YaST® and AutoYaSTMake The Difference
Thomas Göttlicher Jiří Šrain
Project Manager Project Manager
2
YaST
3
Security Center and Hardening Module
4
Security Center and Hardening
yast2 security
5
Security Center and Hardening (cont'd)
yast2 security
6
Debugging
7
Debugging
• Turn on debugging messages:Y2DEBUG=1 yast2 network
• Read YaST log file:
tail -f /var/log/YaST2/y2log
• Run the YaST debugger (byebug)
Y2DEBUGGER=1 yast2 network
8
Debugging (cont’d)
9
Feature: Hotkeys
10
Hotkeys
• Crtl + Shift + Alt + X Run xterm
• Shift + F7 Debug level
• Print Screenshot
• Shift + F8 Save logs
• Ctrl + Shift + Alt + M Start/stop macro recorder
• Ctrl + Shift + Alt + P Play macro
• Ctrl + Shift + Alt + S Style sheet editor
11
Feature: Themes
12
Themes in YaST2 QT
• Support for CSS-like stylesheets
• Customize installation
• For visually impaired users
• Default is style.qss or installation.qss in /usr/share/YaST2/theme/current/wizard/
• $Y2STYLE contains name of stylesheet
• Y2STYLE=installation.qss yast2 disk --qt
13
Themes in YaST2 QT (cont'd)
14
Themes in YaST2 QT (cont'd)
15
Themes in YaST2 QT (cont'd)
16
Themes in YaST2 ncurses
• File: /etc/sysconfig/yast2
• Variable: Y2NCURSES_COLOR_THEME=”mono”
• Also “braille” available for visually impaired
17
Themes in YaST2 ncurses (cont'd)
• File: /etc/sysconfig/yast2
• Variable: Y2NCURSES_COLOR_THEME=”mono”
• Also “braille” available for visually impaired
18
Feature: Driver Update
19
Driver Update
• Replace packages in your installation system
• Use RPM packages or cpio archives
• File on a web server contains a list of rpm packages
• Example file on http://foo.bar/list:
dud=http://foo.bar/bash.rpm dud=http://foo.bar/yast2.rpm
20
Driver Update (cont'd)
21
Driver Update (cont'd)
22
Feature: Automated Installer Update
23
Automated Installer Update
• Repository with installer updates available at updates.suse.com– Set of DUDs packaged as RPMs
• Updates applied transparently when requested– self_update=1 on kernel command-line to enable
– self_update=<url> enable with custom repository
– Restart of YaST necessary
• SMT support for networks without access to update server– Remember to mirror the installer updates repository
24
Feature: Remote Installation
25
Remote Installation
• Install SUSE® Linux Enterprise remotely over the network
• Configure settings at the boot prompt:
– Network:
hostip=192.168.1.123/24
– Installation source:
install=ftp://192.168.1.100/pub/suse
install=http://192.168.1.100/suse
26
Remote Installation (cont'd)
• Installation via:
– VNC (Virtual Network Computing)
vnc=1
vncpassword=susecon2016
– SSH (Secure Shell)
ssh=1
sshpassword=susecon2016
27
Remote Installation (cont'd)
28
Remote Installation (cont'd)
• Connect to host via vncviewer hostip :1
29
System Roles
30
System Roles
• Predefined default configuration
• Covers partitioning and software selection– Further areas covered in next releases
– Different settings for different scenarios
• System Roles in SLES12-SP2– Standard System
– KVM virtualization host
– XEN virtualization host
31
Macro Recorder
32
Macro Recorder
• Recorder and player for user interaction
• Records logical actions like – OK button pressed
– Username field contains “tux”
• Macros from text interface work in graphical interface and vice versa
• Automation for QA testers and power users
33
Macro Recorder (cont'd)
• Alt + Crtl + Shift + M Start recording
• Alt + Crtl + Shift + M Stop recording
34
Macro Recorder (cont'd)
• Play a recorded macro:
Alt + Ctrl + Shift + P
• Run macros from the command line:/usr/lib/YaST2/bin/y2base modulename qt --macro macro.ycp
• Macros are not a substitution for AutoYaST
35
AutoYaST
36
AutoYaST
● AutoYaST is the SUSE® Linux Enterprise automated installation method that leverages standard installation processes with predefined rules and responses to create reproduceable OS builds
● Caution: Can reduce the time to provision a new SUSE Linux Enterprise machine to less than 10 minutes
37
When to Use AutoYaST
• Linux is your primary OS or you need deployment on demand
• Dealing with a wide range of machines
• Constantly changing hardware or a wide variety of hardware
• Constantly changing software requirements
• Only installing a few machines at a time
• Staff has varying Linux expertise
38
When to Use Imaging
• Need to support multiple operating systems
• Have a large number of identical systems to support
• Limited applications to support or you are using an application deployment system (I.e., thin images and SUSE® Studio)
• Limited number of hardware platforms
• Few images are needed
39
SUSE® Manager
• Best of both worlds with support for AutoYaST, multi-cast and integrated support for SUSE Studio images.
