On da-host, start the YaST Control Center and select Hardware > Printer .

The Printer Configurations dialog appears.

2. Add a new queue for a printer by selecting Add.

The Add New Printer Configuration dialog appears.

3. Under Determine Connection, make sure parallel:/dev/lp0 is selected in the upper partof the dialog.

4. Under Search for Drivers, enter LaserJet 4 , then click Show Matching Drivers.

A list of drivers appears.

5. Scroll down the list and highlight the recommended driver for HP LaserJet 4.

6. Under Set Name type hplj4 then click OK.

You are returned to the Printer Configurations main dialog, with the HP LaserJet 4

printer listed as a local printer.

7. Make sure the HP LaserJet 4 printer is highlighted, then click Edit.

The Modify hplj4 dialog appears.

8. Click All Options for the Current Driver.

A Driver Options for Queue hplj4 dialog appears.

8/10/2019 3103 Workbook


9. From the paper sizes, select A4, then click OK.

You are returned to the Modify hplj4 dialog.

10.Select Default Printer, in the Location box, type My office, then click OK.

You are returned to the Printer Configurations main dialog.

11.Finish the configuration by clicking OK, then close the YaST Control Center.

Part II: Print to a Remote CUPS Printer

This exercise involves configuring printing on the da1 virtual machine and accessing it fromda-host.

To print to a remote CUPS printer, do the following:

1. (Conditional) If your da1 virtual machine is not running, start the VMware player andthe virtual machine.

2. Log in to da1 as geeko and start the YaST Control Center.

3. Repeat Part I of this exercise on da1, using the following information:

• Search for Drivers: Color LaserJet 4500

• Set Name: colorlaser

1. On da1, in the main Printer Configurations dialog, select Share Printers.

2. In the Share Printers dialog, select the following options, then click OK and confirm themessages that appear.

• Allow remote access

• For computers within the local network

• Publish printers by default in the local network

3. On da1, click OK to close the YaST Printer Configurations dialog.

4. On da-host, from the YaST Control Center, select Hardware > Printer .

The Printer Configurations dialog appears.

5. Note that there is an additional entry listing the remote colorlaser queue, then close the

8/10/2019 3103 Workbook


dialog by clicking OK.

6. Test the remote printer by entering the following command in a terminal window:

lp -d colorlaser /etc/fstab

You should see a message similar to the following:

request id is colorlaser-1 (1 file(s))

Manage Printers from the Command Line

In this exercise, you practice managing printer queues from the command line.

Use the lpr and lp commands to print the /etc/hosts file to the queue hplj4. View the jobs

using lpq and lpstat. Delete the first job using lprm.



1. Open a terminal window.

2. Send a print job to the HP LaserJet 4 printer using the Berkeley printer commands.

1. Send the /etc/hosts file to be printed by entering

lpr -P hplj4 /etc/hosts

2. View the print queue for hplj4 by entering the following Berkeley command:

lpq -P hplj4

3. Send a print job to the HP LaserJet 4 printer using the System V printer commands.

1. Send the /etc/hosts file to the printer by entering

lp -d hplj4 /etc/hosts

2. View the print queue for hplj4 by entering the following Berkeley command:

lpstat hplj4

4. At the terminal window, cancel the first print job by entering the following Berkeleycommand (use the jobnumber displayed in Step 2b above):

lprm -P hplj4 jobnumber

8/10/2019 3103 Workbook


5. Enter lpstat hplj4.

The first print job has been deleted.

6. Check the status of the printer by entering

lpc status

Manage Access

In this exercise, you learn how to administer access to the CUPS server on da1.

By default, access to the /admin resource of the CUPS server is limited to localhost. Changethe configuration of CUPS on da1 to allow access to the resource from da-host based on its

IP address.


To manage access to the CUPS server, do the following:

1. Open the Firefox browser on da-host.

2. In the address bar, enter

http://172.17.8.101:631/

You should see the CUPS main page.

3. Click the Admin tab.

You should see a 403 Forbidden message.

4. On da1, open a terminal window and su - to root (password: novell).

5. Open the /etc/cups/cupsd.conf file in vi.

6. Scroll down to the <Location /admin> section.

7. Within that location directive, add the line

Allow 172.17.8.1

If there is a Deny all entry within that location directive, put a comment sign (#) in frontof it so the line looks like this:

# Deny all

8/10/2019 3103 Workbook



9. Restart the CUPS server by entering rccups restart.

10.In the Firefox browser, on da-host open http://172.17.8.101:631/.

You should see the CUPS main page.

Click the Admin tab.

After being redirected to https://172.17.8.101:631/admin and accepting the certificate,you should see the Admin page.

Use the Web Interface to Manage a CUPS Server

In this exercise, add a second printer via the Web frontend of CUPS (even though a second

printer is not physically available at your workstation).

Using the web interface, add a network printer, the model being HP LaserJet 4050 , and itsname Fictive.



1. Start a Web browser on your workstation.

2. Enter http://localhost:631/ as the URL in your browser window.

3. Select the Administration tab.

4. To add the (nonexistent) printer, select Add Printer.

5. Under Name, type Fictive.

6. Under Location, type Nowhere.

7. Under Description, type This printer does not exist.

8. Select Continue.

If there is a warning message from the browser about sending information over an

unencrypted connection, select Continue.

After some time (this can take minutes), a Device for Fictive dialog appears.

9. From the Device pull-down menu, select AppSocket/HP JetDirect , then select

8/10/2019 3103 Workbook


Continue.

The Device URI for Fictive dialog appears.

10.As Device URI, enter

socket://172.17.8.250:9100

Select Continue.

The Make/Manufacturer for Fictive dialog appears.

11.From the Make/Manufacturer for Fictive pull-down menu, select HP, then selectContinue.

The Model/Driver for Fictive dialog appears.

12.From the Model/Driver list, select one of the HP LaserJet 4050 Series Postscript

(recommended) (en) drivers, then select Add Printer.

13.In the Authentication dialog, type root as the username and novell as the password.

14.Select OK.

15.You should get the following message

Printer Fictive has been added successfully.

After a few moments, the Fictive: Options installed page appears. Review the availableoptions.

16.Select the Printers tab to see the new printer in the list.

This section contains the following exercise:

• "Configure OpenLDAP on SLES 11"

Install and configure OpenLDAP on your SLES 11 server.

Configure OpenLDAP on SLES 11

In this exercise, you install and configure an LDAP server on da-host. You then configure the

LDAP client on your DA1 server and on your workstation such that they can use either theirlocal files or the LDAP directory for authentication.

8/10/2019 3103 Workbook



• "Part I: Configure an LDAP Server on da-host"

• "Part II: Configure the LDAP Client on da-host"

•"Part III: Configure the LDAP Client on da1"

• "Part IV: Manage Entries in the LDAP Directory"

Part I: Configure an LDAP Server on da-host

First, you need to install and configure an LDAP directory server on da-host:

1. On da-host, start YaST and select Network Services > LDAP Server .

2. When prompted to install the openldap2 packages, select Install.

Wait while the packages are installed. When complete, an LDAP Server Configuration,General Settings dialog appears.

3. On the General Settings screen, configure the following:

1. Under Start LDAP Server, verify that Yes is selected.

2. Select Register at an SLP Daemon.

3. If your server's host firewall is enabled, select Open Port in Firewall .

4. Select Next.

an LDAP Server Configuration, TLS Settings dialog appears.

5. Enable encryption using TLS by doing the following:

1. Verify that Enable TLS is selected.

2. Verify that Enable LDAP Over SSL (ldaps) Interface is selected.

3. Verify that Use Common Server Certificate is selected.

NOTE: If you cannot mark Use Common Server Certificate, then this certificate

wasn't created during installation. In this case you have to click LaunchCAManagement Module and create a CA and common server certificate.

6. Select Next.

8/10/2019 3103 Workbook


The Basic Database Settings screen is displayed:

Configuring LDAP Database Settings

7. Configure your database settings.

1. Verify that the Database Type field is set to hdb.

2. Verify that dc=digitalairlines,dc=com has been entered for you in the Base DN

field.

3. Verify that cn=Administrator is listed in the Administrator DN field.

8/10/2019 3103 Workbook


4. Verify that Append Base DN is marked.

5. In the Password fields, type the password novell for the Administrator user.

8. Select Next.

9. On the Summary screen, select Finish.

10.In YaST, select LDAP Server again.

11.Select Databases > dc=digitalairlines,dc=com > Password Policy Configuration .

The following is displayed:

Configuring Password Policy Settings

8/10/2019 3103 Workbook


12.Enable password policy settings for your LDAP server.

1. Select Enable Password Policies.

2. Select Hash Clear Text Passwords.

3. Verify that cn=Default Policy is listed in the Default Policy Object DN field.

4. Verify that Append Base DN is selected.

5. Select Edit Policy.

6. When prompted, type a password of novell, then select OK.

8/10/2019 3103 Workbook


7. Select the Password Aging Policies tab.

The following screen is displayed:

Configuring Password Policies

8. Specify a minimum password age of 4 hours.

9. Specify a maximum password age of 120 days.

10.In the Time before Password Expiration to Issue Warning field, specify 5 days.

11.In the Allowed Uses of an Expired Password field, enter 3.

12.Select the Lockout Policies tab.


