yast and autoyast make the difference - suse linuxsetting up a pxe server (cont’d) • configure...

Click here to load reader

Post on 27-May-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • YaST® and AutoYaSTMake The Difference

    Thomas Göttlicher Jiří ŠrainProject Manager Project [email protected] [email protected]

  • 2

    YaST

  • 3

    Security Center and Hardening Module

  • 4

    Security Center and Hardening

    yast2 security

  • 5

    Security Center and Hardening (cont'd)

    yast2 security

  • 6

    Debugging

  • 7

    Debugging

    • Turn on debugging messages:Y2DEBUG=1 yast2 network

    • Read YaST log file:tail -f /var/log/YaST2/y2log

    • Run the YaST debugger (byebug)Y2DEBUGGER=1 yast2 network

  • 8

    Debugging (cont’d)

  • 9

    Feature: Hotkeys

  • 10

    Hotkeys

    • Crtl + Shift + Alt + X Run xterm• Shift + F7 Debug level• Print Screenshot• Shift + F8 Save logs• Ctrl + Shift + Alt + M Start/stop macro recorder• Ctrl + Shift + Alt + P Play macro• Ctrl + Shift + Alt + S Style sheet editor

  • 11

    Feature: Themes

  • 12

    Themes in YaST2 QT

    • Support for CSS-like stylesheets• Customize installation• For visually impaired users

    • Default is style.qss or installation.qss in /usr/share/YaST2/theme/current/wizard/

    • $Y2STYLE contains name of stylesheet• Y2STYLE=installation.qss yast2 disk --qt

  • 13

    Themes in YaST2 QT (cont'd)

  • 14

    Themes in YaST2 QT (cont'd)

  • 15

    Themes in YaST2 QT (cont'd)

  • 16

    Themes in YaST2 ncurses

    • File: /etc/sysconfig/yast2• Variable: Y2NCURSES_COLOR_THEME=”mono”• Also “braille” available for visually impaired

  • 17

    Themes in YaST2 ncurses (cont'd)

    • File: /etc/sysconfig/yast2• Variable: Y2NCURSES_COLOR_THEME=”mono”• Also “braille” available for visually impaired

  • 18

    Feature: Driver Update

  • 19

    Driver Update

    • Replace packages in your installation system• Use RPM packages or cpio archives• File on a web server contains a list of rpm packages• Example file on http://foo.bar/list:

    dud=http://foo.bar/bash.rpm dud=http://foo.bar/yast2.rpm

  • 20

    Driver Update (cont'd)

  • 21

    Driver Update (cont'd)

  • 22

    Feature: Automated Installer Update

  • 23

    Automated Installer Update

    • Repository with installer updates available at updates.suse.com– Set of DUDs packaged as RPMs

    • Updates applied transparently when requested– self_update=1 on kernel command-line to enable

    – self_update= enable with custom repository– Restart of YaST necessary

    • SMT support for networks without access to update server– Remember to mirror the installer updates repository

  • 24

    Feature: Remote Installation

  • 25

    Remote Installation

    • Install SUSE® Linux Enterprise remotely over the network

    • Configure settings at the boot prompt:

    – Network:hostip=192.168.1.123/24

    – Installation source:install=ftp://192.168.1.100/pub/suseinstall=http://192.168.1.100/suse

  • 26

    Remote Installation (cont'd)

    • Installation via:

    – VNC (Virtual Network Computing)vnc=1vncpassword=susecon2016

    – SSH (Secure Shell)ssh=1sshpassword=susecon2016

  • 27

    Remote Installation (cont'd)

  • 28

    Remote Installation (cont'd)

    • Connect to host via vncviewer hostip :1

  • 29

    System Roles

  • 30

    System Roles

    • Predefined default configuration

    • Covers partitioning and software selection– Further areas covered in next releases– Different settings for different scenarios

    • System Roles in SLES12-SP2– Standard System– KVM virtualization host– XEN virtualization host

  • 31

    Macro Recorder

  • 32

    Macro Recorder

    • Recorder and player for user interaction

    • Records logical actions like – OK button pressed– Username field contains “tux”

    • Macros from text interface work in graphical interface and vice versa

    • Automation for QA testers and power users

  • 33

    Macro Recorder (cont'd)

    • Alt + Crtl + Shift + M Start recording

    • Alt + Crtl + Shift + M Stop recording

  • 34

    Macro Recorder (cont'd)

    • Play a recorded macro:Alt + Ctrl + Shift + P

    • Run macros from the command line:/usr/lib/YaST2/bin/y2base modulename qt --macro macro.ycp

    • Macros are not a substitution for AutoYaST

  • 35

    AutoYaST

  • 36

    AutoYaST

    ● AutoYaST is the SUSE® Linux Enterprise automated installation method that leverages standard installation processes with predefined rules and responses to create reproduceable OS builds

    ● Caution: Can reduce the time to provision a new SUSE Linux Enterprise machine to less than 10 minutes

  • 37

    When to Use AutoYaST

    • Linux is your primary OS or you need deployment on demand

    • Dealing with a wide range of machines

    • Constantly changing hardware or a wide variety of hardware

    • Constantly changing software requirements

    • Only installing a few machines at a time

    • Staff has varying Linux expertise

  • 38

    When to Use Imaging

    • Need to support multiple operating systems

    • Have a large number of identical systems to support

    • Limited applications to support or you are using an application deployment system (I.e., thin images and SUSE® Studio)

    • Limited number of hardware platforms

    • Few images are needed

  • 39

    SUSE® Manager

    • Best of both worlds with support for AutoYaST, multi-cast and integrated support for SUSE Studio images.

