Novell LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009 Manual Download Page 119 | Manualshive

Page: 119 / 236

background image

8

Securing Your Setup

A SUSE® Linux Enterprise Point of Service setup includes various components that
should be secured against intentional and unintentional tampering with the data and
against software misbehavior. Securing your setup involves several different aspects:

Physical Server Security

First and foremost, every server component of the SUSE Linux Enterprise Point
of Service setup must be secured against unauthorized access. Physically isolating
the servers from other machines is just one aspect of providing physical security.
For details, refer to Section 8.1, “Physical Server Security” (page 112).

Network Security

All servers connected with each other over potentially insecure networks, take the
Administration Server and the Branch Servers for example, need to be secured
against unauthorized access via the networks they are connected to. For details,
refer to Section 8.2, “Network Security” (page 112).

Data Security

Both the Administration Server and the Branch Server contain vital data that needs
to be protected to maintain a fully functional and secure setup. The most important
part in this is securing the LDAP directory on the Administration Server that is
used to maintain the system structure, configuration and deployment method for
all Branch Servers and Point of Service terminals, and other important data. For
details on how to achieve this, refer to Section 8.3, “Data Security” (page 113).

Application Security

Once physical, network and data security are provided, tighten the security of your
setup even further by using AppArmor. AppArmor profiles are used to confine

Securing Your Setup

111

«
...
117
118
119
120
121
...
»

Summary of Contents for LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009

Page 1: ...SUSE Linux Enterprise Point of Service www novell com 11 October 02 2009 SUSE Linux Enterprise Point of Service Guide ...

Page 2: ...ibuted copies That this manual specifically for the printed format is reproduced and or distributed for noncommercial use only The express authorization of Novell Inc must be obtained prior to any other use of any manual or part thereof For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Linux is a registered trademark of Li...

Page 3: ...2 Installation On Top of an Already Installed System 22 3 Basic Configuration 25 3 1 Setting Up the Administration Server 25 3 2 Setting Up the Branch Server 27 3 3 Adding a Point of Service Terminal 30 4 Setting Up the Administration Server 35 4 1 Administration Server Configuration 36 4 2 Initializing the LDAP Directory 38 4 3 Creating An Offline Installation Package 40 4 4 Creating Point of Ser...

Page 4: ...nt of Service Terminals 89 7 6 Hardware 92 7 7 Point of Service Configuration Files 94 7 8 Booting the Point of Service Terminal 102 8 Securing Your Setup 111 8 1 Physical Server Security 112 8 2 Network Security 112 8 3 Data Security 113 8 4 Application Security 115 9 Testing Your SUSE Linux Enterprise Point of Service Environment 117 9 1 Monitoring the Terminal Bootup 117 9 2 Troubleshooting Ter...

Page 5: ...78 13 3 Creating the KIWI Image 180 13 4 Building Customized SUSE Linux Enterprise Point of Service Images 181 13 5 Deploying KIWI Images 183 14 Remotely Managing Point of Service Terminals with admind and adminc 185 14 1 admind 185 14 2 adminc 187 14 3 posGetIP 188 14 4 Installing admind on a Point of Service Terminal 189 14 5 Installing the admind Client on Administration and Branch Servers 191 ...

Page 6: ...Script Process 206 B 3 Script Quick Reference 208 C SUSE Linux Enterprise Point of Service Files and Directory Structure 219 C 1 Administration Server Directory Structure 219 C 2 Branch Server Directory Structure 223 C 3 KIWI Files and Directory Structure 226 ...

Page 7: ...ing section 1 Available Documentation We provide HTML and PDF versions of our books in different languages Find HTML versions of most product manuals in your installed system under usr share doc manual or in the help centers of your desktop Find the latest documen tation updates at http www novell com documentation where you can download PDF or HTML versions of the manuals for your product For mor...

Page 8: ... bottom of each page of the online documentation and enter your comments there 3 Documentation Conventions The following typographical conventions are used in this manual etc passwd directory names and filenames placeholder replace placeholder with the actual value PATH the environment variable PATH ls help commands options and parameters user users or groups Alt Alt F1 a key to press or a key com...

Page 9: ...erview of server types images and the deployment process 1 1 Architecture The SUSE Linux Enterprise Point of Service architecture consists of one centralized Administration Server one or more Branch Servers and Point of Service terminals These can be standard PCs running retail check out applications or specialized point of sale machines such as cash registers and customer kiosks see Figure 1 1 SU...

Page 10: ...ng a Dedicated Image Building Server However if you have a large system and want to offload the image building function from the Administration Server you can also set up a dedicated Image Building Server For more information see Chapter 4 Setting Up the Adminis tration Server page 35 or Chapter 5 Setting Up a Dedicated Image Building Server page 47 Triggered by the possyncimages pl script see Sec...

Page 11: ...branch steps must be taken to ensure that the WAN link to the Administration Server is available The SUSE Linux Enterprise Point of Service architecture is highly centralized However administrative tasks can also be performed on subunits for role based administration The Branch Server provides all the services necessary for the operation and management of the Point of Service terminals and the LDA...

Page 12: ...mages A minimum of 512 MB RAM recommended 512 MB 3 GB at least 512 MB per CPU One network card 1 2 3 Branch Server The following list identifies the system requirements for a Branch Server One server with an x86 or x86 64 processor A minimum of 4 GB hard disk space recommended 10 GB The required space is dependent on the size of the images you distribute to your Point of Service terminals A minimu...

Page 13: ... setup your SUSE Linux Enter prise Point of Service system includes one centralized Administration Server one or more Branch Servers and Point of Service terminals This section focuses on the server types used in SUSE Linux Enterprise Point of Service and gives an overview of the tasks they run and the services they provide 1 3 1 Administration Server The Administration Server is the central admin...

Page 14: ...lding Images with KIWI page 173 Stores the configuration parameters for the Branch Servers Provides an RSYNC server to distribute the system images and software updates to the Branch Server systems Supports NTP time synchronization for the Branch Servers Consolidates the syslog output from the Branch Servers optional For information on installing and configuring the Administration Server see Chapt...

Page 15: ...the Branch Server an external DHCP server can be used For more information refer to the list of attributes for scLocation elements in Section 10 3 8 scLocation page 142 Provides a multicast boot infrastructure for Point of Service terminals Transfers system images from the Administration Server to the Point of Service terminals The Branch Server uses a software distribution mechanism based on RSYN...

Page 16: ...e LDAP directory This admin account and password are created by the posInitAdminserver sh script during the initial configuration of the Administration Server Once created this account is not accessible in the LDAP tree LDAP communications can be secured with SSL When you run the posInitAdminserver sh script you can enable or disable SSL communication Note that the firewall running on the Administ...

Page 17: ...se Point of Service Branch Servers provide the services listed in Table 1 1 Branch Server Services page 9 Table 1 1 Branch Server Services Description Service Every Branch Server runs a DNS master for that branch The posldap2dns script generates the zone files for the BIND name server DNS from the data in the LDAP directory and then reloads the zone files on each Branch Server A DHCP server can be...

Page 18: ...equired to download Branch Server configura tion information synchronize time and download system images from the Administra tion Server The secondary node stays synchronized with the primary ready to take over and run the scripts and services if the primary fails For information on installing a high availability environment refer to the general High Availability Guide available from http www nove...

Page 19: ...y to upload hwtype MAC files for newly registered Point of Service terminals These tftpboot upload files are used to create the Point of Service terminal s worksta tion object in LDAP This directory also stores the bootversion MAC files that the posleases2ldap daemon uses to provide image install noti fication When an image is successfully installed on a Point of Service terminal the linuxrc scrip...

Page 20: ...e hwtype 00 02 55 E8 FA C9 is deleted after successful registration in LDAP For more information see Section 7 7 3 The hwtype MAC File page 100 1 3 3 Special Server Types Apart from the default implementation shown in Figure 1 1 SUSE Linux Enterprise Point of Service System Architecture page 2 SUSE Linux Enterprise Point of Service allows for a variety of different setups to match your individual ...

Page 21: ...ications However if the terminal has sufficient memory and disk space it can run some applications if required In the NLPOS9 the POSBranch Server installation required a special POSBranch image There is no need for such a specialized POSBranch image any more Branch servers on Point of Service hardware can be installed as a standard Branch Server by installing SUSE Linux Enterprise Server 11 and th...

Page 22: ... diskless and preinstalled disk equipped systems from CD This boot image must be combined with a system image to create a CD that can be used to boot the Point of Service terminal usbboot This boot image template creates all the files and directories required to boot diskless and pre installed disk equipped systems from a USB stick netboot This boot image template creates all the files and directo...

Page 23: ...onments IBM Java technology support Firefox and other Web browsers Samba 3 Client for SMB CIFS connectivity to Microsoft Windows servers VNC 4 Remote Control Client to allow other computers to remotely control the terminal System images that you create are initially stored on the Administration Server or on the Image Building Server if you have chosen to set up a dedicated Image Building Server Be...

Page 24: ...ftware patterns in YaST When you build images for the Point of Service terminals all the information required to run a Point of Service terminal the Linux operating system drivers configuration settings application files and so forth can be compiled into a single image file This file can then be electronically distributed to Point of Service terminals over the network Additionally you can generate...

Page 25: ...ent in terms of network speed server hardware Point of Service terminal hardware size of images frequency of updates etc This section presents some design guidelines for large environments The recommended maximum number of Point of Service terminals being serviced by a single Branch Server is 100 You can adjust this number up or down depending on how frequently the Point of Service terminals are r...

Page 26: ...of Service images required to deploy your Point of Service ter minals 4 Copy the image files you have created to the appropriate directories on the Ad ministration Server so they will be ready for the Branch Servers to download IMPORTANT Location of the System Images System images must be located in srv SLEPOS image and boot images must be located in srv SLEPOS boot on the Administration Server be...