Configuring Lockout Policies

1. Select Enable Password Locking.

2. In the Bind Failures to Lock the Password field, enter 5.

3. Specify a password lock duration of 5 minutes.

4. Specify a bind failures cache duration of 7 days.

5. Select OK.

2. On the Password Policy Setting screen, select OK.

3. Verify that the LDAP daemon is running by entering (as root) in a terminal windowrcldap status.

You should see a status of running.

Part II: Configure the LDAP Client on da-host

With the LDAP server running on da-host, you now need to configure the LDAP client on da-

8/10/2019 3103 Workbook


host such that authentication can occur via either the local files ( /etc/passwd, /etc/shadow,

and so on) or the LDAP directory on da-host.


1. In YaST, select Network Services > LDAP Client .


Configuring the LDAP Client

2. Select Use LDAP.

3. Verify that 127.0.0.1 is listed in the Addresses of LDAP Servers field.

4. In the LDAP Base DN field, enter dc=digitalairlines,dc=com.

5. Verify that LDAP TLS/SSL is selected.

6. Select Create Home Directory on Login.

7. Select Advanced Configuration.

8. Select the Administration Settings tab, shown below:

Configuring Administration Settings

9. Verify that ou=ldapconfig,dc=digitalairlines,dc=com is listed in the Configuration Base

DN field.

10.In the Administrator DN field, enter cn=Administrator.

11.Select Append Base DN.

12.Select Create Default Configuration Objects.

13.Configure the YaST Group and User Administration modules.

1. Select Configure User Management Settings.

8/10/2019 3103 Workbook


2. When prompted, enter a password of novell.

3. When prompted that the ldapconfig organizational unit doesn't exist, select Yesto created it now.

4. Select New.

5. To create a new user configuration module, select suseUserConfiguration.

6. In the Name of New Module field, type Users; then select OK.

You should see the following:

Configuring LDAP Modules

1. On the Module Configuration screen, select New.

2. To create a new group template, make sure suseGroupConfiguration is marked.

3. In the Name of New Module field, type Groups; then select OK.

4. On the Module Configuration screen, select OK.

5. On the Advanced Configuration screen, select OK.

2. In the LDAP Client Configuration screen, select OK.

3. Conditional: Install the pam_ldap and nss_ldap packages by selecting Install when

prompted.

Part III: Configure the LDAP Client on da1

Next, you need to configure the LDAP client on da1such that authentication can occur viaeither the local files ( /etc/passwd, /etc/shadow) or the LDAP directory on da-host.

Do the following on da1:

1. If necessary, log into da1as geeko with a password of novell.

2. Start YaST and select Network Services > LDAP Client .

3. Select Use LDAP.

8/10/2019 3103 Workbook


4. In the Addresses of LDAP Servers field, enter da-host.digitalairlines.com.

5. In the LDAP Base DN field, enter dc=digitalairlines,dc=com.

6. Verify that LDAP TLS/SSL is selected.

7. Select Create Home Directory on Login.

8. Select Advanced Configuration.

9. Select the Administration Settings tab.

10.In the Administrator DN field, enter cn=Administrator.

11.Select Append Base DN, then select OK.

12.On the LDAP Client Configuration screen, select OK.

13.Conditional: Install the pam_ldap and nss_ldap packages by selecting Install whenprompted.

Part IV: Manage Entries in the LDAP Directory

With LDAP configured on your server and your server and workstation configured to use

LDAP for authentication, you can now manage users and groups in the directory tree.

Complete the following on either da1 or da-host:

1. Create a new user using the YaST User and Group Management module.

1. In YaST, select Security and Users > User and Group Management .

2. Select Set Filter > LDAP Users .

An LDAP Server Password dialog appears.

3. In the LDAP Server Password field, enter novell.

4. In the User and Group Administration dialog, Select Add.

5. In the New LDAP User dialog, select the User Data tab and enter the following

user information:

• First Name: Tux

• Last Name: Penguin

8/10/2019 3103 Workbook


• Username: tux

• Password: novell

6. Select OK.

7. When prompted that the password is too simple, select Yes > Yes.

In the User and Group Adminstration dialog, you should see the tux useraccount added.

8. Select OK.

9. Close YaST.

2. Test your LDAP configuration by logging in as tux.

1. Open a terminal and enter su tux.


You should see the various home directory folders created as the tux user logs

in, as shown below:

geeko@da-host:~/Desktop> su tux

Password

Creating

Creating

Creating

Creating

tux@da-h

3. At the shell prompt, enter exit.

3. Create an LDIF file to create a new LDAP user account from the shell prompt by doingthe following:

1. Open a terminal session.

2. Using a text editor, create a newuser.ldif file with the following content:

8/10/2019 3103 Workbook


# trixi LDIF

dn:

cn=trixi,ou=People,dc=digitalairlines,dc=com

changetype: add

objectClass:inetOrgPerson

cn: trixi

givenName: Trixi

sn: Penguin

mail:

[email protected]

uid: trixi

telephoneNumber:

801-555-7000

NOTE: You can find this file on your 3103 Course DVD


4. At the shell prompt, enter in one line:

ldapadd -x -D cn=Administrator,dc=digitalairlines,dc=com -W -f

newuser.ldif


You should see the trixi user added, as shown below:

da-host:~ # vi newuser.ldif

da-host:~ # ldapadd -x

-W -f newuser.ldif

Enter LDAP Password:

adding new entry "cn=tr

8/10/2019 3103 Workbook


da-host:~ #

6. View your LDAP directory tree using the YaST LDAP Browser module.

1. Start YaST and select Network Services > LDAP Browser .

2. On the LDAP Connections screen, select Add.

3. Type a name of da-host for the connection, then select OK.

4. In the LDAP Server field, type da-host.digitalairlines.com.

5. In the Administrator DN field, type cn=Administrator,dc=digitalairlines,dc=com.

6. In the LDAP Server Password field, type novell.

7. Select the LDAP TLS option, then select OK.

8. In the left pane, click dc=digitalairlines,dc=com.

9. Expand ou=people.

You should see the trixi and tux users, as shown below:

Viewing LDAP Users in the LDAP Browser

8/10/2019 3103 Workbook


10.If time permits, explore the attributes and values associated with the two usersyou added.

11.When complete, select Close.

12.Close YaST, then close the terminal window.

Configure and Use Samba


8/10/2019 3103 Workbook


• "Create a Basic Samba Share"

Create a Samba share.

• "Configure Samba to Use LDAP Authentication"

Configure Samba to store its user accounts in an LDAP directory.

• "Work with Samba Shares"

Access a share with smbclient and you mount a Samba share in the file system of aLinux workstation.

• "Configuring Samba as a Domain Controller"

Use YaST to configure Samba to function as a domain controller.

Create a Basic Samba Share

In this exercise, you create a Samba share.

In the first part of the exercise, configure the Samba server as a member of the digitalairlines

workgroup and to use user level security.

In the second part of the exercise, create the /srv/samba/geeko-data directory and create ashare named geeko-data.


• "Part I: Configure the Samba Server"

• "Part II: Create the [geeko-data] Share"

Part I: Configure the Samba Server

In this part of the exercise, you configure global settings for the Samba service on da-host.

Complete the following:

1. In YaST on da-host, select Network Services > Samba Server .

2. In the Workgroup or Domain Name field, type digitalairlines, then select Next.

3. Under Samba Server Type, select Not a Domain Controller , then select Next.

4. On the Start-Up tab, select the following options:

8/10/2019 3103 Workbook


• During Boot

• Open Port in Firewall (if necessary)

5. Select the Identity tab.

6. In the NetBIOS Hostname field, type da-host.

7. Select WINS Server Support.

8. Deselect Retrieve WINS Server via DHCP , then select Use WINS for HostnameResolution .

9. Select Advanced Settings > Expert Global Settings .

Confirm the warnings by clicking OK.

10.Verify that security is set to user and that printing is set to cups.

11.Select OK.

12.Select OK to close the Samba Configuration module.

Part II: Create the [geeko-data] Share

In this part of the exercise, you create a share named geeko-data that points to the

/srv/samba/geeko-data directory.


1. Create the /srv/samba/geeko-data directory on da-host.

1. At the shell prompt, (as root) enter mkdir -p /srv/samba/geeko-data.

2. Create a test file in the directory by entering touch /srv/samba/geeko-data/my_file at the shell prompt.

3. Adjust the permissions assigned to the directory and file to allow access by the

geeko user by entering chown -R geeko: /srv/samba/geeko-data/ atthe shell prompt.

2. Create the [geeko-data] share by doing the following:

1. In YaST, select Network Services > Samba Server .

2. On the Shares tab, select Add.

8/10/2019 3103 Workbook


3. On the New Share screen, enter the following information:

• Share Name: geeko-data

• Share Description: Geeko's Data Directory

• Share Path: /srv/samba/geeko-data

4. Select OK.

5. With the geeko-data share selected, select Edit.

6. On the Share geeko-data screen, select Add.

7. In the Selected Option drop-down list, select valid users; then select OK.

8. In the valid users field, enter geeko, then select OK.

9. Select OK to close the Share geeko-data dialog.

10.Select OK to close the Samba Configuration.

3. Close YaST.

4. Test the configuration of the Samba server and the [geeko-data] share by enteringtestparm at the shell prompt.

You should see no error messages.

5. Press Enter to see a dump of your share defintions.

You will use this share in a later exercise in this section.

Configure Samba to Use LDAP Authentication

In this exercise, you learn how to configure Samba to store its user accounts in the

OpenLDAP directory service your configured on da-host in the previous section of thiscourse.