  • 40

    Create an Installation Server

  • 41

    Installation Server Specification

    • Disk Space– 5GB plus enough disk space to hold the Linux distributions you will use

    • Processor/RAM– Any system fulfilling the requirements of SUSE Linux Enterprise Server

    • Apache installed– HTTP is easiest to use and URLs can be manipulated via Apache– Windows and other operating systems can be used if you already have an

    existing web server– Alternatively you can use FTP, NFS, or Samba for installation.

  • 42

    Firewall Settings

    • Disable Firewall– You can temporarily turn it off completely– Re-enable after installation

    • Or open the necessary ports– HTTP (80), HTTPS (443), TFTP (69), DHCPD (547)

    • YaST can help you

  • 43

    YaST: Configure Installation Server

    YaST installs and configures Apache and copies the source media to the system

  • 44

    Verify the Installation Source

    • Append e.g. /README if server forbids directory listing

  • 45

    Installing from Network

    • Boot with standard installation DVD

  • 46

    Boot Options

    • install=http://hostname/path/to/DVD1

    • If there is no DHCP on your network, you can use:– hostip= netmask=– ie: hostip=172.17.2.1 netmask=255.255.255.0– use gateway= if the Installation server is on a different subnet

    http://hostname/path/to/DVD1

  • 47

    Create an AutoYaST profile

  • 48

    Clone an Existing Machine

    • Tools→Create Reference Profile• File → Save

  • 49

    AutoYaST Profile

    • Plain text, XML

    • Can be customized using:– YaST Autoinstallation Module– Text Editor (vi, emacs, kate, etc.)

    • Experiment with the Autoinstallation module and view the changes made in the XML

  • 50

    Sample AutoYaST Profile

    root

    myrootpassword

    false

  • 51

    AutoYaST Profile (cont’d)Most often changed settings

    • – Selecting patterns is usually enough– Individual packages can be selected if necessary

    • – Change to fixed size for swap and other partitions (ie 2GB) and “auto” to span

    the remainder of the disk

    • When profile was created as a machine clone, review the whole profile and remove any machine-specific settings

  • 52

    Starting AutoYaST installation

    • install=http://hostname/path/to/DVD1• autoyast2=http://hostname/path/to/profile.xml

    http://hostname/path/to/DVD1http://hostname/path/to/profile.xml

  • 53

    Booting Installation from Network

  • 54

    Preboot Execution Environment (PXE)

    Part of the firmware of most modern network cards, PXE leverages DHCP (Dynamic Host Configuration Protocol) to find an available PXE server to download a network bootstrap program (NBP) to the computer's RAM using TFTP (Trivial File Transfer Protocol). Once in RAM, the NBP can execute and download installation or other software, removing the need for installation media.

  • 55

    Setting Up a PXE Server

    • Find out the requirements– Different bootloader needed for legacy, uEFI, SecureBoot,…– Install respective packages (DHCP server, TFTP, bootloader, xinetd)

    • Copy the Linux kernel and initrd (initial ramdisk) from the source media (or installation directory):– cp boot/x86_64/loader/linux /srv/tftpboot– cp boot/x86_64/loader/initrd /srv/tftpboot– Similarly for other architectures

  • 56

    Setting Up a PXE Server (cont’d)

    • Configure the TFTP server– YaST can help you– Create directory structure to hold the boot loader, kernel, initrd and config files

    • Configure the DHCP server– Following options need to be set:

    ● allow booting;● allow bootp;● next-server 172.17.2.70; #TFTP server IP● filename "pxelinux.0"; #path on TFTP server

    – May need to be set differently for different hosts

  • 57

    Upgrade with AutoYaST

  • 58

    Upgrade with AutoYaST

    • Possible upgrade paths– From SLES11 to SLES12– From one SLES12 service pack to a newer one

    • Boot options– autoupgrade=1 autoyast2=http://example/autoinst.xml– autoupgrade=1 and leave the profile in the root of the system

    http://example/autoinst.xml

  • 59

    New Sections in AutoYaST profile

    • upgrade

    • software

    • networking

    • backup

  • 60

    New Sections in AutoYaST profile (cont’d)

    false true

  • 61

    New Sections in AutoYaST profile (cont’d)

    autoyast2-installation base

  • 62

    New Sections in AutoYaST profile (cont’d)

    true

  • 63

    New Sections in AutoYaST profile (cont’d)

    true true false

  • 64

    Booting AutoYaST upgrade

  • 65

    AutoYaST Upgrade Summary

  • 66

    AutoYaST Upgrade: Dependency conflicts

    • Dependency conflicts quite likely

    • Require manual intervention

    • Find adjusted profile in the system after upgrade

  • 67

    Session References

    • TUT88423 - Upgrading SLES 11 to SLES 12

    • TUT88693 - System Security Hardening

    • HO88467 - SUSE Manager for Dummies v.3

  • Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68