40
Create an Installation Server
41
Installation Server Specification
• Disk Space
– 5GB plus enough disk space to hold the Linux distributions you will use
• Processor/RAM
– Any system fulfilling the requirements of SUSE Linux Enterprise Server
• Apache installed
– HTTP is easiest to use and URLs can be manipulated via Apache
– Windows and other operating systems can be used if you already have an existing web server
– Alternatively you can use FTP, NFS, or Samba for installation.
42
Firewall Settings
• Disable Firewall
– You can temporarily turn it off completely
– Re-enable after installation
• Or open the necessary ports
– HTTP (80), HTTPS (443), TFTP (69), DHCPD (547)
• YaST can help you
43
YaST: Configure Installation Server
YaST installs and configures Apache and copies the source media to the system
44
Verify the Installation Source
• Append e.g. /README if server forbids directory listing
45
Installing from Network
• Boot with standard installation DVD
46
Boot Options
• install=http://hostname/path/to/DVD1
• If there is no DHCP on your network, you can use:
– hostip=<ip address> netmask=<mask>
– ie: hostip=172.17.2.1 netmask=255.255.255.0
– use gateway=<gateway> if the Installation server is on a different subnet
47
Create an AutoYaST profile
48
Clone an Existing Machine
• Tools→Create Reference Profile
• File → Save
49
AutoYaST Profile
• Plain text, XML
• Can be customized using:– YaST Autoinstallation Module
– Text Editor (vi, emacs, kate, etc.)
• Experiment with the Autoinstallation module and view the changes made in the XML
50
Sample AutoYaST Profile
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<users config:type="list">
<user>
<username>root</username>
<user_password>myrootpassword</user_password>
<encrypted config:type="boolean">false</encrypted>
</user>
</users>
</profile>
51
AutoYaST Profile (cont’d)Most often changed settings
• <software>
– Selecting patterns is usually enough
– Individual packages can be selected if necessary
• <partitioning>
– Change <size> to fixed size for swap and other partitions (ie 2GB) and “auto” to span the remainder of the disk
• When profile was created as a machine clone, review the whole profile and remove any machine-specific settings
52
Starting AutoYaST installation
• install=http://hostname/path/to/DVD1
• autoyast2=http://hostname/path/to/profile.xml
53
Booting Installation from Network
54
Preboot Execution Environment (PXE)
Part of the firmware of most modern network cards, PXE leverages
DHCP (Dynamic Host Configuration Protocol) to find an available PXE
server to download a network bootstrap program (NBP) to the
computer's RAM using TFTP (Trivial File Transfer Protocol). Once in
RAM, the NBP can execute and download installation or other
software, removing the need for installation media.
55
Setting Up a PXE Server
• Find out the requirements– Different bootloader needed for legacy, uEFI, SecureBoot,…
– Install respective packages (DHCP server, TFTP, bootloader, xinetd)
• Copy the Linux kernel and initrd (initial ramdisk) from the source media (or installation directory):
– cp boot/x86_64/loader/linux /srv/tftpboot
– cp boot/x86_64/loader/initrd /srv/tftpboot
– Similarly for other architectures
56
Setting Up a PXE Server (cont’d)
• Configure the TFTP server– YaST can help you
– Create directory structure to hold the boot loader, kernel, initrd and config files
• Configure the DHCP server
– Following options need to be set:● allow booting;● allow bootp;● next-server 172.17.2.70; #TFTP server IP● filename "pxelinux.0"; #path on TFTP server
– May need to be set differently for different hosts
57
Upgrade with AutoYaST
58
Upgrade with AutoYaST
• Possible upgrade paths– From SLES11 to SLES12
– From one SLES12 service pack to a newer one
• Boot options
– autoupgrade=1 autoyast2=http://example/autoinst.xml
– autoupgrade=1 and leave the profile in the root of the system
59
New Sections in AutoYaST profile
• upgrade
• software
• networking
• backup
60
New Sections in AutoYaST profile (cont’d)
<upgrade> <only_installed_packages config:type="boolean"> false </only_installed_packages> <stop_on_solver_conflict config:type="boolean"> true </stop_on_solver_conflict></upgrade>
61
New Sections in AutoYaST profile (cont’d)
<software> <packages config:type="list"> <package>autoyast2-installation</package> </packages> <patterns config:type="list"> <pattern>base</pattern> </patterns> <remove-packages config:type="list"/> <remove-patterns config:type="list"/></software>
62
New Sections in AutoYaST profile (cont’d)
<networking> <keep_install_network config:type="boolean"> true </keep_install_network></networking>
63
New Sections in AutoYaST profile (cont’d)
<backup> <sysconfig config:type="boolean">true</sysconfig> <modified config:type="boolean">true</modified> <remove_old config:type="boolean">false</remove_old></backup>
64
Booting AutoYaST upgrade
65
AutoYaST Upgrade Summary
66
AutoYaST Upgrade: Dependency conflicts
• Dependency conflicts quite likely
• Require manual intervention
• Find adjusted profile in the system after upgrade
67
Session References
• TUT88423 - Upgrading SLES 11 to SLES 12
• TUT88693 - System Security Hardening
• HO88467 - SUSE Manager for Dummies v.3