Complete the following on da-host:

1. Start YaST and select Network Services > Samba Server .

2. Select the LDAP Settings tab.

8/10/2019 3103 Workbook



Configuring Samba LDAP Settings

3. Select Use LDAP Password Back-End.

4. When prompted that all values will be rewritten, select Yes to continue.

The various fields in this interface are automatically populated for you using the defaultvalues found in your server's /etc/openldap/ldap.conf file.

5. Verify that the following settings are set to the following values:

8/10/2019 3103 Workbook


• LDAP Server URL: ldap://127.0.0.1

• Use LDAP Idmap Back-End: Selected

• LDAP Server URL: ldap://127.0.0.1

• Search Base DN: dc=digitalairlines,dc=com

• Administration DN: cn=Administrator,dc=digitalairlines,dc=com

6. Type an administration password of novell.

7. Select Test Connection.

8. If the test was successful, select OK.

9. Select OK to apply your settings.

10.Verify that the LDAP integration occured correctly.

• In YaST, select Network Services > LDAP Browser .

• From the LDAP Connections drop-down list, select da-host.

• In the LDAP Server Password field, type novell.

• Select OK.

• Expand dc=digitalairlines,dc=com.

You should see the following objects and containers added:

• ou=Idmap

• ou=Machines

• ou=group

• sambaDomainName=DA-HOST

• Leave the LDAP Browser running.

11.Samba enable your geeko user.

• Open a terminal session and switch to root using the su - command and a

8/10/2019 3103 Workbook


password of novell.

• At the shell prompt, enter smbpasswd -a geeko.

• When prompted, enter a SMB password of novell.

12.Switch back to your LDAP Browser window.

13.Select Reload.

14.Expand dc=digitalairlines,dc=com.

15.Expand ou=people.

You should see the geeko user added.

16.Select the geeko user.

You should see that the geeko user has a variety of Samba-related attributes added.

17.Select Close.

Work with Samba Shares

In Part I of this exercise, you access the geeko-data share you defined earlier using thesmbclient utility.

In Part II of this exercise, you mount the geeko-data share on da-host to the file system ofyour da1server.


• "Part I: Access a Share with smbclient"

• "Part II: Mount a Share in the File System"

Part I: Access a Share with smbclient

To access a share with smbclient, complete the following:

1. Switch to your da1server.

2. If necessary, log in as your geeko user with a password of novell.

3. Open a terminal session.

4. Verify that the Samba server is responding to SMB requests by entering smbclient

8/10/2019 3103 Workbook


-L //da-host at the shell prompt.

5. When prompted for a password, press Enter.

You should see a list of shares on da-host, including the geeko-data share.

6. Access the data share by entering smbclient -U geeko //da-host/geeko-data at the shell prompt.

7. When prompted for a password, enter novell.

You should see the smb:\ prompt displayed.

8. List the content of the share by entering ls at the smb:\ prompt.

You should see the my_file file that you created earlier.

9. Copy the my_file file to the current directory by entering get my_file at the smb:\

prompt.

You should see the my_file file appear on the desktop.

10.Exit smbclient by entering exit.

11.Close your terminal window.

Part II: Mount a Share in the File System

To mount a share in the file system, complete the following:

1. On your da1 server, open a terminal window and switch to root using the su -

command and a password of novell.

2. Mount the data share in the /mnt directory by entering the following command at theshell prompt:

mount -t cifs -o username=geeko //da-host/geeko-data /mnt

When prompted for a password, enter novell.

3. At the shell prompt, enter mount.

You should see that //da-host/geeko-data is mounted on /mnt.

4. Display the content of the mounted share by entering ls /mnt/ at the shell prompt.

8/10/2019 3103 Workbook


You should see the my_file file.

5. Umount the share by entering umount /mnt at the shell prompt.

6. Optional: Create an entry in the /etc/samba/smbfstab file to mount the share using thercsmbfs start command. Test your entry using rcsmbfs start and rcsmbfs

stop .

7. Close your terminal window.

Configuring Samba as a Domain Controller

In this exercise, you configure the Samba service on da-host as a Primary Domain Controllerfor the DigitalAirlines domain.



1. Switch to your da-host workstation.

2. If necessary, log in as geeko with a password of novell.

3. Start YaST and select Network Services > Samba Server .

4. Select the Identity tab.


Viewing the Identity Tab

8/10/2019 3103 Workbook


5. To make the Samba server a domain controller, select Primary (PDC) from the Domain

Controller drop-down list.

6. Select OK.

A dialog to create an administrative account appears.

7. In the fields provided, type a password of novell for the Samba root user, then selectOK.

8. Close YaST.

8/10/2019 3103 Workbook


9. Check the configuration by opening a terminal window on da-host and entering

smbclient -L //da-host.

10.When prompted for a password, press Enter.

You should see that the netlogon share has been enabled and that the server is now a

master for the digitalairlines domain.

It may take a few moments for da-host to appear as master. If no master server is

listed in the output of the command, wait a moment and enter the command again.

11.Create a workstation account in the domain for a hypothetical Windows XP

workstation named WS1.

1. At the shell prompt on da-host, switch to root using the su - command and apassword of novell.

2. At the shell prompt, enter groupadd machines.

3. At the shell prompt, create a user account named WS1 in /etc/passwd by

entering the following command:

useradd -g machines -d /var/lib/nobody -c "WS1 Windows XP

Workstation" -s /bin/false ws1$

4. Samba enable the machine account by entering the following command at the

shell prompt:

smbpasswd -a -m ws1

When you do, the machine account ws1$ is added to your Samba accountdatabase.

5. Start the YaST LDAP Browser module and verify that the ws1$ machine

account was created in the ou=Machines container.

Configure a Web Server


• "Configure a Virtual Host"

Configure a virtual host on your Apache Web server.

• "Configure User Authentication"

8/10/2019 3103 Workbook


Configure your virtual host to use basic authentication.

• "Configure SSL for a Virtual Host"

Configure your virtual host to use SSL encryption.

• "Test PHP"

Install and test PHP on your Apache Web server.

Configure a Virtual Host

In this exercise, you configure virtual hosts for the accounting.digitalairlines.com and thehr.digitalairlines.com Web sites on your da-host server.

Create their document roots in /srv/www/accounting and /srv/www/hr, and their

accounting.conf and hr.conf configuration files in the /etc/apache2/vhosts.d/ directory.

Change /etc/apache2/listen.conf to support name-based virtual hosting and include the twodomains in /etc/hosts, pointing to 172.17.8.1.


Complete the following on da-host:

1. In the YaST Control Center, select Software > Software Management .

2. From the Filter drop-down list, select Patterns.

3. Mark the Web and LAMP Server pattern and click Accept.

4. In the Automatic Changes screen, select Continue.

Wait while the packages are installed.

5. When installation is complete, close YaST.

6. Open a terminal window and switch to root using the su - command and a passwordof novell.

7. Open the /etc/apache2/listen.conf file in an editor and remove the comment sign in

front of the line

NameVirtualHost *:80

Save the file and close the editor.

8. Create directories for the virtual hosts by entering the following (as root) at the shell

8/10/2019 3103 Workbook


prompt:

mkdir /srv/www/accounting

mkdir /srv/www/hr

9. Using an editor of your choice, as root create the At the shell prompt, enter vi/srv/www/accounting/index.html file with the following content:

<html>

<head>

<title>Accounting Intranet

Server</title>

</head>

<body>

<h1>Accounting Intranet</h1>

Under construction.

</body>

</html>

Save the file and close the editor.

Create a /srv/www/hr/index.html file with similar content for the hr web site.

NOTE: You can use the accounting-index.html and hr-index.html files from theExercises/Section_05 directory on the Student DVD.

10.In the terminal window, as root change to the /etc/apache2/vhosts.d/ directory and

copy the virtual host template file by entering

cp vhost.template accounting.conf

11.Edit the accounting.conf file so it looks like the following:

<VirtualHost _default_:80>

ServerAdmin

[email protected]

8/10/2019 3103 Workbook


ServerName

accounting.digitalairlines.com

DocumentRoot /srv/www/accounting

ErrorLog

/var/log/apache2/accounting.digitalairlines.com-error_log

CustomLog

/var/log/apache2/accounting.digitalairlines.com-access_log

combined

UseCanonicalName On

ScriptAlias /cgi-bin/ "/srv/www/cgi-

bin"

<Directory "/srv/www/cgi-bin">

AllowOverride None

Options +ExecCGI -Includes

Order allow,deny

Allow from all

</Directory>

<Directory "/srv/www/accounting/">

Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

12.Copy the accounting.conf file to hr.conf and edit it so it fits the requirements of the

hr.digitalairlines.com domain.

NOTE: You can find the accounting.conf and hr.conf configuration files in theExercises/Section_05 directory on the Student DVD.

13.For testing purposes, add accounting.digitalairlines.com and hr.digitalairlines. com to

8/10/2019 3103 Workbook


the /etc/hosts file.

As root, open the /etc/hosts file in an editor of your choice, and add the following linesat the bottom of the file:

172.17.8.1 accounting.digitalairlines.com accounting

172.17.8.1 hr.digitalairlines.com hr

14.Test the syntax of your configuration file by entering apache2ctl configtest atthe shell prompt.

The command should return a Syntax OK message. If not, inspect your configurationto identify and fix any errors. (If you see a "Could not open configuration file

/etc/apache2/sysconfig.d/include.conf" message you can ignore it, as this file will be

created automatically when Apache is started in the next step.)

15.Start the Apache daemon by entering rcapache2 start at the shell prompt.