Page 27: ...to initialize and configure the Branch Server 7b Run possyncimages pl to download the Point of Service images from the Administration Server to the srv tftpboot directories on the Branch Server For detailed instructions see Section 6 5 Downloading Images from the Administration Server page 64 7c Start the core script posleases2ldap as a daemon process on the Branch Server This script controls all ...

Page 28: ... For information on the iso boot process see Section 7 8 2 Booting from CD isoboot page 108 If a Point of Service terminal cannot boot from the network or from a CD it attempts to boot from the hard drive For more information see Section 7 8 Booting the Point of Service Terminal page 102 9 Test your SUSE Linux Enterprise Point of Service installation to ensure that it is functioning correctly For ...

Page 29: ...tial Installation Process To install SUSE Linux Enterprise Point of Service add on together with your base system during the initial installation process follow these steps 1 Start SUSE Linux Enterprise Server 11 installation as usual For more information see the SUSE Linux Enterprise Server documentation 2 To include the SUSE Linux Enterprise Point of Service add on product check the Include Add ...

Page 30: ... patterns to install a server with multiple functions for example an Administration Server with image building capabilities 8 Continue with installation as usual Make sure to uncheck the Clone This System for AutoYaST option before clicking Finish at the end of the installation procedure WARNING Cloning the System for AutoYaST Must Be Disabled When installing SUSE Linux Enterprise Point of Service...

Page 31: ...ovide the necessary source Click Continue 4 Confirm the SUSE Linux Enterprise Point of Service license agreement and click Next 5 Select the type of server to be installed or Detailed Selection to choose any combination of patterns or packages you need Click Accept to perform the instal lation SUSE Linux Enterprise Point of Service Installation 23 ...

Page 32: ......

Page 33: ...configured For more information about installation see Chapter 2 SUSE Linux Enterprise Point of Service Installation page 21 2 Initialize the LDAP server on Administration Server with the posInitAdminserver sh command Follow the on screen instructions 3 Initialize the LDAP database on the Administration Server 3a Use the posAdmin pl script to add an organizational Unit object as described in Secti...

Page 34: ...e Administration Server is now finished If you want to initialize an offline Branch Server without any internet connection create an offline installation package 1 To create an offline installation package use the posAdmin pl user adminserveradmin password adminserverpass base scLocationDN generate command For example for the Boston organizational unit of mycorp company located in the East distric...

Page 35: ...ust be available If the internet connection is available follow the proce dure described in Section 3 2 1 Online Branch Server Installation page 27 If the offline installation package is available follow the procedure described in Section 3 2 2 Offline Branch Server Installation page 29 3 2 1 Online Branch Server Installation The following procedure describes the installation process of an SUSE Li...

Page 36: ...ffline functionality feature The recommended default setting is yes If your choice is yes the script initializes a local branch LDAP database If your choice is no enter hostname or IP address of an already initialized LDAP database 5 The script issues a command to start LDAP SyncRelp replication to create a copy of the branch subtree from the Administration Server LDAP database 6 If everything is ...

Page 37: ...stallation file was provided in the first step the default values from the file are used 3 In the offline installation mode the script does not check resolvability of the Administration Server IP address Server certificates are copied from the offline installation file if present If an Administration Server certificate is found you are asked to acknowledge its fingerprint and validate it SSL commu...

Page 38: ... If an error is encountered it is reported and logged in syslog NOTE Aborting the Script If you select no in any configuration step except when you select not to use a local branch LDAP the script deletes all its intermediate data and exits NOTE Administration and Branch Server Combination If the administration and branch servers are being configured on a single ma chine no certificates are used a...

Page 39: ...l must get the IP address from the Branch Server its MAC address must be listed in the var lib dhcp db dhcpd leases file This occurs when the system was set by posInitBranchserver sh with EXT_DHCP FALSE in the LDAP database under scLocation corre sponding to this Branch Server POS terminal then gets its IP address from the DHCP server on the Branch Server The correct image file and its checksum fi...

Page 40: ...bobject like scRamDisk or scHarddisk which specifies where and how the image should be deployed The name of a machine is located in the uploaded hwtype MAC file under a HWTYPE entry To add a scCashRegister object for a specific machine with HWTYPE cshr4152 use the command posAdmin pl user cn admin o mycorp c us password secret base cn global o mycorp c us add scCashRegister cn cr test scCashRegist...

Page 41: ... cn sda scDevice dev sda scHdSize 9000 scPartitionsTable 1000 82 x 8000 83 When deploying to a ramdisk of our generic machine use the command posAdmin pl user cn admin o mycorp c us password secret base cn cr test default cn global o mycorp c us add scRamDisk cn ram scDevice dev ram1 The posleases2ldap pl process is started and running If all the conditions are satisfied at the time the posleases2...

Page 42: ...st 3 1 4 192 168 90 1 8192 PART 1000 82 x 8000 83 DISK dev sda If deploying to a ram disk the following line should be present IMAGE dev ram1 myGraphical_test 3 1 4 192 168 90 1 8192 34 SUSE Linux Enterprise Point of Service Guide ...

Page 43: ...Point of Service terminals and can run the utilities required to build those images Set up an Administration Server either with or without the image building software NOTE Creating an Image Building Server The utilities required to build Point of Service images can be installed with the Administration Server or on a dedicated image building server For more infor mation on creating a dedicated imag...

Page 44: ...n screen instructions For more information about the LDAP initialization see Section 4 2 Initializing the LDAP Directory page 38 3 Initialize the LDAP database on the Administration Server 3a Use the posAdmin pl script to add an organizationalUnit object as described in Section 6 4 1 Creating organizationalUnit Objects page 55 3b Use the posAdmin pl script to add a scLocation object as described i...

Page 45: ...d To change Admin server password you need to edit etc openldap slapd conf and replace both lines containing rootpw old_hashed_password with a new hashed password You can get the new hashed password with the slappasswd com mand You can change the password by entering the following commands in the com mand line 1 rcldap stop 2 sed i e s rootpw rootpw slappasswd c new_password etc openldap slapd con...

Page 46: ...nfigure the firewall running on the Administration Server to allow traffic on the ldap and ldaps ports 389 TCP UDP and 636 TCP UDP respectively Do this by using the YaST Firewall module yast2 firewall 3 Run posInitAdminserver sh 4 Specify your company name without spaces or special characters 5 Specify the two letter code of your country Use de for Germany us for United States uk for United Kingdo...

Page 47: ...input If all data is correct press Enter If there is something wrong with the input data abort the installation by pressing Ctrl C 9 The script initializes the basic LDAP database structure and performs some tests then displays a summary of the configuration and test results When the tests are successfully completed the script displays a confirmation alert After you run posInitLdap the LDAP direct...

Page 48: ...inserverpass base scLocationDN generate For example for the Boston organizational unit of mycorp company located in the East district use posAdmin pl user cn admin o mycorp c us password secret base cn east ou boston o mycorp c us generate 2 The generated offline installation package is located in the var share SLEPOS OIF scLocationDN tgz file For the company mentioned earlier the file name would ...

Page 49: ... or whether the images are built on a dedicated Image Building Server use the different copy procedures outlined in Section 4 6 Copying the System Image Files page 43 To deploy a new image version for example an image with updated packages from online repositories follow these steps 1 Build new images as described in Chapter 12 Building Images with the Image Creator Tool page 163 2 Deploy boot ima...

Page 50: ... browser 1 Use the following command to copy the initrd file to the srv SLEPOS boot directory as initrd gz type the command all on one line scp var lib SLEPOS system images image_name initrd netboot image_name architecture version gz adminserver_address srv SLEPOS boot initrd gz 2 Use the following command to copy the kernel file to the srv SLEPOS boot directory as linux type the command all on on...

Page 51: ...lowing command to copy the system images to the srv SLEPOS image directory type the command all on one line cp var lib SLEPOS system images image_name image_name architecture version srv SLEPOS image image_name architecture version 2 Use the following command to copy the corresponding MD5 checksum files to the srv SLEPOS image directory type the command all on one line cp var lib SLEPOS system ima...

Page 52: ...ersion md5 adminserver_address srv SLEPOS image image_name architecture version md5 4 6 1 Deploying New Versions of System Images If you build new system images you can preserve old file names and overwrite existing images In such a case there is no need to update objects in LDAP database Alternatively you can copy the new image to a file with new version number You must add the new version scPosI...

Page 53: ...ons in Chapter 5 Setting Up a Dedicated Image Building Server page 47 before you install your Branch Servers The next step is to set up your Branch Servers For information about setting a Branch Server refer to Chapter 6 Setting Up a Branch Server page 49 Setting Up the Administration Server 45 ...

Page 54: ......

Page 55: ...s NOTE Meeting System Requirements For a list of system requirements to set up an Image Building Server refer to Section 1 2 2 Image Building Server page 4 To configure the Image Building Server follow these steps 1 Check if the following patterns are installed on the machine to be configured If they are missing install them For more information about installation see Chapter 2 SUSE Linux Enterpri...

Page 56: ...a detailed step by step introduction to building SUSE Linux Enterprise Point of Service images using Image Creator refer to Chapter 12 Building Images with the Image Creator Tool page 163 4 Copy the image files and their corresponding MD5 checksums from the image server to the srv SLEPOS image directory on the Administration Server For detailed instructions see Section 4 6 Copying the System Image...

Page 57: ...stration Server is available the offline installation mode can be used If you intend to set up a high availability Branch Server check out the High Availabil ity Guide available from http www novell com documentation sles11 for general information NOTE Setting Up a POSBranch Server In the NLPOS9 a specialized POSBranch image was needed to setup a Branch Server running on Point of Service hardware ...