16.Make sure Apache starts automatically using the command insserv apache2.

17.Test your virtual host.

1. Start Firefox on da-host by selecting Computer > Firefox.

2. Access the Accounting virtual host by entering

http://accounting.digitalairlines.com/ in the URL field of the Firefox browser.

You should see the Accounting Intranet page that you created earlier.

3. Access the HR virtual host by entering http://hr.digitalairlines.com/ in the URL

field of the Firefox browser.

You should see the HR Intranet page that you created earlier.

4. Close Firefox and any open terminal windows.

Configure User Authentication

In this exercise, you configure user authentication for the Accounting virtual host you set up in

the previous exercise.



8/10/2019 3103 Workbook


1. Create your htpasswd file and add the geeko user to it by doing the following:

1. Open a terminal session and change to your root user account by entering su -

followed by a password of novell.

2. At the shell prompt, enter

htpasswd2 -c /etc/apache2/htpasswd geeko


4. At the shell prompt, enter cat /etc/apache2/htpasswd.

You should see that the geeko record with an encrypted password has been

added to the file.

5. Add a user named tux to the file by entering the following:

htpasswd2 /etc/apache2/htpasswd tux


2. Edit your accounting.conf virtual host configuration file and configure it to use basicauthentication by doing the following:


vi /etc/apache2/vhosts.d/accounting.conf

2. Within the <Directory "/srv/www/accounting/"> directive, add the following lines:

AuthType Basic

AuthName "Accounting

Intranet"

AuthUserFile

/etc/apache2/htpasswd

Require user geeko

3. Save your changes and exit the editor.

4. Check the syntax of the configuration file by entering apache2ctl

configtest at the shell prompt.

8/10/2019 3103 Workbook


The command should return a Syntax OK message. If not, check your

configuration file for errors and then run the command again.

3. Reload the Apache daemon by entering rcapache2 reload at the shell prompt.

4. Test the configuration by doing the following:

1. Open Firefox on the server desktop by selecting Computer > Firefox.

2. In the URL field, enter http://accounting.digitalairlines.com.

You should see an Authentication Required window, as shown below:

Authenticating to Apache

Notice the value of the AuthName parameter is displayed in the Authentication

Required window.

8/10/2019 3103 Workbook


1. Authenticate as tux with a password of novell.

The authentication should fail and the Authentication Required window shouldbe redisplayed.

2. Authenticate as geeko with a password of novell.

Because geeko was defined as a required user, authentication is granted to theaccounting Web site.

2. Close your browser window and any open terminal windows.

Configure SSL for a Virtual Host

In this exercise, you add SSL encryption to the Accounting virtual host you configuredpreviously on your da-host workstation.



1. Open a terminal session on da-host and switch to root using the su - command and

a password of novell.

2. Create the /tmp/random file.


cat /dev/random > /tmp/random

2. Press keys on the keyboard and move the mouse to generate random events.This will help create the random file. You can control the size of the generated

file in another terminal window with the ls -l /tmp/random command.

3. Stop the process after a few minutes by pressing Ctrl+c.

3. Generate a server key.

1. At the shell prompt, enter the following command:

openssl genrsa -des3 -out /tmp/accounting.key -rand

/tmp/random 1024

2. When prompted for a pass phrase, enter novell.

You should see output similar to the following:

8/10/2019 3103 Workbook


Generating the Server Key

4. Sign the key.

1. At the shell prompt, enter the following command:

openssl req -new -x509 -key /tmp/accounting.key -out

/tmp/accounting.crt

2. When prompted for a passphrase, enter novell.

3. When prompted, type the following information:

Option Value

Country Name US

State or Province Name Utah

Locality Name Provo

Organization Name Digital Airlines

Organizational Unit Name Accounting

Common Name accounting.digitalairlines.com

Email Address [email protected]

5. Copy the files by entering the following commands at the shell prompt:

8/10/2019 3103 Workbook


cp /tmp/accounting.key /etc/apache2/ssl.key/

cp /tmp/accounting.crt /etc/apache2/ssl.crt/

6. Modify the file system permissions for the accounting.key file such that the file ownerhas read access but all others have no access by entering the following commands at

the shell prompt:

chmod 400 /etc/apache2/ssl.key/accounting.key

7. Modify your virtual host configuration file to support SSL.

1. At the shell prompt, enter vi/etc/apache2/vhosts.d/accounting.conf.

2. Change the following lines:

Old Value New Value

<VirtualHost _default_:80> <VirtualHost _default_:443>

ServerName

accounting.digitalairlines.com

ServerName

accounting.digitalairlines.com:443

3. Add the following lines after the ServerName directive (you can copy most ofthem from /etc/apache2/vhosts.d/vhost-ssl.template):

SSLEngine on

SSLCipherSuite ALL:!ADH:!

EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile

/etc/apache2/ssl.crt/accounting.crt

SSLCertificateKeyFile

/etc/apache2/ssl.key/accounting.key

NOTE: The SSLCipherSuite directive and its value should be on one line.

4. Save your changes to the file and close the editor.

8. Edit your /etc/sysconfig/apache2 file to support SSL.

1. At the shell prompt, enter vi /etc/sysconfig/apache2.

8/10/2019 3103 Workbook


2. Make the following changes to the file:

APACHE_SERVER_FLAGS="SSL"

APACHE_START_TIMEOUT="10"

3. Save your changes to the file and close the editor.

9. Check the syntax of the configuration file by entering apache2ctl configtest at

the shell prompt.

The command should return a Syntax OK message. If not, check your configuration

file for errors and run the command again.

10.Restart Apache by entering rcapache2 restart at the shell prompt.

11.When prompted for the passphrase, enter novell.

You should see output similar to the following:

Starting Apache with SSL Enabled

12.As the pass phrase has to be entered every time the Apache daemon starts, you canprevent the Web server from being started automatically at boot by entering insserv

-r apache2 at the shell prompt.

13.Test the SSL configuration by doing the following:

1. Start Firefox on the server desktop.

2. In the URL field of the Firefox browser, enterhttps://accounting.digitalairlines.com/.

8/10/2019 3103 Workbook


You should see a message warning you of a self-signed certificate and after

clicking OK a screen similar to the following:

Testing the SSL Configuration

3. Select Or You Can Add An Exception, then select Add Exception.

4. On the Add Security Exception screen, select Get Certificate.

8/10/2019 3103 Workbook


8/10/2019 3103 Workbook


6. Close Firefox and all open terminal windows.

Test PHP

In this exercise, you test PHP on da-host by creating a file that calls the phpinfo() function.Basic PHP functionality is already installed with the LAMP pattern.



1. Start YaST and select Software > Software Management .

2. From the Filter menu, select Search.

3. Enter php in the Search field; then select Search.

4. Verify that the apache2-mod_php5 and php5 packages have been installed and if theyhaven't, install them.

5. Create a test PHP file by doing the following:

1. Open a terminal session and switch to root using the su - command and apassword of novell.

2. At the shell prompt, enter vi /srv/www/hr/php_info.php and add the

following lines to the file:

<?PHP

phpinfo();

?>

3. save your changes and close the editor.

4. Open Firefox on the server desktop and enter

http://hr.digitalairlines.com/php_info.php.

You should see the PHP version information page displayed.

6. Close your browser window and all terminal windows.

8/10/2019 3103 Workbook


Internet Protocol Version 6 (IPv6)


• "Configure IPv6"

Configure and use different aspects of IPv6.

Configure IPv6

In this exercise, you configure and use different aspects of IPv6.

This exercise has two parts.

In the first part you ping6 da1 from da-host, using the link local IPv6 address. In the second

part, you set a globally unique IPv6 address and configure the router advertisement daemonto distribute your IPv6 prefix to other machines.

Detailed Steps to Complete this Exercise

• "Part I: Use Link Local Addresses to ping6 Other Hosts."

• "Part II: Set up radvd"

Part I: Use Link Local Addresses to ping6 Other Hosts.

To use the link local address, do the following:

1. If necessary, start the VMware player and the da1 virtual machine.

2. Log in to da1 as geeko, open a terminal window and su - to root (password: novell).

3. In the terminal window on da1, enter ip address show and note the IPv6 link local

address of the eth0 interface ( inet6 fe80... scope link ).

4. On your host da-host, log in as geeko, open a terminal window, and su - to root(password: novell).

5. In the terminal window on da-host, enterip address show

and note the IPv6 linklocal address of the vmnet1 interface.

vmnet1 is the VMware interface that is used to connect to da1 using a host-onlynetwork.

6. Ping your own interface using the command

ping6 -I vmnet1 ipv6_address_of_vmnet1

8/10/2019 3103 Workbook


Stop the ping6 by enetering Ctrl+c.

7. Ping da1 using the IPv6 address established in step 3 and the command

ping6 -I vmnet1 ipv6_address_of_eth0-da1

Stop the ping6 by enetering Ctrl+c.

Part II: Set up radvd

This exercise you set an IPv6 address and configure radvd on da1.

Do the following:

1. On da1, in a terminal window as root, install the radvd package using the command

yast2 -i radvd

2. On da1, add an IPv6 address (from the range reserved for examples and

documentation) to the eth0 interface with the command

ip address add 3fff:ffff::1/64 dev eth0

3. View the IPv6 addresses of the eth0 interface with the command

ip address show dev eth0

The address you just added has the scope "global."