Page 58: ... connection is available follow the proce dure described in Section 6 2 Online Branch Server Configuration page 51 If the offline installation package is available follow the procedure described in Section 6 3 Offline Branch Server Configuration page 53 6 1 1 Branch Server Network Configuration When configuring the network on a Branch Server make sure the Write Hostname to etc hosts option in the ...

Page 59: ...ing procedure describes the installation process of an SUSE Linux Enterprise Point of Service11 Branch Server if an internet connection to the Administration Server is used 1 Execute the posInitBranchserver sh script The posInitBranchserver sh script asks for the installation mode to be used For the default online installation enter 1 or just press Enter 2 Provide the required information Enter th...

Page 60: ...inistration Server certificate is found you are asked to acknowledge its fingerprint and validate it 4 The script asks if you want to create and use a local branch LDAP database on the Branch Server It contains a copy of the subtree from the Administration Server LDAP database which corresponds to this Branch Server This is a part of the SUSE Linux Enterprise Point of Service11 offline functionali...

Page 61: ...hserver sh script without options and select 2 when asked for the installation mode to be used 2 Provide the required information Enter the company name organization organizational unit organizationalUnit and branch name scLocation as initialized on the Administration Server and as specified in the LDAP database Enter the resolvable and connectible name or the IP address of the Administration Serv...

Page 62: ... it is not yet possible to find the branch server domain Therefore if there is no internet connection the attempt fails and the script ter minates However if there is a connection to the Administration Server the script finds the branch server domain in the Administration Server LDAP database and prints information about the found domain 7 The script asks for a final confirmation before it configu...

Page 63: ...ct page 60 and its associated configuration objects for each Branch Server in your system Additional objects Section 6 4 4 Creating Point of Service Terminal Objects page 63 for the Point of Service terminals associated with each Branch Server NOTE LDAP Object Attributes Each LDAP object has two types of attributes must and may attributes The must attributes are required for an object the may attr...

Page 64: ...adable description of the object may description string For example the following command adds the boston organizational unit to the LDAP directory and gives it the description main headquarters posAdmin pl user cn admin o mycorp c us password secret base o mycorp c us add organizationalUnit ou boston description main headquarters The LDAP context of the newly created organizationalUnit is the ou ...

Page 65: ... scDhcpRange ip_address ip_address scDhcpFixedRange ip_address ip_address scDefaultGw ip_address scDynamicIp TRUE FALSE scDhcpExtern TRUE FALSE scWorkstationBaseName string scEnumerationMask number userPassword branchpassword Table 6 2 posAdmin Options for Creating scLocation Objects Description Type Option The common name of the location must cn The network address of the subnet of the branch for...

Page 66: ...aultGw This flag is used to enable or disable registration of new terminals on the must scDynamicIp branchserver when scDhcpExtern is set to FALSE Allowed values are TRUE to enable or FALSE to disable the registration mechanism The base name of the Point of Service terminals of a branch used to create a must scWorkstationBaseName unique name for each terminal It is used in combination with the scD...

Page 67: ...try DN With this entry a different domain can be chosen This mandatory entry configures the Branch Server password for security must userPassword purposes This password must be used when installing a Branch Server using the posInitBranchserver sh script The following command adds an scLocation named harbor to the LDAP directory type the command all on one line posAdmin pl user cn admin o mycorp c ...

Page 68: ...ston mycorp us the dn of the scBranchServer object would be cn bs cn server cn east ou boston o mycorp c us To add an scBranchServer object to the LDAP directory with posAdmin proceed as follows 1 Before you can add the scBranchServer to an scLocation object you must define an scServerContainer using the scServerContainer and common name cn options For example type the command all on one line posA...

Page 69: ...Options for Creating scNetworkcard Objects page 61 summarizes the posAdmin command options for scNetworkcard attributes Table 6 3 posAdmin Options for Creating scNetworkcard Objects Description Type Option The name of the network device of the card for example eth0 or eth1 must scDevice The IP address for example 192 168 1 1 must ipHostNumber The MAC address of the network in terface card may macA...

Page 70: ...t ou boston o mycorp c us add scService cn dhcp ipHostNumber 192 168 1 1 scDnsName dhcp scServiceName dhcp scServiceStartScript dhcpd scServiceStatus TRUE posAdmin pl user cn admin o mycorp c us password secret base cn bs cn server cn east ou boston o mycorp c us add scService cn tftp ipHostNumber 192 168 1 1 scDnsName tftp scServiceName tftp scServiceStartScript atftpd scServiceStatus TRUE Table ...

Page 71: ...ng Point of Service Terminal Objects Before you can boot the Point of Service terminals associated with a Branch Server you must create additional objects in the branch portion of the LDAP directory These include an scCashRegister object and its associated configuration objects for each type of Point of Service terminal in your system and scPosImage objects for the system image files you want the ...

Page 72: ... attribute to Active see Section 7 4 7 Activating Images page 86 2 Run possyncimages pl at the Branch Server console to download the Point of Service images The possyncimages pl script can also be used to update Point of Service images on the Branch Server However to implement image version changes you should also activate the version changes inside the corresponding scPosImage objects in the LDAP...

Page 73: ...e script at boot time execute the following command insserv posleases2ldap The posASWatch script checks if the Administration server is available It also checks the status of LDAP Sync replication and posleases2ldap core service The service is started with the rcposASWatch start command and stopped with the rcposASWatch stop command To check the service status use the rcposASWatch status command I...

Page 74: ...ne this service is not required When the combo machine is configured and an attempt to start the service is made the service will exit with an error message You are now ready to deploy the Point of Service terminals For more information on this process see Chapter 7 Deploying Point of Service Terminals page 67 66 SUSE Linux Enterprise Point of Service Guide ...

Page 75: ...d browser capable graphical systems The type of operating system that can be installed on a Point of Service terminal is de termined by the type of hardware that is available For example diskless systems can support only a minimal operating environment such as a console based system while Point of Service terminals that have a hard drive can support graphical environments Point of Service operatin...

Page 76: ...t of Service see Section 1 4 1 Types of Images page 14 All system images have a common operating system base comprised of the following components Kernel modules for hardware file system and network support GNU C and the standard C library glibc and libstdc Bash and base file handling utility NTP client for time synchronization Multicast TFTP capable TFTP client atftp These components are created ...

Page 77: ...minal must get the IP address from the Branch Server its MAC address must be listed in the var lib dhcp db dhcpd leases file This occurs when the system was set by posInitBranchserver sh with EXT_DHCP FALSE in the LDAP database under scLocation corre sponding to this Branch Server POS terminal then gets its IP address from the DHCP server on the Branch Server The correct image file and its checksu...

Page 78: ...ke scRamDisk or scHarddisk which specifies where and how the image should be deployed The name of a machine is located in the uploaded hwtype MAC file under a HWTYPE entry To add a scCashRegister object for a specific machine with HWTYPE cshr4152 use command posAdmin pl user cn admin o mycorp c us password secret base cn global o mycorp c us add scCashRegister cn cr test scCashRegisterName cshr415...

Page 79: ... to a ramdisk of our generic machine use the command posAdmin pl user cn admin o mycorp c us password secret base cn cr test default cn global o mycorp c us add scRamDisk cn ram scDevice dev ram1 The posleases2ldap pl process is started and running If all the conditions are satisfied at the time the posleases2ldap pl checks the upload directory the new config MAC is created or overwritten and the ...

Page 80: ...llowing 1 Copy the image source files to your Image Building Server For detailed instruc tions see Section 11 3 1 Copying the SUSE Linux Enterprise Point of Service CDs page 159 2 Define the location of the image source files For detailed instructions see Sec tion 11 3 4 Generating AdminServer conf or Distribution xml page 161 3 Build the Point of Service image files 7 4 Creating the Required LDAP...

Page 81: ...efore you boot the Point of Service terminals The Point of Service ter minals require an scPosImage object with an active scPosImageVersion attribute before they can download the corresponding physical image from the Branch Server at boot time For more information on setting the scPosImageVersion attribute to Active see Section 7 4 7 Activating Im ages page 86 With posAdmin pl you can add remove a...

Page 82: ...er object define the object s scCashRegisterName attribute as default as described in Table 7 1 posAdmin Options for Creating scCashRegister Objects page 75 Define only one default scCashRegister object in the Global container The scCashRegister objects are stored in the Global container so they can be ac cessed by all Branch Servers NOTE Defining a System Image for a Point of Service Terminal A s...

Page 83: ...r this Point of Service terminal type may scPosImageDn This boolean field is set to TRUE if jour naling should be enabled Journaling is only added on disk based machines may scDiskJournal To add a scCashRegister object for a specific machine with HWTYPE cshr4152 use the command posAdmin pl user cn admin o mycorp c us password secret base cn global o mycorp c us add scCashRegister cn cr test scCash...

Page 84: ...f the Hardware Refer ence object For example cn crtype3 cn global o mycorp c us must base The common name of the device For example ram must cn The RAM disk device must scDevice The device dev ram0 cannot be used because it is used for the initial RAM disk Therefore we rec ommend using dev ram1 The RAM device should not be confused with the hard disk device which uses a partition table When deploy...

Page 85: ...ard ware Reference object For example must base cn crtype3 cn global o mycorp c us The common name of the device For ex ample sda must cn The device of the hard disk For example dev sda must scDevice The size of the hard disk in MB must scHdSize A semicolon separated list of partition entries Each entry consists of three space must scPartitionsTable separated parameters the size in megabytes the p...

Page 86: ...dding an scConfigFileTemplate Object scConfigFileTemplate objects are used when you run services such as the X Window service that require hardware dependent configuration files An scConfigFileTemplate object contains the configuration file data that a Point of Service terminal needs in order to run a given service To define the scConfigFileTemplate object with the posAdmin script you designate th...

Page 87: ...r an scPosImage object all terminals that load the system image that corresponds to the scPosImage object receive the configuration file defined in the scConfigFileTemplate object Be aware that in this case the posAdmin script does more than just literal in sertion of the data specified on the commandline If you want to use some other tool e g GQ to define the scConfigFileTemplate object you must ...

Page 88: ...confi guration file is installed on the must scConfigFile Point of Service terminal For ex ample etc ntp conf or etc X11 xorg conf Specifies the block size for the TFTP download Due to internal must scBsize limitations of atftp the maximum block size is 65464 Bytes The source path of the configura tion file For example tmp xorg conf mydata must scConfigFileData A description of the configuration f...

Page 89: ... object points to the configuration file that a Point of Service terminal needs to run a given service This object differs from scConfigFileTemplate objects because the configuration data is not stored in the object rather the object points to a configuration file outside the LDAP directory When a Point of Service terminal registers with a Branch Server or when you run posAdmin pl updateconfig or ...

Page 90: ...l terminals that correspond to the type defined in the scCashRegister object receive the configuration file designated in the scConfigFileSyncTemplate object If the scConfigFileSyncTemplate object is defined under an scPosImage object all terminals that load the system image that corresponds to the scPosImage object receive the configuration file designated in the scConfigFileSyncTemplate object A...

Page 91: ...on the Point of must scConfigFile Service terminal For example etc ntp conf or etc X11 xorg conf Specifies the block size for the TFTP download Due to internal limitations must scBsize of atftp the maximum block size is 65464 Bytes The local source path of the configu ration file on the Administration must scConfigFileLocalPath Server For example srv SLEPOS config X11 xorg conf mydata A descriptio...

Page 92: ...e referenced in the scInitrdName attribute in the scDistributionContainer object After the installation and configuration of SUSE Linux Enterprise Point of Service an scPosImage object is automatically added to the Default Distribution Container for the Minimal image However this LDAP entry is only intended to serve as an example You must manually add an scPosImage object for each system image you...

Page 93: ...7 Possible Values for the scPosImageVer sion Attribute page 87 The boot option of the Point of Service terminal The mandatory value is boot pxelinux 0 must scDhcpOptionsRemote This attribute is reserved for future extension of SUSE Linux Enterprise Point of Service and is not used at this time must scDhcpOptionsLocal The name of the image file which the terminal will download from the Branch Serve...

Page 94: ...ave specified another container as scDistributionContainer you can also add an scPosImage object to this other container anothercontainer in this case posAdmin pl user cn admin o mycorp c us password secret base cn anothercontainer cn global o mycorp c us add scPosImage cn myMinimal scImageName myTestMinimal scPosImageVersion 2 0 4 active scDhcpOptionsRemote boot pxelinux 0 scDhcpOptionsLocal LOCA...

Page 95: ... but only the latest image version is downloaded to the Point of Service terminals 1 1 2 active 1 1 3 active 1 1 5 active Only image version 1 1 3 is enabled and downloaded to the Point of Service terminals 1 1 2 passive 1 1 3 active 1 1 5 passive To activate a registered image set its scPosImageVersion attribute to active This is done with posAdmin using the modify keyword and the multival multi ...

Page 96: ...us information in the corresponding scPosImage image object in the global container is ignored However if you only assign the image name the version informa tion in the scPosImage image object is used The scWorkstation object is automatically created in the LDAP directory the first time you boot a Point of Service terminal The posleases2ldap daemon automatically triggers posldap2crconfig pl which ...

Page 97: ... new system images is to copy the images from the srv SLEPOS image directory to the RSYNC directory srv SLEPOS Before the RSYNC service can transmit the images to the Branch Server client images must be located in the srv SLEPOS image directory on the Administration Server and the boot image must be located in srv SLEPOS boot NOTE Manually Copying System Images Copying the system images to the RSY...

Page 98: ...the Branch Server NOTE Point of Service terminals boot two images a first stage image initrd gz and a second stage image linux For more information see Section 7 8 Booting the Point of Service Terminal page 102 1 Copy the initrd disknetboot image as initrd gz cp srv SLEPOS image initrd disknetboot version date gz srv SLEPOS boot initrd gz 2 Copy the kernel image as linux cp srv SLEPOS image initrd...

Page 99: ...6 The basic process is as follows 1 The possyncimages pl script initially checks via the PID file to determine if an instance is already running 2 The image files are then copied from the Administration Server to the Branch Server Boot images are copied from the srv SLEPOS boot directory on the Administration Server to the srv tftpboot boot directory on the Branch Server System images and their as...

Page 100: ...he Branch Server The posleases2ldap process then transfers the information to the scNotifiedimage attribute in the scWorkstation object in LDAP and deletes the bootversion MAC file 7 6 Hardware Point of Service terminals are implemented in a variety of hardware forms The primary difference in Point of Service hardware is whether the terminal has an internal hard drive or other persistent media suc...

Page 101: ...ec tion 7 4 1 Adding an scCashRegister Object page 74 The Branch Server initially acquires the hardware configuration information for its local Point of Service terminals in one of two ways posldap2crconfig pl reads the configuration information stored in the scConfigFileTemplate object in LDAP and creates a configuration file in the srv tftpboot CR MAC directory on the Branch Server The hardware ...

Page 102: ...e multihead X configurations The corresponding xorg conf files are manufacturer specific and are not provided as part of the SUSE Linux Enterprise Point of Service software package 7 7 Point of Service Configuration Files Each Point of Service terminal has its own configuration file that it loads at boot time This configuration file determines which hardware drivers and images are loaded on the Po...

Page 103: ... modify a Point of Service configuration file you must modify the Point of Service terminal s entries in LDAP and then run the posAdmin updateconfig command For more information see Table 10 1 posAdmin General Command Line Options page 131 The format of the config MAC file is as follows IMAGE device image version srv_ip bsize compressed SYNC syncfilename srv_ip bsize CONF source dest srv_ip bsize ...

Page 104: ... image to load on the Point of Service terminal srv_ip The server IP address for the TFTP download This variable must always be included in the IMAGE parameter bsize The block size for the TFTP download If the block size is too small according to the maximum number of data packages 32768 linuxrc automatically cal culates a new block size for the download The maximum block size is 65464 Bytes This ...

Page 105: ... according to the maximum number of data packages 32768 linuxrc automatically cal culates a new block size for the download The maximum block size is 65464 Bytes This variable must always be indicated in the SYNC parameter CONF Specifies the configuration files to download to the Point of Service terminal The data is provided in a comma separated list of source target configuration files source Th...

Page 106: ...ormatting Partitions The third and following partitions are not formatted automatically If these partitions already exist and contain meaningful data they are not changed in any way and all data on these partitions is preserved This is useful to keep data between updates To force formatting of these partitions increase the size of the second root partition size The size of the partition in MB If y...

Page 107: ... be addressed for example dev sda This parameter is used only with PART RELOAD_IMAGE If set to yes this parameter forces the configured image to be loaded from the server even if the image on the disk is up to date The posldap2crconfig pl script overwrites this optional feature of the Point of Service configuration file This parameter is used mainly for debugging purposes It is pertinent only on d...

Page 108: ...This is done through the Point of Service control file hwtype MAC where MAC is the MAC address of the specific terminal The Point of Service control file contains the information required to create the terminal s workstation object scWorkstation in LDAP and determine which image and configuration settings should be included in the terminal s configuration file config MAC The Point of Service contr...

Page 109: ...DAP directory If a match is found the information in scCashRegister and its associated ob jects is used to create the Point of Service terminal s scWorkstation object in LDAP and its config MAC file in the Branch Server s srv tftpboot CR directory After the config MAC file is created the hwtype MAC file is deleted If the hwtype is unknown the information in the default scCashRegister object is use...

Page 110: ... attempts a network PXE boot If the network is not available it then boots from the hard drive You can override this order with the BIOS settings The first time you boot the Point of Service terminals the posleases2ldap daemon automatically triggers posldap2crconfig pl which then creates a workstation object scWorkstation and hardware configuration files for the Point of Service terminals that reg...

Page 111: ...nuxrc Image version is verified Load config MAC_address YES Load pxelinux 0 linux and initrd gz Run linuxrc New image version is detected Load config MAC_address YES Image and image version are identified Download client image Load config MAC_address Image Install Notification occurs Verify the image Load the client image Download client image Image Install Notification occurs Load the client imag...

Page 112: ...e srv tftpboot image directory The Point of Service system images must have an associated scPosImage object in the LDAP directory and the object s scPosImageVersion attribute must be set to Active For more information see Section 7 4 6 Adding an scPosImage Object page 84 If these conditions are met the Point of Service terminal can successfully boot from the network The following is a detailed des...

Page 113: ...essible 5 The linuxrc script begins 6 The file systems required to receive system data are mounted for example the proc file system 7 The Point of Service hardware type hwtype is detected The Point of Service hardware manufacturer provides a program to do this The first time the Point of Service terminal boots this information is used to register the Point of Service terminal and create the termin...

Page 114: ...e Branch Server s srv tftpboot CR directory over TFTP If this is the Point of Service terminal s first time booting its config MAC file does not yet exist The Point of Service terminal must first register on the system A new Point of Service terminal registers as follows a An optional alias name can be set for the new Point of Service terminal During the creation of one of the boot images you can ...

Page 115: ...If no system update is required no image download occurs and the Point of Service terminal boots from the hard drive If a system update is required the Point of Service terminal s hard disk is parti tioned according to the parameters specified in the PART line 1 7 The SYNC line in the Point of Service configuration file is evaluated The file indicated in the SYNC line is downloaded over TFTP The o...

Page 116: ...system switches to the mounted system image 2 7 The root file system is converted to the system image using pivot_root All the required configuration files are now present because they had been stored in the system image or have been downloaded via TFTP The file systems that are mounted read only can be stored in cramfs compressed RAM file systems to save Point of Service RAM resources 2 8 The boo...