4. In an editor, open the /etc/radvd.conf file and scroll down to the following lines.

#

# example of a standard prefix

#

prefix 2001:db8:1:0::/64

5. Change the line beginning with prefix to read

prefix 3fff:ffff::/64

6. Add the following lines to the section below your prefix:

AdvPreferredLifetime 120;

8/10/2019 3103 Workbook


AdvValidLifetime 300;

The whole section should look now like the following:

#

# example of a standard prefix

#

prefix 3fff:ffff::/64

{

AdvOnLink on;

AdvAutonomous on;

AdvRouterAddr off;

AdvPreferredLifetime 120;

AdvValidLifetime 300;

};

7. Delete all lines below the above section, with the exception of the last line that reads

};


9. Turn on IPv6 routing on da1 with the command

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

10.Start radvd with the command

rcradvd start

11.On da-host, in a terminal window, enter

ip -6 a s dev vmnet1

You should see that the interface has now an additional IPv6 address with the prefix3fff:ffff and the scope "global dynamic."

8/10/2019 3103 Workbook


12.On da-host, ping6 da1 using the IP address you added in step 1 with the command

ping6 3fff:ffff::1

13.From da-host, log in to da1 using the IP address you added in step 1 with thecommand

ssh 3fff:ffff::1

Enter yes when prompted and the password novell.

You are logged in to da1.

14.Log out from da1 by entering exit.

Perform a Health Check and Performance Tuning


• "Analyze System Performance"

Analyze system performance and reduce resource utilization.

Analyze System Performance

In this exercise, you analyze system performance and reduce source utilization.

In the first four parts, you analyze processor, memory, hard disk, and network utilization.

In the fifth part, you reduce the resource utilization of a SUSE Linux Enterprise Server 11system.

Detailed Steps to Complete this Exercise

• "Part I: Analyze Processor Utilization"

• "Part II: Analyze Memory Utilization"

• "Part III: Analyze Hard Disk Utilization"

• "Part IV: Analyze Network Utilization"

• "Part V: Reduce Resource Utilization"

8/10/2019 3103 Workbook


Part I: Analyze Processor Utilization

Do the following:

1. Make sure that you have installed the C/C++ Compiler and Tools software pattern aswell as the kernel-source package.

If these packages are not installed, install them with the YaST software installer.

2. Open a terminal window.

3. Enter top.

Watch the information about the system load and the process list for a few moments.

4. Open a second terminal window and su - to root.

5. Enter the following commands:

cd /usr/src/linux make cloneconfig

NOTE: If the /usr/src/linux directory does not exist, you need to install the kernel-

source package.

6. When the second command finishes, start a Linux kernel compilation by entering make

bzImage.

The compilation generates a high load on the system.

7. At the first terminal window, watch the load numbers.

Notice that the load values are constantly rising. The three values differ as they displaythe average of three different periods of time.

8. Wait until the load average of the last minute value has reached 1, then quit thecompilation process in the second terminal window by pressing Ctrl+C.

9. At the second terminal window, restore the initial state by entering make clean.

10.At the first terminal window, watch the load values for a few moments.

Notice that the values decrease.

11.End the top program by typing q.

8/10/2019 3103 Workbook


Part II: Analyze Memory Utilization

Do the following:

1. If servers are running in VMware, shut them down.

2. Make sure that the sysstat package is installed:

rpm -q sysstat || yast2 -i sysstat

3. Reboot your system and add the mem=256m kernel parameter at the boot prompt.

This reduces the amount of available main memory to make it easier to demonstrateswapping.

NOTE: If you have Xen installed, select the regular option at the boot prompt and not

the Xen system.

4. Log in, open two terminal windows, and su - to root in both terminals.

5. At the first terminal window, enter vmstat 1.

6. Watch the vmstat output for a few moments, especially the si (swap in) and so (swapout) columns.

7. At the second terminal window, enter

cd /usr/src/linux .

make -j 20 bzImage

8. At the first terminal window, watch the so and si columns for a few minutes.

9. At the second terminal window, stop the make process by pressing Ctrl+C.

10.At the first terminal window, watch as the swap activity declines.

11.Terminate the command vmstat by pressing Ctrl+C.

12.At the second terminal window, enter

make clean.

13.Reboot your system without the mem parameter to make the full installed main

memory available again.

8/10/2019 3103 Workbook


Part III: Analyze Hard Disk Utilization

Do the following:

1. Open two terminal windows and su - to root in both terminals.

2. Install the bonnie file system benchmark by entering in one of the terminals

yast2 -i bonnie

3. At the first terminal window, enter the following:

iostat -x 2 /dev/sda

If your root partition is on a different device than sda (such as sdc), adjust thecommand accordingly.

4. Watch the output of iostat for a while, particularly the await and svctm columns.

5. In the second terminal window, enter

bonnie -s 1024.

6. Watch the iostat values in the await and svctm columns.

Notice that both values are rising due to high disk utilization caused by the bonnie

command.

7. At the second terminal window, stop bonnie by pressing Ctrl+c.

8. Watch how the await and svctm times decrease again.

9. End iostat by pressing Ctrl+c.

10.Close both terminal windows.

Part IV: Analyze Network Utilization

Do the following:

1. If your da1 server is not running start the VMware player and the da1 server.

2. On da-host, make sure that the kdebase4-workspace package is installed on yoursystem:

rpm -q kdebase4-workspace || yast2 -i kdebase4-workspace

8/10/2019 3103 Workbook


If it is not installed, the above command will install several KDE packages that are

required by the kdebase4-workspace package.

3. Open a terminal window and su - to root.

4. Enter ksysguard.

5. On the menu bar, select File > New Worksheet.

6. Specify a title of Network.

7. Select 2 rows and 1 columns.

8. Select OK.

9. On the right side of the KDE System Guard window, browse to Network > Interfaces >

vmnet1.

10.Open Receiver and Transmitter.

11.Drag the Packets sensor from the Receiver and drop it into the upper part of theNetwork worksheet.

12.For the display mode, select Line Graph.

13.Drag the Packets sensor from the Transmitter and drop it in the lower part of the

Network worksheet.

14.For the display mode, select Line Graph.

15.Watch the network activity for a few moments.

16.Open a terminal window and su - to root.

17.Produce some network load with the da1 system by entering the following:

ping -f da1.digitalairlines.com

18.Watch the network load rise in the receiver and the transmitter.

19.Terminate the ping command by pressing Ctrl+c.

20.Close the terminal window.

21.Watch how the network load goes down again.

8/10/2019 3103 Workbook


22.Close the KDE System Guard window.

Part V: Reduce Resource Utilization

Do the following:

1. On da1, log out of the Gnome desktop environment and reboot your da-1 system.

2. When the GDM login appears within the VMware player, change to a text console bypressing Ctrl+Alt, and, while Ctrl+Alt are still pressed, press Space and then F2.

3. On the text console, log in as root.

4. Enter free.

Note the amount of free physical memory:

5. Reboot your da1 system by entering reboot.

At the boot prompt, enter 3.

The system boots to runlevel 3.

6. Log in as root, then enter free.

7. Compare the amount of free physical memory with the number you noted earlier.

Notice that runlevel 3 uses less memory than runlevel 5.

NOTE: The success of this depends on the amount of free memory you have available

on your hardware.

8. Switch to runlevel 5 by entering init 5.

9. Log in as geeko with a password of novell.

Create Shell Scripts

Introduction

The exercises in this section have a different format than the other ones you know in this

course.

Developing shell scripts is mainly a creative task. Therefore, you won't find detailed, step-by-

step instructions here. Instead, more general goals are defined and you are free to find yourown solution.

8/10/2019 3103 Workbook


If you need help at any point, refer to the corresponding section of the course manual. The

exercises are based on the course project (backup script). You can also find all examplescripts on the course DVD.

Some parts of the exercises are marked as optional. These parts are not covered in thecourse manual, and they should be seen as challenge and inspiration for further

improvements.

In this section of the workbook, you can find the following exercises:

• "Create a Simple Shell Script"

Create your first shell script.

• "Use Variables and Command Substitution"

Use variables and command substitution.

• "Use an if Control Structure"

Expand the backup script with the use of an if control structure.

• "Use a while Loop"

Use a while loop to iterate through the positional parameters included on the commandline.

• "Use Arithmetic Operators"

Use arithmetic operators

• "Read User Input"

Read user input and process the input in your script

• "Use Arrays"

Use arrays

• "Use rsync to Keep Versions of Files"

Use rsync to keep past versions of your files.

• "Use Shell Functions"

Use shell functions.

8/10/2019 3103 Workbook


Create a Simple Shell Script

In this exercise, you create your first shell script.

Do the following:

Open a text editor a create a shell script that backs up the /home/geeko directory to the /backup directory. The script should also print a message when it's started.

Make sure that the script can be directly executed at the command line.

Execute the script and correct any errors. As root create the /backup directory and make sure

geeko can write to it. As geeko user, run the script again.

Use Variables and Command Substitution

In this exercise, you use variables and command substitution.

Do the following:

Enhance the script by defining a NAME variable with the value "geeko" and replacingoccurrences of the username reference with the content of this variable.

Change the rsync command to be more verbose and redirect the output of rsync to the

/backup/backup-log_YYYYMMDD-hhmm file.

Use an if Control Structure

In this exercise, your learn how to use an if control structure.

Do the following:

In addition to having your script write a log and an error log file, have the script mail thesefiles to the user geeko, depending on the return value of the rsync command.

Optional: Do the same with a case statement.