Page 117: ...e used for Point of Service systems with storage media such as hard disk or flash medium Otherwise the Point of Service system must be upgraded with enough RAM to hold the system image There must be enough available RAM on diskless Point of Service terminals to load the first and second stage boot images Otherwise the terminal returns a kernel panic error NOTE Onboard VGA Memory Consumption Keep i...

Page 118: ...m image is stored on the CD resp the USB device During the boot process no network is involved at all and otherwise the boot process is similar to Section 7 8 1 Network PXE Boot page 103 110 SUSE Linux Enterprise Point of Service Guide ...

Page 119: ...the Administration Server and the Branch Servers for example need to be secured against unauthorized access via the networks they are connected to For details refer to Section 8 2 Network Security page 112 Data Security Both the Administration Server and the Branch Server contain vital data that needs to be protected to maintain a fully functional and secure setup The most important part in this i...

Page 120: ...asic security related things you should bear in mind when creating your setup Keep your severs in a separate server room that is accessible to only a few selected people or ideally just you Separate your server room from the rest of your IT setup by requiring some sort of authentication before people can enter the room Use any of the following key cards key codes PIN numbers finger print authentic...

Page 121: ...o restrict access to your LDAP data The configuration of your OpenLDAP server is located under etc openldap slapd conf For more information on how this configuration file is generated and maintained refer to Section B 3 3 posInitAdminserver sh page 210 ACLs allow you to specify separate access controls to different parts of the configuration You can create different ACLs for user password data ser...

Page 122: ...ir own password Allow access to any DN matching the regular expression Using the you limit the matches to just those strings that contain nothing beyond the last character All DNs matching the regular expression are granted write access and authenticated users may read the objects but not write to them Allow access to anything Entries themselves may write to their entries authenticated users may r...

Page 123: ...nt security vulnerabilities which slip by mostly unnoticed as the respective functions may not be used in every day life To protect your setup from these vulnerabilities SUSE Linux Enterprise Server and SUSE Linux Enterprise Point of Service come with the AppArmor protection framework AppArmor provides so called profiles for some of the most im portant applications that specify which files these p...

Page 124: ......

Page 125: ...se Point of Service installation 1 Attach a Point of Service client to the Branch Server network 2 Verify that the necessary LDAP objects have been created by using an ldapsearch command For example setup without SSL ldapsearch x H ldap administration_server_name b base_context s base D dn_of_admin_user w password For setups with SSL use ldapsearch x H ldaps administration_server_name b base_conte...

Page 126: ...hat the initrd gz and linux images are available in the srv tftpboot boot directory on the Branch Server 6 Power on the Point of Service client You can watch the Branch Server log messages using the following command tail f var log messages 7 While the Point of Service client is booting check if there are tftpd entries For example bs1 tftpd 31434 Serving boot pxelinux 0 to 192 168 2 15 2070 bs1 tf...

Page 127: ...w the srv tftpboot upload directory for example hwtype 00 06 29 E3 02 E6 This file contains the information required to create the terminal s workstation object scWork station in LDAP and determine which image and configuration settings should be included in the terminal s configuration file For more information see Section 7 7 3 The hwtype MAC File page 100 9 Watch to see if the Point of Service ...

Page 128: ...cPosImageDn attribute of the scCashRegister object is available in the srv tftpboot image direc tory on the Branch Server Do not delete any of the default LDAP objects that are created when you install SUSE Linux Enterprise Point of Service In particular do not delete the global de fault minimal scPosImage object that is created in the default Distribution Container even if you do not plan to use ...

Page 129: ...GQ to Browse LDAP Directory The GQ LDAP browser may fail with Cannot find last resort schema server local host alert message when used with SUSE Linux Enterprise Point of Service LDAP database If you want to use GQ disable anonymous ac cess to rootDSE in the etc openldap slapd conf configuration file To disable the anonymous access put a under the enabling anonymous access to rootDSE for speeding ...

Page 130: ...tr schema and etc openldap schema sc pos pos obj schema respectively Root The beginning level in the LDAP tree The root represents the world The next level is represented by Country Country The country in which the organization is located The next level is represented by Organization Organization organization The name of the organization represented in the LDAP tree The next level is rep resented ...

Page 131: ...s On the other hand if all the servers have the same hardware a unified standard can be defined in the global container on the regional or organi zational level The next level is represented by Distribution Container Hardware Reference Object Distribution Container scDistributionContainer A container for the distribution of sets of images A distribution set is a collection of images designed for P...

Page 132: ... when you run services such as the X Window service that require hardware dependent configuration files An scConfigFileTemplate object contains the configuration file data that a Point of Service terminal needs to run a given service This element can also exist under scCashRegister objects For information on adding this object class to the LDAP directory see Section 7 4 4 Adding an scConfigFileTem...

Page 133: ...ch as regions branches or divisions For information on adding this object class to the LDAP directory see Section 6 4 1 Creating organizationalUnit Objects page 55 The next level is represented by Location Location scLocation A branch office that is a site where a Branch Server and Point of Service terminals are located Location containers are used to store information about the deployed Point of ...

Page 134: ... 4 3 Adding an scServerContainer and scBranchServer Object page 60 The next level is represented by Branch Server Branch Server scBranchServer The Branch Server object stores configuration information that is specific to each Branch Server There must be a Branch Server object for every Branch Server in the SUSE Linux Enterprise Point of Service system IMPORTANT Defining the Branch Server Hostname ...

Page 135: ... configuration for a Branch Server network interface card For information on adding this object class to the LDAP directory see Step 3 page 61 Hard Disk scHarddisk The configuration for the Branch Server s boot hard disk For information on adding this object class to the LDAP directory see Section 7 4 3 Adding an scHarddisk Object page 77 To illustrate how the directory structure is used here is a...

Page 136: ...ver is read If a DN is included here the target is used as the reference object for the Branch Server 7 If the entry is empty the search for an object of the objectClass scHardware moves upward in the directory structure one level at a time If the attribute scRefServerDn is occupied in this type of object this DN is taken as the target if not the search continues upward in the directory structure ...

Page 137: ... Service Terminals if needed NOTE Must and May Attributes for LDAP Objects Each LDAP object has two types of attributes must and may attributes The must attributes are the minimum requirements for an object The may attributes are optional This table lists only those may attributes that are relevant to SUSE Linux Enterprise Point of Service 10 2 1 Mandatory LDAP Objects When you run the posInitAdmi...

Page 138: ...ach type of Point of Service terminal in your system scHarddisk or scRamDisk scConfigFileTemplate optional scConfigFileSyncTemplate optional IMPORTANT LDAP Objects and Branch Server Point of Service Terminals Some administrative tasks in your SUSE Linux Enterprise Point of Service system depend on the existence of certain LDAP objects Before you can run posInitBranchserver sh and deploy the Branch...

Page 139: ...tion For instructions on this procedure see Sec tion 7 4 8 Assigning an Image to a Point of Service Terminal page 88 10 2 2 General Command Options Find an overview of general posAdmin command line options in Table 10 1 posAdmin General Command Line Options page 131 Table 10 1 posAdmin General Command Line Options Description Option Specifies a username user Specifies a password Used primarily tog...

Page 140: ...value pair and a DN The main difference between command arguments in add remove and modify operations is that the add operation specifies the base DN of the directory element below which the new entry should be created with the base option The modify and remove op erations identify the target element with the DN option If an operation is not finished successfully posAdmin returns an error message ...

Page 141: ... o mycorp c us The following command adds a new or modifies an existing image reference posAdmin pl user cn admin o mycorp c us password secret modify scWorkstation scPosImageDn cn myMinimal cn myTestImages cn global o mycorp c us DN cn CR01 cn east ou boston o mycorp c us The following command adds a new or modifies an existing image reference and image version posAdmin pl user cn admin o mycorp ...

Page 142: ...o mycorp c us 10 2 4 Removing LDAP Entries To remove an object from the LDAP directory use the remove option and the DN attribute with the unique name of the object to delete If the referred object has subentries you must add the recursive option Table 10 3 posAdmin Options for Deleting LDAP Objects page 134 summarizes the posAdmin command options for deleting LDAP objects Table 10 3 posAdmin Opti...

Page 143: ...n attribute value pair Table 10 4 posAdmin 0ptions for Querying the LDAP Database page 135 summarizes the posAdmin command options for querying the LDAP database Table 10 4 posAdmin 0ptions for Querying the LDAP Database Description Type Option The base option sets the base in which to search for objects On the Administration Server the must base default base is the organization o my corp c us Obj...

Page 144: ...Number 192 168 1 0 10 3 LDAP Objects Reference This section provides an alphabetical listing of all the SUSE Linux Enterprise Point of Service elements represented in the LDAP directory The Must attributes for each ele ment are those attributes that must be defined when creating the element with posAdmin The May attributes are optional All elements are structural 10 3 1 scBranchServer The Branch S...

Page 145: ...ng an scServerContainer and scBranchServer Object page 60 Table 10 5 Attributes for scBranchServer Elements Description Role Name Common name an entity is known by Must cn DN of a scRefServer May scRefServerDn Public key at server for the SSH client May scPubKey 10 3 2 scCashRegister An scCashRegister object is a Hardware Reference object These objects store information about Point of Service hard...

Page 146: ...oint of Service terminal needs to run a given service This object differs from scConfigFileTemplate objects because the configuration data is not stored in the object rather the object points to a configuration file outside the LDAP directory This element exists under Image Reference objects class scPosImage but it can also exist under scCashRegister objects For information on adding this object c...

Page 147: ...re dependent configuration files An scConfigFileTemplate object contains the configuration file data that a Point of Service terminal needs to run a given service This element can also exist under scCashRegister objects For information on adding this object class to the LDAP directory see Section 7 4 4 Adding an scConfigFileTemplate Object page 78 Table 10 8 Attributes for scConfigFileTemplate Ele...

Page 148: ...es designed for Point of Service terminals on a given version of the Linux kernel The Default distribution container references the current version of the kernel included in SUSE Linux Enterprise Point of Service Table 10 9 Attributes for scDistributionContainer Elements Description Role Name Common name an entity is known by Must cn Filename of the kernel located under boot Must scKernelName File...

Page 149: ...adding this object class refer to Section 7 4 3 Adding an scHarddisk Object page 77 Table 10 10 Attributes for scHarddisk Elements Description Role Name Common name an entity is known by Must cn Device name like dev sda Must scDevice Size of the hard disk in MB Must scHdSize Partition table listing the device name the size in MB and the type of partition Must scPartitionsTable 10 3 7 scHardware Re...

Page 150: ... are used to store infor mation about the deployed Point of Service terminals and the Branch Servers This and all other information that can be modified at the Branch Server should be stored or referenced in the Location containers to limit the need to grant write privileges to sub trees For information on adding this object class to the LDAP directory see Section 6 4 2 Adding an scLocation Object...

Page 151: ...tion Must scDynamicIp DN of a reference server May scLdapDn DN of a reference server May scDnsDn Base name of a workstation e g cash register May scWorkstationBaseName Base name of a printer e g print er May scPrinterBaseName Enumeration mask for workstations and printers like 000 or 00 May scEnumerationMask Domain associated with an object May associatedDomain 10 3 9 scNetworkcard An scNetworkcar...

Page 152: ...dulOption IP netmask as dotted decimal May ipNetmaskNumber 10 3 10 scPosImage The Image Reference object stores information about an image stored on the Adminis tration Server By default an Image Reference object is created for the Minimal client image For information on adding this object class to the LDAP directory see Sec tion 7 4 6 Adding an scPosImage Object page 84 Table 10 14 Attributes for...

Page 153: ...ile May scConfigFile 10 3 11 scRamDisk Ramdisk An scRamDisk object represents the configuration of a Point of Service terminal RAM disk For information on adding this object class to the LDAP directory see Section 7 4 2 Adding an scRamDisk Object page 76 Table 10 15 Attributes for scRamDisk Elements Description Role Name Common name an entity is known by Must cn Device name like dev ram1 Must scDe...

Page 154: ...l This provides great flexibility For example each server can be assigned by its own reference objects and therefore its own hardware types On the other hand if all the servers have the same hardware a unified standard can be defined in the global container on the regional or organizational level Table 10 16 Attributes for scRefObjectContainer Elements Description Role Name Common name an entity i...

Page 155: ...Description Role Name Common name an entity is known by Must cn IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 ad dresses as defined in RFC2373 Must ipHostNumber The server s name in DNS Must scDnsName Name of the service being configured Must scServiceName Start script for a service Must scServiceStartScript The status of the service TRUE or FALSE FALSE disables the service Mus...

Page 156: ...9 Attributes for scWorkstation Elements Description Role Name Common name an entity is known by Must cn MAC address in maximal colon separated hex notation e g 00 00 92 90 ee e2 Must macAddress IPv4 addresses as a dotted deci mal omitting leading zeros or Must ipHostNumber IPv6 addresses as defined in RFC2373 Serial number of the worksta tion used May scSerialNumber DN to the PC hardware type May ...

Page 157: ...me of the standard printer May scStandardPrinter DN of a CR group May scPosGroupDn Turn on disk journaling May scDiskJournal Indicate configuration files that should be updated upon next boot May scConfigUpdate Image and version as reported by the workstation May scNotifiedimage The SUSE Linux Enterprise Point of Service LDAP Directory 149 ...

Page 158: ......

Page 159: ...oscdtool pl and poscopytool pl The poscopytool pl script is a simple tool optimized to copy source files from installation media The poscdtool pl script is a more configurable tool but lacks the straightforwardness and interactivity of poscopytool pl This chapter reviews the two commands and procedures required to manage the image source files 11 1 POSCDTool Command Line Options POSCDTool is a com...

Page 160: ...ion Indicates the source media to be copied CD DVD directory or ISO CD type dvd cd dir iso This parameter is optional If it is not defined POSCDTool assumes the source media is CD The iso option is not currently supported Indicates the path to the source media source path For a CD the path is expressed as media NAME For a directory the contents of the directory are treated as a CD For an ISO CD th...

Page 161: ...ork you can use the link option to create a link between the files current location and the distribution directory structure KIWI requires to build images NOTE If you copy the CDs using POSCDTool they are automatically copied to the distribution directory structure required by KIWI For more information see Section 11 3 2 Linking the SUSE Linux Enterprise Point of Service CDs page 160 Table 11 2 PO...

Page 162: ...1 3 POSCDTool Command Options for mount Indicates the mount source source mount_source Indicates the mount endpoint dest path This parameter is optional If it is not defined POSCDTool mounts to var lib SLEPOS dist 11 1 4 The generate Option Generates the AdminServer conf file for scr and the Distribution xml document for xscr For more information see Section 11 3 4 Generating AdminServ er conf or ...

Page 163: ... for source discs availability imageclass sles i586 sled i586 This option restricts the checking to these imageclasses If more than one imageclass is specified the list should be comma sepa rated with no spaces POSCDTool verifies if you have the CD source that corresponds to each image class before it generates the Distribution xml document IMPORTANT The ImageClass element in the distribu tion sou...

Page 164: ...ault directories It defines the Distribution xml document with the SLED and SLES image classes It verifies the availability of the SLED and SLES CD source files The POSCopyTool command syntax is as follows poscopytool pl options Table 11 5 POSCopyTool Command Options page 156 summarizes the available POSCopyTool command options Table 11 5 POSCopyTool Command Options Description Option Indicates th...

Page 165: ...evision media media number etc For example SLES 11 SLEPOS 11 0 CD1 SLES 11 SLEPOS 11 0 CD2 POSCDTool searches also the first level subdirectories set by the source op tion IMPORTANT var lib SLEPOS dist is the default path KIWI uses to build sys tem images Lists the CDs the POSCopyTool will copy to the distribution directory list Forces POSCopyTool to copy the source CDs even if they already exist ...

Page 166: ... 160 This task is required only if you are maintaining the product CDs in another direc tory structure for example if you store the product CDs on an NFS server to provide a single point of installation for Administration and Branch Servers throughout your network You must use POSCDTool to link the SUSE Linux Enterprise Point of Service CDs Section 11 3 3 Mounting the SUSE Linux Enterprise Point o...

Page 167: ...EPOS dist SLE 11 POS i586 x86_64 CD1 After you have copied the CDs using POSCDTool or POSCopyTool KIWI can use the copied files to build images POSCDTool Command The copy command syntax for POSCDTool is as follows poscdtool pl copy type cd dir source source_media dest distribution_directory For example the following command copies the SUSE Linux Enterprise Point of Service CDs from a CD source to ...

Page 168: ...es FCS SP1 SP2 and so forth Under each revision directory are CD directories CD1 CD2 and so forth If you are maintaining the product CDs in another directory structure for example if you store the product CDs on an NFS server to provide a single point of installation for Administration and Branch Servers throughout your network you must link the source CDs to the distribution file structure IMPORT...

Page 169: ...Service to one on another Administration Server poscdtool pl mount source adminserver1 hd1 11 3 4 Generating AdminServer conf or Distribution xml The AdminServer conf and Distribution xml files define the paths to the distribution directories where you have copied the SUSE Linux Enterprise Point of Service CDs KIWI searches these paths to locate the RPM packages required to build images After the ...

Page 170: ...path opt SLES POS poscdtool pl generate The following command uses the default distribution directory structure to create only the AdminServer conf file in the default output path etc opt SLES POS poscdtool pl generate type conf The following command uses the default distribution directory structure to create only the Distribution xml document with the SLES image class The document is saved to the...

Page 171: ... images Image Creator can be started from YaST by choosing Miscellaneous Image Creator When Image Creator is started the Image Creator Configuration Overview dialog is shown It lists image configurations saved in the var lib SLEPOS system di rectory You can add delete or edit configurations from the list by using appropriate buttons in the dialog Images can be built from a newly added configuratio...

Page 172: ...a password to it in the Users tab NOTE Creating Images from Scratch Only image templates shipped with SUSE Linux Enterprise Point of Service are supported If you want to prepare your own image from scratch the SLE 11 SDK product must be used and kiwi desc packages installed The is no L3 support available for the SLE 11 SDK product 164 SUSE Linux Enterprise Point of Service Guide ...

Page 173: ... and then download a system image from the net work select Network Boot Image 6 The path in which the directory with the image will be created is set in the Output Directory The default value is determined by the template and you can leave it as it is 7 Package repositories used for creating the image are listed in the Package Repository table The templates include paths to the copies of the SUSE ...

Page 174: ...reating the image configuration Image Creator now downloads the repository metadata This action may take some time If the configured repositories are not valid Image Creator will report that 9 In the Image Configuration dialog add root and other needed users Other wise you can use the default values defined in the template To edit the set tings see Section 12 7 Image Configuration Settings page 17...

Page 175: ... files to the srv SLEPOS boot and srv SLEPOS image directories on the ad ministration server For more information see Section 4 5 Copying the Boot Image Files page 41 and Section 4 6 Copying the System Image Files page 43 12 3 Building Bootable CD Images with a System Image In environments where no suitable network infrastructure is available to boot SUSE Linux Enterprise Point of Service terminal...

Page 176: ...uld now be created using KIWI kiwi bootcd path_to_the_initrd For example kiwi bootcd initrd netboot SLEPOS11 i686 3 1 8 gz 4 After the image creation is completed burn the created ISO image to CD using any CD burning application for example Nautilus in GNOME or k3b in KDE 12 5 Building USB Stick Images with a System Image In environments where no suitable network infrastructure is available to boo...