Use a while Loop

In this exercise, you use a while loop to iterate through the positional parameters included on

the command line.

Do the following:

Change the script to back up each file or directory given on the command line as parametersto the backup script. Use the shift command and a while loop to process each of the

positional parameters $1, $2, etc.

8/10/2019 3103 Workbook


See the manual for details and an example script.

Optional: Do the same, but use an until loop instead.

Optional: Do the same, but use a for loop instead.

Use Arithmetic Operators

In this exercise, you use arithmetic operators.

Do the following:

Modify your script so that the number of parameters is used to determine if the while loop isrun through or not. Use $#, which contains the number of parameters on the command line

and a counter that counts the iterations through the while loop.

Optional: Use an until loop instead of a while loop.

Read User Input

In this exercise, you read user input and process the input in your script.

Do the following:

Modify your script in the following way: Instead of processing files and directories entered onthe command line, ask the user to type the files and directories he wants to back up. Back up

the files and directories to the /backup directory.

Optional: Change the script to allow the user to enter filenames that contain spaces.

Use Arrays

In this exercise, you use arrays.

Do the following:

Let your script read the directories the user wants to back up into an array. Then use the

array to back up those directories.

Use rsync to Keep Versions of Files

In this exercise, you use rsync to keep past versions of your files.

Do the following:

Create a script that creates an initial backup to a /backup/YYYYMMDD-hhmm directory.

8/10/2019 3103 Workbook


Instead of creating a full backup on each subsequent run of the script, let rsync create hard

links to files in the previous backup if the files have not changed, using the --link-dest= optionof rsync.

Remove old backup directories so that there are not more than a certain number of backupdirectories.

Create a cron job that calls the script at regular intervals, such as every two hours.

Use Shell Functions

In this exercise, you learn how to use shell functions.

Do the following:

1. Review the following function:

# Prompt the user to answer with "yes" or "no".

# The question itself is supplied as an

argument

# when calling the function, for

example:

# "yesno Do you want to continue?"

yesno (){

while true

do

echo -e "$*"

echo "Please answer by entering (y)es or

(n)o:"

read ANSWER

case "$ANSWER" in

[yY] | [yY][eE][sS] )

return 0

;;

[nN] | [nN][oO] )

return 1

8/10/2019 3103 Workbook


;;

* )

echo "I cannot understand you over

here."

;;

esac

done }

This function asks the user to enter y or n. Depending on the answer, the functionreturns 0 or 1. If the answer is wrong, an error message is displayed.

The command echo "$*" is used to print a question, which is passed as a parameter

to the function.

2. Integrate the above yesno function in the backup script from exercise "Use Arrays", sothat the directories to back up are displayed for confirmation before they are backed

up.

Use the yesno function to interpret the user's answer. On "yes," start the backup. On"no," have the user choose the directories again.

Hint: Use an if structure to interpret the return value of the yesno function.

Deploy SUSE Linux Enterprise 11


• "Set Up an Installation Server"

Set up an installation server and an add-on repository.

• "Set Up PXE Boot for installations"

Set up a TFTP server, fill the /tftpboot directory with the files needed for PXE boot andset up a DHCP server.

• "Create an AutoYaST Control File"

Create an AutoYaST control file by using the Create Reference Profile feature of the

YaST AutoYaST module.

8/10/2019 3103 Workbook


• "Activate PXE Booting and Install SUSE Linux Enterprise Server"

Boot your machine using PXE and start the installation of SUSE Linux EnterpriseServer 11.

Set Up an Installation Server

In this exercise, you set up an installation server and an add-on repository.

In the first part, copy the files of the installation DVD to a directory and make this directoryaccessible over the network using NFS.

In the second part, prepare an add-on products repository to allow the installation ofadditional RPMs.


• "Part I: Prepare the Installation Repository"

• "Part II: Set Up an Add-on Products Repository"

Part I: Prepare the Installation Repository

To prepare the installation repository, do the following on da-host:


2. Create the /srv/install-repo/sles11/CD1 directory using the command

mkdir -p /srv/install-repo/sles11/CD1

3. Insert the SUSE Linux Enterprise Server 11 DVD, then copy the content of the DVD to

the directory you just created using the command

cp -a /media/SUSE_SLES-11-0-0.001/* /srv/install-repo/sles11/CD1

NOTE: Some steps in this exercise refer to the /srv/install-repo/sles11/CD1 directoryas the root of the installation directory.

4. As copying the content will take some time, open another terminal window, su - to

root (password: novell).

5. Edit the /etc/exports file to add the following line:

/srv/install-repo/sles11 *(ro,sync,no_subtree_check)

6. Restart the NFS server using the command

8/10/2019 3103 Workbook


rcnfsserver restart

7. Make sure the NFS server is started every time the system starts up by entering

insserv nfsserver

NOTE: You can also use the YaST Installation Server module to accomplish the above.

Part II: Set Up an Add-on Products Repository

To add a repository for add-on products or RPMs of your own, do the following:

1. At a terminal window as root, install the inst-sourc-utils package if not yet installed,using the command

rpm -q inst-source-utils || yast -i inst-source-utils

2. Create the directory structure for the files you want to make available, using thecommand

create_update_source.sh /srv/install-repo/sles11/CD1

3. Explore the directory structure created in the /srv/install-repo/sles11/CD1/updates/directory using ls.

4. Create the /srv/install-repo/sles11/CD1/updates/suse/i586 directory using the mkdir

command.

5. Insert the Student DVD from your Student Kit into the DVD drive and copy theExercises/Section_09/tree-1.5.1-2.8.i586.rpm file from the Student DVD to the

/srv/install-repo/sles11/CD1/updates/suse/i586 directory.

6. Change to the /srv/install-repo/sles11/CD1/updates/suse/ directory and run thecommand

create_package_descr -x setup/descr/EXTRA_PROV

7. Change to the /srv/install-repo/sles11/CD1/updates/suse/setup/descr/ directory.

8. View the content of the packages, packages.en, and packages.DU files in the

/srv/install-repo/sles11/CD1/updates/suse/setup/descr/ directory using cat.

9. In the /srv/install-repo/sles11/CD1/updates/suse/setup/descr/ directory run

ls > directory.yast

8/10/2019 3103 Workbook


10.Change to the /srv/install-repo/sles11/CD1/updates/ directory and run the command

create_sha1sums -x -n .

(Note the dot at the end of the command for the current directory.)

11.View the content file using cat.

12.Look up your current IP address of the physical interface connected to othercomputers in your network (usually eth0) using the ip address show command and

record it here:

IP address:

13.Change to the /srv/install-repo/sles11/CD1/ directory (the root of the installationrepository).

14.In the root of the installation repository, use a text editor to create an

add_on_products.xml file with the following content:

<?xml version="1.0"?>

<add_on_products

xmlns="http://www.suse.com/1.0/yast2ns"

xmlns:config="http://www.suse.com/

1.0/configns">

<product_items config:type="list">

<product_item>

<name>SLES11 Add-ons</name>

<url>nfs://your_ip/srv/install-

repo/sles11/CD1/updates</url>

<path>/</path>

<ask_user

config:type="boolean">false</ask_user>

<selected

config:type="boolean">true</selected>

</product_item>



<product_item />

8/10/2019 3103 Workbook


</product_items>

</add_on_products>

15.Save the file and close the editor.

16.Create a SHA1SUMS file, containing the SHA1 hash value of the file you just created,

using the command

sha1sum add_on_products.xml > SHA1SUMS

17.Create a gpg public private key pair using the command

gpg --gen-key

Use the default values and answer the questions (name, e-mail address, comment)

appropriately. For the purposes of this exercise you can use a simple password like"secret".

If you get a "Can't connect to '/root/.gnupg/S.gpg-agent'" message, switch to a textconsole (Ctrl+F1), log in as root, enter the gpg command as above, then switch back

to the graphical interfacd (Ctrl+F7).

18.Sign the SHA1SUMS file with the command

gpg -b --sign --armor SHA1SUMS

or

gpg -b --sign --armor -u your_keyID > SHA1SUMS

with, for instance, the e-mail address you entered in Step 17 as your_keyID.

This will create the SHA1SUMS.asc file.

If you get a "Can't connect to '/root/.gnupg/S.gpg-agent'" message, switch to a textconsole (Ctrl+F1), log in as root, change to the /srv/install-repo/sles11/CD1 directory,

enter the gpg command as above, and switch back to the graphical interfacd (Ctrl+F7).

19.Export your GPG public key to the SHA1SUMS.key file, using the following command(with, for instance, the e-mail address you entered in Step 17 as your_keyID):

gpg --export --armor your_keyID > SHA1SUMS.key

20.Create an updated directory.yast file in the root of your installation repository with the

command

8/10/2019 3103 Workbook


ls > directory.yast

21.Sign the content file created in Step 10 :

cd updates/

gpg -b --sign --armor content

This will create the content.asc file.

If you get a "Can't connect to '/root/.gnupg/S.gpg-agent'" message, switch to a textconsole (Ctrl+F1), log in as root, change to the /srv/install-repo/sles11/CD1/updates

directory, enter the gpg command as above, and switch back to the graphical interfacd(Ctrl+F7).

22.If you want to use a different name or location for the updates directory, such as add-ons or /srv/install-repo/sles11/add-ons, proceed as follows:

1. Rename the updates directory using the mv command.

2. Edit <url>...</url> entry in the add_on_products.xml file to reflect the new nameor location of the repository.

3. Create a new SHA1SUMS file in the root directory of the installation repository,using the command

sha1sum add_on_products.xml > SHA1SUMS

4. Sign the SHA1SUMS file as in Step 18 , overwriting the existingSHA1SUMS.asc file.

23.To include your GPG public key in the initrd, enter the following commands:

cd /tmp

cp /srv/install-repo/sles11/CD1/SHA1SUMS.key my-key.gpg

cp /srv/install-repo/sles11/CD1/boot/i386/loader/initrd .

mv initrd initrd.gz

gunzip initrd.gz

find my-key.gpg | cpio -o -A -F initrd -H newc

gzip initrd

8/10/2019 3103 Workbook


You will copy the new initrd.gz file you just created to the /tftpboot directory in a later

exercise.

Set Up PXE Boot for installations

In this exercise, set up a TFTP server, fill the /tftpboot directory with the files needed for PXE

boot, and set up a DHCP server.

In the first part, install the tftp package and configure xinetd to listen on port 69 for TFTPrequests.

In the second part, copy the files needed for PXE boot to the /tftpboot directory and create a

default pxelinux configuration file that can be used to install clients.

In the third part, you work together with another student. Install the dhcp-server package andconfigure the DHCP server to provide an IP address to your partner's computer and any other

needed information to boot the partner's computer using PXE.

In the fourth part, test your setup.


• "Part I: Install and Configure TFTP"

• "Part II: Configure pxelinux"

• "Part III: Configure the DHCP Server"

• "Part IV: Test Your Setup"

Part I: Install and Configure TFTP

To configure TFTP, do the following:


2. Install the tftp package using the command

yast -i tftp

3. Create the directory to hold the files that will be served by the TFTP server by enteringthe command

mkdir /tftpboot

4. Edit the /etc/xinetd.d/tftp file to put a comment sign in front of the line disable = yes and

8/10/2019 3103 Workbook


add -r blksize to the server_args line.

The file should then look similar to the following:

# default: off

# description: tftp service isprovided primarily for

# booting or when a router need an

upgrade. Most sites

# run this only on machines acting as

"boot servers".

service tftp

{

socket_type = dgram

protocol = udp

wait = yes

user = root

server =

/usr/sbin/in.tftpd

server_args = -s /tftpboot -r

blksize

# disable = yes

}

5. Start xinetd using the command

rcxinetd start

6. Make sure xinetd is started every time the system starts up by entering

insserv xinetd

Part II: Configure pxelinux

To configure pxelinux, do the following:

8/10/2019 3103 Workbook



2. Install the syslinux package using the command

rpm -q syslinux || yast -i syslinux

3. Create the /tftpboot/pxelinux.cfg directory.

4. Copy the /usr/share/syslinux/pxelinux.0 file to /tftpboot, then do the same with the linuxand message files from the /srv/instal-repo/sles11/CD1/boot/i386/loader/ directory.

Copy the initrd.gz you created in Step 23 file to the /tftpboot directory using the

command

cp /tmp/initrd.gz /tftpboot/initrd

5. Using an editor, create a /tftpboot/pxelinux.cfg/default file that contains the following:

default harddisk

# SLES11

label SLES11

kernel linux

append initrd=initrdinstall=nfs://your_IP/srv/install-repo/sles11/CD1

# hard disk (default)

label harddisk

localboot 0

implicit 0

display message

prompt 1

timeout 100

8/10/2019 3103 Workbook


Adapt the IP address of the NFS server according to your setup and make sure that

the options after append are written in one line.

6. Edit the file /tftpboot/message to match your default file.

It should look similar to the following:

To boot from harddisk, just press <return>.

Available boot options:

SLES11 - Installation of SLES11

Part III: Configure the DHCP Server

To configure the DHCP server, do the following:


2. In the main menu of YaST, select Software > Software Management .

3. Search for dhcp, select dhcp-server from the search results, then select Accept.

4. If additional packages need to be installed, select Continue.

5. Edit the /etc/sysconfig/dhcpd file and add the name of your interface to the

DHCPD_INTERFACE parameter.

The line should look like the following:

DHCPD_INTERFACE="eth0"

6. Look up your current IP address on eth0 using the ip address show command and

record it here:

IP address:

7. Get the following values from your partner,

Partner's computer IP address:

Corresponding MAC address:

NOTE: You can ping your partner's IP address and then use the arp command in aterminal window to find out the MAC address of his network interface card.

8/10/2019 3103 Workbook


8. Edit the /etc/dhcpd.conf file by adding the values established in the previous step in the

host declaration as shown below.

This will make sure that your DHCP server distributes an IP address only to your

partner's computer and does not interfere with other students.

Your /etc/dhcpd.conf should look similar to the following:

#

# /etc/dhcpd.conf

#

ddns-update-style none;

#

# specify default and maximum lease

time

#

default-lease-time 600;

max-lease-time 7200;

#

# What is the DNS domain and where is

the name server?

#

option domain-name

"digitalairlines.com";

option domain-name-servers

172.17.8.101;

#

# This is a router - adapt to yournetwork

#

option routers 172.17.8.1;

#

# A subnet

8/10/2019 3103 Workbook


# (Use the values that fit your eth0

device)

#

subnet 172.17.0.0 netmask 255.255.0.0

{

}

#

# This dhcp server serves just one

machine

# Use the values established in the

previous step

#

host da49 {

fixed-address 172.17.8.149;

hardware ethernet 00:11:22:33:44:55;

}

#

# Parameters necessary for bootp and

PXE

#

allow bootp;

# your machine's IP:

next-server 172.17.8.110;

server-name "da-

host.digitalairlines.com";

filename "pxelinux.0";

9. Start the DHCP server with the rcdhcpd start command and watch for any error

messages and correct your /etc/dhcpd.conf file as needed.

10.Make sure the DHCP server is started every time the system starts up by entering

8/10/2019 3103 Workbook


insserv dhcpd

Part IV: Test Your Setup

To test your PXE setup, do the following:

1. (Conditional) If there is another DHCP server running that distributes addresses to youreth0 interface, turn it off or, if in a classroom, ask the instructor to turn it off.

2. Decide on which of your machines (yours or your partner's) will act as installation

server.

3. On the machine that acts as installation server, check in YaST if the eth0 interfaceuses DHCP; if so, change the configuration to a fixed IP address using the IP addressDHCP assigned to your machine for eth0, as established in Part III, Step 6

4. Reboot the other machine.

Make sure the BIOS is configured to allow booting via the network card.

The computer should get the IP address from the DHCP server running on its partner'scomputer and display the message file.

5. Enter SLES11 at the prompt. The computer should fetch the necessary files via TFTP

and should start YaST.

A possible source of errors is SuSEfirewall running on the installation server, forbidding

access to the TFTP service. Check this by entering as root at a terminal windowrcSuSEfirewall status and if SuSEfirewall is running, stop it withrcSuSEfirewall stop .

6. To test your add-on repository, proceed with the installation workflow up to the

Installation Settings dialog, accepting the suggested default values (at the InstallationMode Screen, do not select Include Add-On Products).

7. In the Installation Settings dialog, select Software > Details and in the Filter drop-down

menu select Search. In the Search text box, type tree and click Search.

The tree package should appear in the upper right pane of the dialog.

If it does not appear, there is an error in the configuration of your add-on repository(see Set Up an Installation Server, "Part II: Set Up an Add-on Products Repository"

8. Do not procede with the installation, but reset the computer and boot SUSE Linux

Enterprise Server 11 from the hard disk.

8/10/2019 3103 Workbook


9. Once the server is running again, switch roles and reboot the machine that acted as

the DHCP server before.

Create an AutoYaST Control File

In this exercise, create an AutoYaST control file by using the Create Reference Profile feature

of the YaST AutoYaST module.


To create a AutoYaST control file, do the following:

1. Start YaST and select Miscellaneous > Autoinstallation.

2. Select Tools > Create Reference Profile.

3. In the Create Reference Control File dialog, select the following entries, then click

Create.

• Boot Loader

• Package Selection

• Partitioning

• User and Group Management

4. Browse through the created profile by selecting sections of the tree on the left side ofthe dialog and selecting entries in the main window.

Change the configuration if you like.

5. Save the file by selecting File > Save, typing sles11.xml as the filename, then selectingSave.


7. Review the /var/lib/autoinstall/repository/sles11.xml file in an editor, then quit the editor

when done.

Activate PXE Booting and Install SUSE Linux Enterprise Server

In this exercise, work with a fellow student (or use a second computer if there is no one withwhom to do the exercise) to boot your machine using PXE and start the installation of SUSE

Linux Enterprise Server 11.

8/10/2019 3103 Workbook


NOTE: A prerequisite for this exercise is a network card that is PXE capable.


To activate PXE boot and to start the installation of SUSE Linux Enterprise Server 11, do thefollowing:

1. Decide with a fellow student whose machine you will use as the installation server and

which of you will reboot his computer.

2. Create the /srv/install-repo/sles11/ay/ directory and copy the autoyast file you createdin the exercise "Create an AutoYaST Control File"into this directory as sles11.xml.

3. On the installation server, make sure that the file /tftpboot/pxelinux.cfg/default contains

the autoyast parameter in the append line, using your own IP address instead of172.17.8.110, like in the following (note: the append options have to be in one line):

# SLES11

label SLES11

kernel linux

append initrd=initrd

install=nfs://172.17.8.110/srv/install-repo/sles11

autoyast=nfs://172.17.8.110/srv/install-

repo/sles11/ay/sles11.xml

4. The following steps apply to the student who reboots his machine:

1. Reboot your computer.

If your computer does not try to get an IP address during the first stages of the

boot process right after Power On Self Test and before starting the operatingsystem, make sure PXE is activated in the BIOS.

2. Consult the manual that came with the computer hardware on how to change

the respective setting in the BIOS.

If everything is set up correctly, the computer will get an IP address from theDHCP server and load the pxelinux.0 file, as well as the message file.

5. At the message screen, enter SLES11.

NOTE: If you do not want to reinstall the machine at this point, you have to power it off

8/10/2019 3103 Workbook


before the hard drive gets partitioned!

The kernel and initrd are transfered from the TFTP server. YaST will start, fetch thesles11.xml file, and automatically install SLES11, based on the configuration contained

in the sles11.xml file.

Manage Virtualization with Xen


• "Install a Xen Server and an Unprivileged Doman"

Install Xen and configure Dom0, and install SLES 11 in a Xen guest domain using vm-

install.

• "Change Memory Allocation of a Guest Domain"

Change the memory allocation of a guest domain using the Virtual Machine Manager.

• "Automate Domain Startup"

Start up domains automatically when the system is booted.

• "Check the Network Configuration"

Use the brctl show command to view the bridge setup and changes to it.

Install a Xen Server and an Unprivileged Doman

In this exercise, you learn how to install Xen and configure Dom0 and how to install SLES 11in a Xen guest domain using vm-install..

IMPORTANT: VMware cannot run on SLES11 running the Xen kernel. Therefore, the da1

VMware virtual machine will not be available in this section.

In the first part, install the software necessary to run a Xen virtual machine server.

In the second part, change the grub menu to load the Xen kernel by default, turn off thefirewall, and reboot your machine. Then use xm list to find out if domain0 is running as

expected.

In the third part, create a virtual machine for SUSE Linux Enterprise Server 11 and install it,using the installation server created in the previous section.

8/10/2019 3103 Workbook



• "Part I: Install Xen Packages"

• "Part II: Prepare and Test Xen"

•"Part III: Install a Guest Domain"

Part I: Install Xen Packages

Do the following:

1. If the VMware player is running, shut down da1 and close the VMware player.

2. Open a terminal window and su - to root (password: novell).

3. Unload the VMware kernel modules using the command

/etc/init.d/vmware stop

4. Make sure the modules are not loaded automatically using the command

chkconfig vmware off

5. Insert the SUSE Linux Enterprise Server 11 DVD into the DVD drive.

6. Start the YaST and select Virtualization > Install Hypervisor and Tools .

7. Select Accept and let YaST install all required software packages.

Confirm the installation of any automatically selected packages by selecting Continue.

8. Select Yes in the Network Bridge Configuration dialog.

9. Close the YaST Control Center.

Part II: Prepare and Test Xen

Do the following:

1. Open a terminal window and su - to the root user (password: novell).

2. Open the /boot/grub/menu.lst file with a text editor (such as vi).

3. Make sure the file contains a section with the title Xen.

4. In the Xen section, make sure that the root= parameter points to the root partition of

8/10/2019 3103 Workbook


your installation.

5. Change the default line to point to the Xen entry.

If the Xen entry is the first entry in the file, change the default value to 0; if it is thesecond, change the default entry to 1, and so on:

default 0


7. Turn off SuSEfirewall by entering the following commands:

insserv -r SuSEfirewall2_setup

and

insserv -r SuSEfirewall2_init

8. Close the terminal window.

9. Reboot your system.

10.At the boot menu, make sure the Xen entry is selected and press Enter.

11.When the system has booted, log in as user geeko with the password novell.

12.Open a terminal window and su - to root.

13.Enter the command xm list.

In the output, you should see one domain (Domain-0) with the status running.

Part III: Install a Guest Domain

Do the following:

1. Start YaST and select Virtualization > Create Virtual Machines .

2. Read the information displayed, then select Forward.

3. Select I need to install an operating system, then select Forward.

4. Select SUSE Linux Enterprise Server 11, then select Forward.

5. On the Summary page, select Name of Virtual Machine .

8/10/2019 3103 Workbook


6. Type da-xen in the Name field and select Apply.

You are returned to the Summary page.

7. On the Summary page, select Network Adapters .

8. Make sure the network adapter is selected, then select Edit.

9. Select Specified MAC address and enter some random hexadecimal numbers, such as01:cf:43, in the spaces provided.

10.Select Apply to return to the Network Adapters dialog.

Select Apply again to return to the Summary page.

11.On the Summary page, select Disks > Edit, increase the suggested value for a 4 GB

disk to 6 GB, then select OK.

12.In the Disks dialog, select Apply.

You are returned to the Summary page.

13.On the Summary page, select Operating System Installation .

14.In the Operating System Installation dialog, select Network URL as the installationmedium, then type nfs://your_IP_address/srv/install-repo/sles11/CD1 and select Apply.

You are returned to the Summary dialog.

15.In the Summary dialog, select OK.

A VNC window opens with the SLES11 installation system starting up.

16.Within the VNC window, follow the installation workflow, using the following values in

the respective dialogs (use the suggested defaults for items not mentioned here):

Time zone: USA Mountain

Root password: novell

Hostname: da-xen

Domain Name: digitalairlines.com

Change Hostname via DHCP: Uncheck

8/10/2019 3103 Workbook


Write Hostname to /etc/hosts: Check

Firewall: Disable by selecting enabled

Skip the Internet connection test.

Local user:

• User's Full Name: Geeko Novell

• Username: geeko

• Password: novell

Clone This System for Autoyast: Deselect

17.When all steps of the installation are successfully completed, test if you can log in tothe your SLES 11 server as user geeko with the password novell at the login screen

that appears.

Change Memory Allocation of a Guest Domain

In this exercise, you learn how to change the memory allocation of a guest domain using theVirtual Machine Manager.

While the virtual machine is turned off, change the maximum allocation for that machine to

750 MB and the current allocation to 600 MB.

Start the virtual machine, log in, and run the top command in a terminal window inside theVM. Change the memory allocation in Virt-Manager and watch the change in top.


Do the following:

1. If the virtual machine da-xen is running, shut it down.

2. Open a terminal window and su - to the root user.

3. Enter

virt-manager &

4. In Virt-Manager, double-click the localhost entry, select the da-xen entry with the right

mouse button, then select Details.

8/10/2019 3103 Workbook


5. Select the Hardware tab; then select the Memory entry.

6. Change the Maximum Allocation to 750 MB.

7. Select Apply.

8. In the Change Allocation field, enter 600.

9. Select Apply. Leave the Details window open.

10.In the Virtual Machine Manager window, double-click the da-xen virtual machine entry.

A VNC window opens up.

11.Start the virtual machine by selecting Run.

12.Log in to the virtual machine as geeko (password: novell) and open a terminal window.

13.Enter the top command and note the Mem (total) value.

14.In the Virtual Machine Details window, change the memory allocation ( Changeallocation field) to 500 MB, then select Apply.

15.Watch the Mem value change in the output of top.

16.In the Virtual Machine Details window, change the memory allocation ( Change

allocation field) to 650 MB, then select Apply.

Note that the value is increased only to the 600 MB set when you started the virtualmachine.

17.In the Virtual Machine Manager Details window, change the memory allocation

( Change allocation field) back to 512 MB, then select Apply.

Automate Domain Startup

In this exercise, you learn how to start up domains automatically when the system is booted.

Create a link in the /etc/xen/auto directory that points to the /etc/xen/vm/da-xen configurationfile and reboot your machine.




8/10/2019 3103 Workbook


2. Create a link to the /etc/xen/vm/da-xen configuration file in the auto using the

command

ln -s /etc/xen/vm/da-xen /etc/xen/auto/da-xen

3. Shut down your virtual machine.

4. Wait a moment and verify with the xm list command that the domain has been shutdown.

Continue with the next step when the domain da-xen is no longer listed as running.

5. Reboot your system by entering reboot.

6. At the boot prompt, make sure the Xen entry is selected.

7. When the system has been started up, log in to the graphical interface as user geekowith the password novell.


9. Enter the xm list command.

The da-xen domain should have started automatically and should be listed in the xm

list output.

10.Remove the link again using the following command:

rm /etc/xen/auto/da-xen

11.Optional: Create a start script based on /etc/init.d/skeleton that uses the xm or virshcommands to start and shutdown managed domains.

Check the Network Configuration

This exercise assumes that you have a Xen system with Dom0 and one DomU running.

Use the brctl show command to view the bridge setup and changes to it after shutting

down and starting a virtual machine.




2. To make sure that the da-xen domain is running, enter xm list .

8/10/2019 3103 Workbook


3. In the output of the xm command, note the ID of the da-xen domain.

4. To view the network bridge configuration, enter brctl show.

You should see the configuration of the bridge xenbr0. The following interfaces shouldhave been added to the bridge:

• eth0 (physical interface)

• vif x.0 (where x is the domain ID of the da-xen domain)

5. To shut down the domain, enter virsh shutdown da-xen.

6. Wait a moment, then enter xm list to verify that the domain has been shut down.

Continue with next step when the da-xen domain is no longer listed as running.

7. Enter brctl show again.

Note that the interface of the da-xen domain has been removed from the bridge.

8. To restart the domain, enter virsh start da-xen.

9. To note the ID of da-xen, enter xm list.

10.Enter brctl show to determine if the interface of da-xen has been added again.

Documents

3103 Workbook