Page 177: ...ge For example kiwi bootstick initrd usbboot SLEPOS11 i686 3 1 7 gz bootstick system configuration_name i686 1 0 0 NOTE Name Completion You can use to complete the filenames Available USB devices will be listed Enter the name of the device you want to use The initrd and system images will be copied to the disk and GRUB will be installed 12 6 Adding Installable Documentation in RPM Format To includ...

Page 178: ...Delete list are always uninstalled from the target image without any dependency checking To put packages on a list click in the list window and write the name of the packages with one name per line NOTE Deleted Dependencies If you add any package to a template based image make sure that itis not de pendant on any package set to be deleted Remove the dependencies from the Packages to Delete list be...

Page 179: ...ith System Configuration table you can specify directories to copy to the root directory of the resulting system For example add a directory with configuration files In the second table Directory with Scripts add scripts to the config directory to run after the installation of all the image packages Building Images with the Image Creator Tool 171 ...

Page 180: ......

Page 181: ...e physical extend For a detailed description of the image configuration procedure refer to Section 13 2 Preparing the Image Configuration page 178 Creating the Image Logical Extend The image itself is created using the data gathered in the physical extend The re sulting image is called logical extend The image creation process does not require user interaction but can be fine tuned by modifying th...

Page 182: ...A typical image configuration directory for SUSE Linux Enterprise Point of Service can include the following items config xml This file is used to define the image type base name repositories used to build the image profiles options and the package pattern list For a more detailed example of a typical SUSE Linux Enterprise Point of Service config xml refer to Exam ple 13 1 An Example config xml Im...

Page 183: ...e the RPMs below this directory and reference them by package name your_package in the config xml file root The root directory contains files scripts and directories to customize the image after the installation of all packages cdboot The cdboot directory is an optional directory holding all the data needed to create a bootable CD It includes the isolinux cfg isolinux msg and isolinux sh files nee...

Page 184: ...rpm force True rpm force defaultdestination var lib SLEPOS system images graphical default defaultdestination defaultroot var lib SLEPOS system chroot graphical default defaultroot preferences repository type rpm dir source path this repo repository repository type yast2 source path var lib SLEPOS dist SLEPOS 10 CD i586 CD1 repository packages type image package name xorg x11 packages packages typ...

Page 185: ... path to the repository you want to use In this example you would use source path this repo You would also need to specify the type of the repository in this case you would need to use rpm dir as you are referencing a mere collection of RPMs here Standard YaST package sources as you would get by copying the original media to a distribution directory Provide the repository type as yast2 and include...

Page 186: ...ge configuration file config xml to match your purpose 4a Check whether the value of defaultroot points to the proper directory for the chroot environment needed to build the image In this case it would be var lib SLEPOS system chroot graphical default 4b Check whether the value of defaultdestination points to the appro priate destination folder to hold the final image In this case it would be var...

Page 187: ...A chroot directory under var lib SLEPOS system chroot graphical default must not exist before you start preparing the image Remove any remainders of earlier image builds WARNING Directories Mounted with the bind Option When removing var lib SLEPOS system chroot graphical default make sure that no bind mount is done in that directory Those may be left over if a previous preparing process aborts une...

Page 188: ...ng the chroot environment with chroot var lib SLEPOS system chroot graphical default using the utilities available in the image to edit the configuration and exiting the chroot environment with exit Re run the imaging command kiwi create chroot graphical default destdir images graphical default For more information on the KIWI command and the options available to it run the kiwi help command NOTE ...

Page 189: ...ble network infrastructure is suitable to boot SUSE Linux Enterprise Point of Service terminals over the LAN you can use network boot images and boot clients using PXE To build network boot images with KIWI proceed as follows 1 Select the pxe image type in config xml as described in Section 13 1 Un derstanding the KIWI Configuration page 174 2 Run the prepare and create commands of KIWI as describ...

Page 190: ...twork is present CDs without a system image can be used for booting the client system The system image is downloaded from the network after the boot To build such images proceed as follows 1 Select the pxe image type in config xml as described in Section 13 1 Un derstanding the KIWI Configuration page 174 2 Run the prepare and create commands of KIWI as described in Section 13 3 Creating the KIWI ...

Page 191: ...er All data from the USB stick will be erased in the following step 5 Copy the image files to the USB stick using the following KIWI command kiwi bootstick path_to_initrd bootstick system path_to_system_image Available USB devices are listed Enter the name of the device to use The initrd and system images are copied to the disk and GRUB is installed 13 5 Deploying KIWI Images The deployment proces...

Page 192: ......

Page 193: ...uration reload or application restart on multiple Point of Service terminals from a single location admind is typically started by the xinetd super server but can be run as a regular service IMPORTANT admind with Limited Authentication Only admind does not provide strong authentication Its level of security is adequate only for systems that boot from the network thus relying on the integrity of th...

Page 194: ...ecommended because it poses a security risk to your system I uppercase i Does not require admind to verify the hostname This option is not recommended because it poses a security risk to your system P Provides verbose output to syslog v 14 1 2 admind conf The standard configuration information for admind is located in etc SLEPOS admind conf The file format typically appears as follows S hostname1 ...

Page 195: ...e must be wrapped in a script that executes the command in the background 14 2 adminc adminc distributes commands to Point of Service terminals running admind It sends a command string to list of IP addresses adminc attempts to connect to clients in parallel up to a specified maximum number adminc can also be used to start wake a series of terminals designated by MAC address 14 2 1 Command Line Op...

Page 196: ...xit Code 0 Node 192 168 99 12 Exit Code 65280 Node 192 168 99 13 Exit Code 0 14 3 posGetIP posGetIP is a helper script that is used in conjunction with adminc It finds all addresses for Point of Service terminals that are managed by the local Branch Server This tool must be run on the Branch Server Output is the list of addresses one line each Both IP and MAC addresses can be listed The default is...

Page 197: ...oip the IP addresses of the Point of Service terminals managed by the current Branch Server Prints the MAC address of all Point of Service terminals that are managed by the local Branch Sever mac 14 3 2 posGetIP Examples adminc command 6 posGetIP adminc wake posGetip mac noip 14 4 Installing admind on a Point of Service Terminal The following sections outline how to add admind to a terminal system...

Page 198: ...r Branch Server that you would like to run adminc on This allows the terminals to trust the designated box If you are running adminc from multiple stations they must be included in this list For example S branch local S branch2 local S localhost 4b Add all users with rights to execute commands on Point of Service terminals For example U root U tux 4c Add any additional commands you want to execute...

Page 199: ...ce Terminals page 89 14 5 Installing the admind Client on Administration and Branch Servers To install admind on an Administration or Branch Server 1 Install the admind client RPM on the Administration or Branch Server Start YaST Software Software Management and select admind client for installation NOTE It may also be necessary to install the tcpd xinetd and pidentd RPMs 2 Start identd using YaST...

Page 200: ......

Page 201: ...ux Enterprise Point of Service so you can decide which method suits your needs best WARNING Risk of Data Loss Before starting to reconfigure your SUSE Linux Enterprise Point of Service system take precaution against loss of data and do at a minimum an online logical backup to a local file as described in Section 15 3 Online Backup page 194 15 1 Offline Physical Backup An offline backup must be exe...

Page 202: ...erchange Format LDIF file named ldap datetime where datetime is the current date and time LDIF files are structured ASCII file that can be viewed for example with less The resulting output file can be archived backed up on offline media and restored with the slapadd command as described in Section 15 4 Restoring Data page 195 3 After the backup completes start the LDAP server by entering rcldap st...

Page 203: ...tructure for example o mycorp c us 2 To use LDAP with SSL enter the following instead ldapsearch x D adminDN w adminPassword H ldaps LDAPServer b baseDN ldap date F T Restoring an Online Backup page 196 describes how to restore an online backup 15 4 Restoring Data Procedure 15 1 Restoring an Offline Backup To restore offline backups you need to stop and restart the LDAP server afterward 1 Stop the...

Page 204: ...ase has been corrupted remove the database files in var lib ldap before restoring the online backup The LDAP server is able to run with an empty database 2 Restore the backup file taken with ldapsearch with either ldapadd x D adminDN w adminPassword H ldap LDAPServer f backupfile or ldapadd x D adminDN w adminPassword H ldaps LDAPServer f backupfile for secure LDAP communication with SSL 196 SUSE ...

Page 205: ...ng section describes frequently encountered difficulties with name resolution 16 1 1 Name Resolution Care must be taken to ensure that the system can resolve its own name to its IP address on the branch network especially when configuring the Branch Servers with posInitBranchserver sh If the system has only one network interface or if the eth0 interface is the branch network interface the correct ...

Page 206: ...ng DHCP to configure the external WAN network interface of the Branch Server set the DHCP client on the Branch Server to modify named conf instead of resolv conf in etc sysconfig network config The variables are MODIFY_RESOLV_CONF_DYNAMICALLY and MODIFY_NAMED_CONF_DYNAMICALLY The template file is prepared for this 16 1 2 Problems with Terminals after Branch Server Change When a Branch Server is ch...

Page 207: ...KIWI cannot determine which user groups GIDs are to be created in post installation scripts by the selected packages If there is a conflict between GIDs added in the user configuration and GIDs added by post installation scripts image building will fail Symptoms Image building fails with message groupadd GID 100 is not unique or similar Hints When you configure users to be created on the target sy...

Page 208: ... been deleted Make sure that there is enough space for new images even before old images have been deleted or delete old images before uploading new ones 16 2 3 Point of Service Terminal Configuration The process of registering new Point of Service terminals and updating the configuration information usually works without administrator intervention however it is a complex process To facilitate thi...

Page 209: ... Service downloads the latest client image version available on the Branch Server 16 2 4 Loading CDBoot Images If there are multiple CD drives in the Point of Service terminal there is no way to des ignate which CD drive to use the system chooses the first one it finds Symptoms If the Point of Service terminal does not find the drive with the boot CD it returns BIOS errors Solution To correct the ...

Page 210: ......

Page 211: ...ge of your Administration or Branch Server 1 Start YaST 2 In the YaST Control Center select System Choose Language 3 Select the desired language then click Accept The language selected in YaST applies to the operating system including YaST and the desktop environment If your system needs additional packages to support the new language you can install them with YaST A 2 Installing a Language RPMs T...

Page 212: ...Administration Server or Branch Server features is installed on your sys tem If the language is selected it is already installed on your system and you do not need to select it If the language is not selected it is not installed on your system Select the required language for installation 3 Click Accept to install the selected language support 4 Exit YaST 204 SUSE Linux Enterprise Point of Service...

Page 213: ...ry as the storage location for SUSE Linux Enterprise Point of Service scripts All the scripts can be controlled transparently using the posAdmin pl meta script as long as they are not run by cron The posAdmin pl script is designed to operate in the same way on the Administration Server as on the Branch Servers The basic mechanism for all actions image transfer to a Branch Server data readout from ...

Page 214: ...n for the entry The terminal s IP address and name are automatically generated and the MAC address is taken from the leases file These entries are like an outline 4 A search is made through the upload directory on the TFTP server for files of the pattern hwtype MAC that are being uploaded by Point of Service terminals registered from the DiskNetboot system The Point of Service hardware type is spe...

Page 215: ...d with the prefix TMP_ 4c The configuration files are renamed from TMP_ to their final names The srv tftpboot upload hwtype MAC file is deleted The registration of a newly detected Point of Service terminal is complete 5 posleases2ldap pl starts posldap2dns pl The zone files for the DNS server are regenerated from the directory data as a temporary file and renamed The DNS service is restarted if t...

Page 216: ...e infor mation is then used to configure the resolver etc resolv conf Usage poscheckip pl Files etc SLEPOS branchserver conf B 3 2 posInitBranchserver sh The purpose of posInitBranchserver sh is to generate the central configuration file for all other SUSE Linux Enterprise Point of Service scripts It is used on a Branch Server to generate header files needed for automated configuration of DNS and ...

Page 217: ...r information refer to Section 6 4 Creating Branch Server Objects in LDAP page 55 The poscheckip pl script also yields the domain name for this branch which is used to generate proper configuration header files for the DHCP and DNS services which in turn are needed for posldap2dns pl and posldap2dhcp pl The zone file header for posldap2dns pl is generated from etc SLEPOS template dns zonefile head...

Page 218: ...named conf etc SLEPOS template dhcpd conf header template etc SLEPOS template dns zonefile header template etc named d ldap_generated dns zonefile header etc SLEPOS dhcpd dhcpd conf header etc SLEPOS template resolv conf template etc resolv conf etc sysconfig network routes B 3 3 posInitAdminserver sh The purpose of posInitAdminserver sh is to configure the OpenLDAP directory server software and t...

Page 219: ...a template file etc SLEPOS template ldif pos template to create an LDAP data file etc SLEPOS template ldif pos which it then imports into the LDAP directory Now the initial LDAP di rectory structure is available on the Administration Server posInitAdminserver sh uses posReadPassword pl during the password entry to hide the password characters Usage Run posInitAdminserver sh on an Administration Se...

Page 220: ...reates or updates configuration files for Point of Service terminals Those configuration files are generated by gathering data from LDAP they contain the information required to boot the Point of Service terminal such as partition information image partitioning hard drive and so forth Function In normal operation posldap2crconfig pl does a part of what is done by posleases2ldap pl it looks for hwt...

Page 221: ...nf is used To avoid this behavior edit the following line in etc syslog ng syslog ng conf and change it as shown below emerg Usage posldap2crconfig pl dumpall Files etc SLEPOS branchserver conf B 3 5 posldap2dhcp pl posldap2dhcp pl generates the DHCP daemon configuration file from LDAP Function posldap2dhcp pl is called by posleases2ldap pl at regular intervals First all scLocation objects are loo...

Page 222: ...ing file and the command to restart the DHCP daemon is returned to be executed by posleases2ldap pl Usage posldap2dhcp pl is called by posleases2ldap pl Files etc SLEPOS branchserver conf etc dhcpd conf etc SLEPOS dhcpd dhcpd conf etc SLEPOS dhcpd dhcpd conf header B 3 6 posldap2dns pl posldap2dns pl generates DNS configuration and zone files from LDAP Function posldap2dns pl is called by poslease...

Page 223: ...nes is created It is included from within etc named conf If zones were changed posldap2dns pl returns the appropriate commands to restart the DNS service The commands are executed by posleases2ldap pl Usage posldap2dns pl is called by posleases2ldap pl Files etc SLEPOS branchserver conf etc named d ldap_generated etc named d ldap_generated dns zonefile header etc named d ldap_generated named zones...

Page 224: ...arameter d If started in this way posleases2ldap pl closes when the shell is closed Files etc SLEPOS branchserver conf srv tftpboot upload hwtype MAC B 3 8 posReadPassword pl posReadPassword pl is a helper script for password entry that does not show the entered password Functions posReadPassword pl is called by posInitAdminserver sh posInitEdir sh and posInitBranchserver sh for password entry pur...

Page 225: ...s pl reads the etc SLEPOS branchserver confconfigu ration file and uses the definitions POS_REMOTE_SYNC_COMMANDS and POS_LOCAL_SYNC_COMMANDS from that file POS_REMOTE_SYNC_COMMANDS contains a list of RSYNC commands that obtain the data from the Administration Server These commands are executed first On success the commands in the POS_LOCAL_SYNC_COMMANDS directory are exe cuted to update the final ...

Page 226: ......

Page 227: ...ry access control lists ACLs can be implemented in the slapd conf file etc SLEPOS branchserver conf The Branch Server directory contains the standard configuration file for Adminis tration and Branch Server etc SLEPOS dhcpd The dhcpd directory contains sample configuration files for the DHCP service provided by Branch Servers for Point of Service terminals etc SLEPOS keys The keys directory contai...

Page 228: ...stration Server the public key for the CA allows the Branch Servers to trust the Administration Server etc SLEPOS keys ca ca db certs This filecontains a database that tracks the server certificates the CA has signed etc SLEPOS keys ca ca key This files contains the CA s private key etc SLEPOS keys certs This file contains the Administration Server certificate and keys etc SLEPOS keys certs server...

Page 229: ...This file contains the template for the Branch Server configuration file etc SLEPOS template dhcpd conf header template This file contains the template for the DHCP services etc SLEPOS template dns zonefile header template This file contains the template for the DNS services etc SLEPOS template openldap template This file contains sysconfig template posInitAdminserver sh uses this data for LDAP co...

Page 230: ...onf srv SLEPOS certs ca crt This file contains the public key for the CA that signed the server certificate This is copied over to the rsync directory only if you enable LDAP SSL during instal lation of the Administration Server The CA s public key allows the Branch Server to trust the Administration Server srv SLEPOS config The config directory contains hardware configuration files that are distr...

Page 231: ...oint of Service automatically installs a CA and generates self signed certificates to secure communication between Administration and Branch Servers However the public key for the CA is distributed to the Branch Servers only if you enable LDAP SSL during installation For more information on setting up LDAP SSL see Sec tion 4 2 Initializing the LDAP Directory page 38 etc SLEPOS certs The certs dire...

Page 232: ...MPORTANT The DiskNetboot version date kernel version SLRS image must be copied to the srv SLEPOS rsync boot directory as linux before running posSynchImages pl on the Branch Server srv tftpboot boot initrd gz The initrd gz file contains the DiskNetboot gz image The initrd gz image provides the second bootstrap image used to PXE boot the Point of Service terminals IMPORTANT Preparations on The Bran...

Page 233: ...uration data If you have a custom distribution container SUSE Linux Enterprise Point of Service automatically gen erates custom pxelinux configuration files that distribute the kernel specified by that distribution directory The filename for custom pxelinux configuration files is the IP address of the booting client For example if the client IP address is 10 1 1 1 the filename of the corresponding...

Page 234: ...by the boot loader It is used to create bootable CDs and usr share kiwi image SLEPOS imagetype config sh The config sh contains an optional configuration script This scrtipt is executed at the end of the installation usr share kiwi image SLEPOS imagetype images sh The images shfile icontains an optional configuration script This scrtipt is exe cuted at the beginning of the image creation process u...

Page 235: ...IMAGETYPErepo This directory is the repository that contains RPM packages directly accessible in Image Creator Replace IMAGETYPE with either minimal VERSION or graphical VERSION var lib SLEPOS system distribution repo This directory holds image RPM packages selectable in Image Creator SUSE Linux Enterprise Point of Service Files and Directory Structure 227 ...

Page 236: ......

Reviews:

No comments

Related manuals for LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009

Brand: Philips Pages: 18

Brand: Sharp Pages: 16

AR-P17 Software setupg guide

Brand: Sharp Pages: 22

Brand: Sharp Pages: 39

Brand: Sharp Pages: 43

Brand: Sharp Pages: 48

MXUSX5 - Desk - PC

Brand: Sharp Pages: 91

e-Copy ShareScan OP 3.0

Brand: Sharp Pages: 144

PenCell IQ-9B01

Brand: Sharp Pages: 247

Brand: National Instruments Pages: 63

Brand: FujiFilm Pages: 21

Brand: FujiFilm Pages: 21

2521131 - Intel Wasp Motherboard

Brand: Intel Pages: 1

AVC HD Player 5.7

Brand: Elecard Pages: 39

DriverScanner 2010

Brand: UNIBLUE Pages: 12

Brand: Pharos Pages: 93

Brand: FARONICS Pages: 4

DEEP FREEZE ENTERPRISE - UPDATE PROCEDURE...

Brand: FARONICS Pages: 15

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands