IT training apress the definitive guide to SUSE linux enterprise server dec 2006

MAGENTA YELLOW BLACK PANTONE 123 CV 1.375 INCH BULK -- 720 pages -- 50# Thor Sander van Vugt The Definitive Guide to SUSE Linux Enterprise Server Everything you need to know to install,

MAGENTA

YELLOW BLACK PANTONE 123 CV

(1.375 INCH BULK 720 pages 50# Thor)

Sander van Vugt

The Definitive Guide to

SUSE Linux

Enterprise Server

Everything you need to know to install, configure, and administer Novell’s SUSE Linux Enterprise Server platform!

The Definitive Guide to SUSE Linux Enterprise Server

Dear Reader,You hold in your hands the only book you need about SUSE Linux EnterpriseServer, regardless of whether you are a beginner or you already have extensiveexperience with any Linux distribution In this book, you’ll learn everythingyou need to know in order to install, configure, and manage SUSE LinuxEnterprise Server 10 on a day-to-day basis

I wrote this book with the goal of it being a complete guide that will let youimmediately configure any of the most important services that SUSE LinuxEnterprise Server 10 has to offer It was my goal to be complete and clear, thusserving both novice and advanced users

The book starts by covering all the aspects of installation and then moves on

to explore the graphical interface I then explain how to set up the staples of astrong enterprise server system, such as e-mail, DNS, and the Web In addition,you’ll find coverage of advanced topics such as Heartbeat cluster configuration,OCFS2 configuration, Xen virtualization, AppArmor application security, andperformance optimization

Whether you’re installing your first SUSE Linux server or are interested inexpanding your knowledge, this is the book for you!

Sander van Vugt

From Novice to Professional

Beginning SUSE Linux:

From Novice to Professional,Second Edition

From Bash to Z Shell:

Conquering the Command Line

The Definitive Guide toSUSE LinuxEnterprise Server

Pro DNS and BINDPro OpenSSH

Covers SUSE Linux Enterprise 10!

The Definitive Guide

to SUSE Linux

Enterprise Server

Sander van Vugt

The Definitive Guide to SUSE Linux Enterprise Server

Copyright © 2006 by Sander van Vugt

All rights reserved No part of this work may be reproduced or transmitted in any form or by any means,electronic or mechanical, including photocopying, recording, or by any information storage or retrievalsystem, without the prior written permission of the copyright owner and the publisher

ISBN-13: 978-1-59059-708-8

ISBN-10: 1-59059-708-7

Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1

Trademarked names may appear in this book Rather than use a trademark symbol with every occurrence

of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademarkowner, with no intention of infringement of the trademark

The Novell logo is a registered trademark and the Gecko graphic element is a trademark of Novell, Inc

in the United States and other countries; logo usage in this publication has been approved by Novell.Lead Editors: Jason Gilmore and Keir Thomas

Technical Reviewer: Rob Bastiaansen

Editorial Board: Steve Anglin, Ewan Buckingham, Gary Cornell, Jason Gilmore, Jonathan Gennick,Jonathan Hassell, James Huddleston, Chris Mills, Matthew Moodie, Dominic Shakeshaft, Jim Sumser,Keir Thomas, Matt Wade

Project Manager: Denise Santoro Lincoln

Copy Edit Manager: Nicole Flores

Copy Editor: Kim Wimpsett

Assistant Production Director: Kari Brooks-Copony

Production Editor: Ellie Fountain

Compositor: Linda Weidemann, Wolf Creek Press

Proofreader: Elizabeth Berry

Indexer: Julie Grady

Artist: Kinetic Publishing Services, LLC

Cover Designer: Kurt Krames

Manufacturing Director: Tom Debolski

Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor,New York, NY 10013 Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders-ny@springer-sbm.com,

or visit http://www.springeronline.com

For information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219, Berkeley,

CA 94710 Phone 510-549-5930, fax 510-549-5939, e-mail info@apress.com, or visit http://www.apress.com.The information in this book is distributed on an “as is” basis, without warranty Although every pre-caution has been taken in the preparation of this work, neither the author(s) nor Apress shall have anyliability to any person or entity with respect to any loss or damage caused or alleged to be caused directly

or indirectly by the information contained in this work

7087fmfinal.qxd 11/8/06 10:55 PM Page ii

This book is dedicated to my oldest son, Franck.

Alex, the next one will be yours.

Contents at a Glance

About the Author xxiii

About the Technical Reviewer xxv

Acknowledgments xxvii

Introduction xxix

PART 1 ■ ■ ■ Getting Familiar with SUSE Linux Enterprise Server ■ CHAPTER 1 Installing SUSE Linux Enterprise Server 3

■ CHAPTER 2 Exploring SUSE Linux Enterprise Server 29

■ CHAPTER 3 Managing SUSE Linux Enterprise Server with YaST 49

■ CHAPTER 4 Finding Your Way on the Command Line 73

PART 2 ■ ■ ■ Administering SUSE Linux Enterprise Server ■ CHAPTER 5 Managing Users and Groups 91

■ CHAPTER 6 Managing Linux Permissions 109

■ CHAPTER 7 Performing Daily File System Management Tasks 125

■ CHAPTER 8 Configuring Storage 139

■ CHAPTER 9 Managing Software 165

■ CHAPTER 10 Managing the Boot Procedure 179

■ CHAPTER 11 Managing Processes 203

■ CHAPTER 12 Using System Logging 215

iv

7087fmfinal.qxd 11/8/06 10:55 PM Page iv

PART 3 ■ ■ ■ Networking SUSE Linux

Enterprise Server

■ CHAPTER 13 Connecting to the Network 231

■ CHAPTER 14 Configuring a CUPS Print Server 267

■ CHAPTER 15 Sharing Files with SUSE Linux Enterprise Server 285

■ CHAPTER 16 Configuring a Mail Server 317

■ CHAPTER 17 Working with OpenLDAP 341

■ CHAPTER 18 Enabling Remote Access 369

■ CHAPTER 19 Configuring xinetd 383

■ CHAPTER 20 Configuring SUSE Linux Enterprise Server As an NTP Time Server 393

■ CHAPTER 21 Managing Cryptography 401

■ CHAPTER 22 Configuring the Apache Web Server 419

■ CHAPTER 23 Configuring DNS 437

■ CHAPTER 24 Configuring a DHCP Server 461

■ CHAPTER 25 Configuring the Squid Web Proxy Cache 479

■ CHAPTER 26 Understanding the Kernel 493

■ CHAPTER 27 Introducing Shell Scripting 503

■ CHAPTER 28 Tuning and Optimizing SUSE Linux 527

PART 4 ■ ■ ■ Advanced SUSE Linux Enterprise Server Configuration ■ CHAPTER 29 Configuring SUSE Linux Enterprise Server 10 for High-Availability Clustering 543

■ CHAPTER 30 Managing Access with the SUSE Firewall 573

■ CHAPTER 31 Using Xen to Create a Virtual Environment 593

■ CHAPTER 32 Using AppArmor to Secure Applications 609

■ CHAPTER 33 Configuring Service Location Protocol 621

■ CHAPTER 34 Troubleshooting SUSE Linux Enterprise Server 631

■ CHAPTER 35 Creating an Installation Server 647

■ INDEX 663

v

7087fmfinal.qxd 11/8/06 10:55 PM Page vi

About the Author xxiii

About the Technical Reviewer xxv

Acknowledgments xxvii

Introduction xxix

PART 1 ■ ■ ■ Getting Familiar with SUSE Linux Enterprise Server ■ CHAPTER 1 Installing SUSE Linux Enterprise Server 3

Meeting the Installation Requirements 3

Starting the Installation 3

Preparing the Installation 6

Selecting What to Install 10

Configuring the Server 14

Summary 28

■ CHAPTER 2 Exploring SUSE Linux Enterprise Server 29

Logging In 29

Exploring the Linux User Accounts 29

Working with Virtual Consoles 30

Getting Administrative Access 31

Finding Your Way in the File System 32

Exploring the Default Directories 32

Performing Essential Tasks in the File System 38

Working with the GNOME Interface 40

Using the GNOME Menu 40

Working with More Applications 42

Modifying the GNOME Desktop 45

Adding Items to the Desktop 45

Changing the Menu 46

Modifying Other Desktop Items 46

Summary 47

vii

■ CHAPTER 3 Managing SUSE Linux Enterprise Server with YaST 49

Exploring YaST Options 49

The Software Menu 50

The Hardware Menu 51

The System Menu 57

Network Devices 62

Network Services 62

Novell AppArmor 66

Security and Users 66

Miscellaneous Options 70

Working with YaST and Its Configuration Files 70

Working with YaST Modules 71

Summary 72

■ CHAPTER 4 Finding Your Way on the Command Line 73

Working with the Bash Shell 73

Making the Most of Bash 73

Knowing the Important Key Sequences 74

Working with the Bash History 74

Performing Basic File System Management Tasks 76

Working with Directories 76

Working with Files 76

Viewing the Content of Text Files 78

Creating Empty Files 78

Using Piping and Redirection 79

Using Piping 79

Using Redirection 79

Finding Files 81

Working with an Editor 82

Exploring the vi modes 82

Saving and Quitting 82

Cutting, Copying, and Pasting 83

Deleting Text 83

Getting Help 83

Using man to Get Help 84

Using the help Option 86

Learning More About Installed Packages 86

Summary 87

■C O N T E N T S

viii

7087fmfinal.qxd 11/8/06 10:55 PM Page viii

PART 2 ■ ■ ■ Administering SUSE Linux

Enterprise Server

■ CHAPTER 5 Managing Users and Groups 91

Managing Users 91

Using Commands for User Management 91

Assigning Users to Groups 92

Managing the UID 93

Setting a Default Shell 93

Managing Passwords 94

Modifying and Deleting User Accounts 95

Going Behind the Commands: Configuration Files 96

/etc/passwd 96

/etc/shadow 98

/etc/login.defs 98

/etc/default/passwd 99

Managing Users with YaST 99

Managing Groups 100

Using Commands for Group Management 101

Going Behind the Commands: /etc/group 101

Managing Authentication: PAM 102

Creating a Default Policy for Security 103

Discovering PAM Modules 104

Managing the User’s Shell Environment 107

Creating Shell Login Scripts 107

Displaying Messages to Users Logging In 108

Summary 108

■ CHAPTER 6 Managing Linux Permissions 109

Granting Read, Write, and Execute: The Three Basic Linux Permissions 109

Understanding Permissions and the Concept of Ownership 110

Changing File Ownership 111

Understanding Group Ownership 111

Working with Advanced Linux Permissions 112

Setting Permissions 114

Using chmod to Change Permissions 114

Using umask to Set Default Permissions 116

Working with Access Control Lists 117

Using ACLs to Grant Permissions to More Than One Object 118

Working with ACL Masks 119

Using Default ACLs 119

Understanding ACL Limitations 120

Applying File Attributes 120

Apply Quota to Allow a Maximum Amount of Files 121

Installing the Quota Software 122

Preparing the File System for the Quota 122

Initializing the Quota 123

Setting the Quota for Users and Groups 123

Starting the Quota Service 124

Summary 124

■ CHAPTER 7 Performing Daily File System Management Tasks 125

Mounting Devices 125

Using the Mount Command 125

Unmounting Devices 128

Automating Mounts with /etc/fstab 128

Checking File System Integrity 130

Working with Links 130

Understanding Why You Want to Use Links 131

Working with Symbolic Links 131

Working with Hard Links 132

Creating Backups 132

Using tar to Create and Restore Backups 132

Working with Magnetic Tapes 135

Using dd to Make a Backup 135

Using rsync to Synchronize Files 136

Automating Backups with cron 136

Summary 138

■ CHAPTER 8 Configuring Storage 139

Comparing File Systems 139

Using ext2 139

Using ext3 142

Using ReiserFS 143

Using XFS 144

Creating File Systems 146

Designing a Partition Layout 146

Creating Traditional Partitions 147

Working with Logical Volumes 151

■C O N T E N T S

x

7087fmfinal.qxd 11/8/06 10:55 PM Page x

Setting Up a Software RAID 159

Understanding Your RAID Options 160

Setting Up RAID 0 from the Command Line 160

Creating a RAID 5 Array Using YaST 161

Managing the RAID Array 163

Summary 164

■ CHAPTER 9 Managing Software 165

Installing Software with YaST 165

Installing from the Installation Media 165

Selecting the Installation Source 168

Installing Nondefault Software with YaST 170

Updating Software 170

Compiling Software from Source 174

Working with RPM 175

Following the RPM Naming Convention 176

Rebuilding the RPM Database 176

Working with the rpm Command 176

Managing Libraries 177

Summary 178

■ CHAPTER 10 Managing the Boot Procedure 179

Using GRUB and Its Configuration 179

Working with the GRUB Configuration File 180

Installing GRUB 183

Working with the GRUB Boot Menu 189

Understanding the Kernel and Its initrd 189

Using Init and /etc/inittab 189

Working with the Boot Scripts 194

Manually Tuning the Initial Boot Phase 194

Using YaST to Tune the Initial Boot Procedure 196

Including Your Own Services in boot.local 197

Managing Services Start-Up 197

Understanding the Concept of Runlevels 197

Adding Services to a Runlevel Manually 198

Using YaST to Add Services to a Runlevel 201

Summary 202

■ CHAPTER 11 Managing Processes 203

Understanding the Different Kinds of Processes 203

Running in the Foreground and Background 204

Performing Day-to-Day Process Management 205

Tuning Process Activity 205

Using Other Tools to Monitor System Activity 208

Terminating Processes 210

Setting Process Priority 211

Scheduling Processes 212

Configuring the cron Service 212

Executing Once with at 214

Summary 214

■ CHAPTER 12 Using System Logging 215

Reading the Boot Messages 215

Getting Hardware Information 217

Browsing the /proc File System 217

Using YaST Hardware Information 219

Using the syslog-ng Service 220

Introducing syslog-ng 220

Understanding syslog-ng.conf 221

Monitoring Log Files 223

Rotating Log Files 224

Summary 227

PART 3 ■ ■ ■ Networking SUSE Linux Enterprise Server ■ CHAPTER 13 Connecting to the Network 231

Configuring the Network Interface with YaST 231

Adding a Network Card Manually 234

Configuring the Network Interface from the Command Line 240

Working with the network Script 240

Using ifup, ifdown, and Related Tools 241

Using ifconfig 242

Using the ip Tool 244

Managing IPv6 247

IPv6 Addressing 247

Address Types 248

The Neighbor Discovery Protocol 248

Assigning IPv6 Addresses in SUSE Linux Enterprise Server 248

■C O N T E N T S

xii

7087fmfinal.qxd 11/8/06 10:55 PM Page xii

Managing Routes 249

Setting the Default Route with route 249

Using the ip Tool to Specify the Default Gateway 251

Storing Routing Information 251

Configuring the DNS Resolver 251

The Role of nsswitch.conf 252

Using /etc/hosts 252

Tuning and Troubleshooting 253

Testing Connectivity 253

Testing Routability 254

Testing Availability of Services 255

Monitoring the Network Interface 259

Monitoring Network Traffic 261

Using the GNOME Network Tools 264

Summary 265

■ CHAPTER 14 Configuring a CUPS Print Server 267

Installing a CUPS Printer 267

Understanding CUPS 270

Managing CUPS 271

Managing CUPS with YaST 271

Using the Web Interface for CUPS Management 277

Tuning the CUPS Environment from the Command Line 279

Configuring CUPS Clients 282

Installing a Linux CUPS Client 282

Installing Windows As a Client for CUPS 283

Summary 284

■ CHAPTER 15 Sharing Files with SUSE Linux Enterprise Server 285

Sharing Files with NFS 285

Using the NFS Server 285

Configuring an NFS Server 287

Configuring an NFS Client 291

Tuning and Monitoring the NFS Server 294

Sharing Files with Samba 294

Recognizing Samba Server Possibilities and Impossibilities 294

Configuring the Samba Server 295

Integrating CUPS with Samba 300

Setting Up Samba As a Domain Controller 302

Configuring Samba with YaST 304

Implementing Client Access to the Samba Server 312

Offering Files with FTP 314

Configuring the pure-ftpd Server 314

Starting the pure-ftpd Server 315

Summary 316

■ CHAPTER 16 Configuring a Mail Server 317

Understanding How a Mail Solution Works 317

Configuring the Postfix MTA 318

Handling Inbound and Outbound Mail 318

Managing Postfix Components 322

Configuring the Master Daemon 323

Configuring Global Settings 324

Tuning Postfix with Lookup Tables 328

Using Postfix Management Tools 332

Receiving E-mail Using IMAP or POP3 333

Fetching E-mail Using Cyrus IMAPd 333

Filtering Incoming E-mail with Procmail 335

Getting E-mail with POP3 Using Qpopper 336

Using YaST to Set Up an MTA 337

Summary 340

■ CHAPTER 17 Working with OpenLDAP 341

Centralizing Vital Information 341

Structure of an LDAP Directory 342

The LDAP Hierarchy 342

OpenLDAP Files and Directories 343

Installing an OpenLDAP Directory with YaST 344

Configuring the OpenLDAP Server During Installation 344

Configuring OpenLDAP on an Operational Server 347

Setting Up the SUSE Linux Enterprise Server LDAP Client 354

Tuning LDAP Configuration Files 359

Configuring the OpenLDAP Server 359

Configuring the LDAP Client 363

Adding, Querying, and Modifying Entries in the Directory 364

Creating LDIF Files 364

Adding Entries with ldapadd 366

Modifying Entries with ldapmodify 366

Deleting Entries with ldapdelete 366

Using ldapsearch to Query the Directory 366

Summary 367

■C O N T E N T S

xiv

7087fmfinal.qxd 11/8/06 10:55 PM Page xiv

■ CHAPTER 18 Enabling Remote Access 369

Understanding How Secure Shell Works 369

Working with Public/Private Key Pairs 370

Working with Secure Shell 370

Configuring SSH 372

Using Key-Based Authentication 374

Introducing Cryptography 374

Using Public/Private Key–Based Authentication in an SSH Environment 375

Setting Up SSH for Key-Based Authentication 375

Caching Keys with ssh-agent 376

Tunneling Traffic with SSH 377

Using X-Forwarding 377

Using Generic TCP Port Forwarding 378

Using Other Methods for Remote Access 379

Using VNC for Remote Access to Graphical Screens 379

Enabling VNC via xinetd 381

Securing VNC Remote Access with SSH 381

Using screen to Synchronize Remote Sessions 382

Summary 382

■ CHAPTER 19 Configuring xinetd 383

Configuring xinetd with YaST 383

Tuning xinetd by Hand 386

Managing the xinetd Daemon 386

Setting Default Behavior 386

Tuning the Individual Services 389

Tuning Access to Services with TCP Wrapper 390

Working with /etc/hosts.allow and /etc/hosts.deny 390

Why You Shouldn’t Use TCP Wrapper 392

Summary 392

■ CHAPTER 20 Configuring SUSE Linux Enterprise Server As an NTP Time Server 393

Understanding NTP Fundamentals 393

Configuring a Stand-Alone NTP Time Server 395

Configuring ntp.conf 395

Pulling or Pushing the Time 396

Tuning Your NTP Server 396

Using the NTP Drift File 396

Using the NTP Log File 397

Securing Your NTP Server 397

Configuring an NTP Client 398

Checking NTP Synchronization Status 398

Summary 400

■ CHAPTER 21 Managing Cryptography 401

Introducing SSL 401

Public and Private Keys 402

The Need for a Certificate Authority 402

Managing Certificates 403

Creating Certificates and a Certificate Authority with YaST 403

Other YaST Certificate Authority Management Options 413

The Common Server Certificate Interface 414

Managing Certificates from the Command Line 414

Summary 417

■ CHAPTER 22 Configuring the Apache Web Server 419

Understanding How a Web Server Works 419

Installing Apache on SUSE Linux Enterprise Server 420

Installing the Right Packages 420

Starting, Stopping, and Testing the Apache Web Server 421

Exploring the Configuration Files 423

Understanding the Structure of the Apache Configuration Files 423

Checking the Configuration 424

Configuring Apache with YaST 424

Working with Virtual Hosts 429

Managing Access to the Web Server 431

Configuring Host-Based Access Restrictions 431

Configuring User-Based Access Restrictions 432

Using OpenSSL for Encrypted Connections 434

Performance Tuning Your Web Server 436

Summary 436

■C O N T E N T S

xvi

7087fmfinal.qxd 11/8/06 10:55 PM Page xvi

■ CHAPTER 23 Configuring DNS 437

Introducing DNS 437

Methods of Name Resolving 437

Organization of the DNS Hierarchy 439

Master and Slave Servers 440

Connecting the Name Servers in the Hierarchy 440

DNS and Reversed DNS 441

Configuring DNS 442

Configuring DNS with YaST 442

Configuring DNS from Its Configuration Files 453

Securing Zone Transfers 457

Summary 459

■ CHAPTER 24 Configuring a DHCP Server 461

Understanding How DHCP Works 461

Configuring a DHCP Server from YaST 462

Configuring the DHCP Service Manually 469

The DHCP Process 470

The Configuration File /var/lib/dhcp/etc/dhcpd.conf 470

The Start-up Configuration File /etc/sysconfig/dhcpd 472

Setting Advanced Configuration Options 473

Integrating DHCP and DNS 473

The DHCP Relay Agent 475

Setting Up DHCP Failover 475

Summary 477

■ CHAPTER 25 Configuring the Squid Web Proxy Cache 479

Introducing Squid 479

Installing Squid and Performing the Initial Configuration 480

Network Tags 481

Defining Cache Settings 481

Specifying Log Files and Cache Directories 482

Optimizing Squid Performance 483

Timeout Settings 484

Generic Settings 485

Securing the Proxy with ACLs 485

Configuring User Authentication 487

Squid and URL Filtering 489

Configuring Squid for SSL Traffic 489

Configuring Clients for Squid Usage 490

Using Squid As a Transparent Proxy 490

Summary 491

■ CHAPTER 26 Understanding the Kernel 493

Understanding Kernel Modules 493

Tuning initrd 494

Loading Modules on Boot 494

Loading Modules Manually 494

Loading Modules Automatically 495

Using udev to Load Kernel Modules 496

Tuning the Kernel Source Files (or Not) 499

Understanding SUSE Kernel Backgrounds 499

Configuring the Kernel 500

Patching the Kernel 501

Summary 502

■ CHAPTER 27 Introducing Shell Scripting 503

Getting Started 503

To Script or Not to Script? 503

What Shell? 504

Basic Elements of a Shell Script 504

Making It Executable 505

Making a Script Interactive 507

Working with Arguments 508

Regular Expressions 509

Working with Variables 510

Command Substitution 510

Changing Variables 511

Substitution Operators 511

Pattern-Matching Operators 513

Performing Calculations in Scripts 514

Using Flow Control 517

Using if then else 518

case 520

while 522

until 522

for 523

Using a Stream Editor 523

Working with Functions 524

Summary 525

■C O N T E N T S

xviii

7087fmfinal.qxd 11/8/06 10:55 PM Page xviii

■ CHAPTER 28 Tuning and Optimizing SUSE Linux 527

Managing Memory 527

Optimizing Usage of Swap Space 528

Monitoring Swap Activity 529

Adding Swap Space on the Fly 529

Using ulimit to Set Resource Limits 530

Tuning the Kernel 531

Understanding the /proc File System 531

Using procinfo 533

Tuning the Kernel 534

Using the Powertweak Utility 537

Crashes and Core Dumps 538

Summary 540

PART 4 ■ ■ ■ Advanced SUSE Linux Enterprise Server Configuration ■ CHAPTER 29 Configuring SUSE Linux Enterprise Server 10 for High-Availability Clustering 543

Introducing Linux Clustering 543

Designing an HA Cluster Solution 544

Using Shared Storage 545

Using Heartbeat for High Availability 558

Editing the Sample Configuration Files 559

Using Authentication Keys to Ensure Secure Communications 559

Tuning the Main Configuration File ha.cf on Both Nodes 559

Creating Shared Resources by Editing the haresources File 561

Managing the Shared Resource 563

Avoiding Split Brain 564

Configuring a Heartbeat 2–Style Cluster with YaST 565

Creating the Cluster 565

Creating Resources 568

Migrating Resources 572

Summary 572

■ CHAPTER 30 Managing Access with the SUSE Firewall 573

Before Configuring the Firewall 573

Configuring the SUSE Firewall with YaST 577

Tuning Netfilter with iptables 584

Making Proper Preparations 584

Netfilter Building Blocks 585

Using iptables to Create a Firewall 586

Summary 591

■ CHAPTER 31 Using Xen to Create a Virtual Environment 593

Working with Xen Virtualization 593

Virtualization Methods 594

Xen Architecture 594

Installing Xen 595

Preparing for Xen Installation 595

Installing the Xen Domain-0 595

Installing the First Virtual Machine 597

Managing Xen Domains 602

Managing Xen from the Command Line 602

Managing Virtual Machines from YaST 605

Managing Xen Networking 606

Migrating Virtual Machines 607

Summary 608

■ CHAPTER 32 Using AppArmor to Secure Applications 609

Exploring the AppArmor Components 609

Managing AppArmor Profiles with YaST 611

Creating a New Profile 611

Updating a Profile 616

Deleting a Profile 617

Managing AppArmor Profiles from the Command Line 618

Creating a Profile with genprof 618

Monitoring AppArmor’s Status 618

Summary 620

■ CHAPTER 33 Configuring Service Location Protocol 621

Understanding How SLP Works 621

Configuring an SLP Server 622

Configuring OpenSLP from YaST 622

Tweaking /etc/slp.conf 624

Registering Services 626

Browsing Available Services 628

Summary 629

■C O N T E N T S

xx

7087fmfinal.qxd 11/8/06 10:55 PM Page xx

■ CHAPTER 34 Troubleshooting SUSE Linux Enterprise Server 631

Analyzing the Problem 631

Analyzing the Network 631

Checking Application Availability 634

Checking Logging 635

Troubleshooting from the GRUB Boot Prompt 636

Booting a Rescue System 638

Using the Repair an Installed System Option 640

Summary 645

■ CHAPTER 35 Creating an Installation Server 647

Creating an Installation Server 648

Configuring TFTP for PXE Boot 653

Installing a Server Automatically with AutoYaST 655

Performing Remote Installations Using SSH or VNC 659

Performing a Remote Installation with SSH 659

Combining SSH with VNC 660

Summary 661

■ INDEX 663

7087fmfinal.qxd 11/8/06 10:55 PM Page xxii

About the Author

■SANDER VAN VUGT performed his first Linux installation in 1992 Since then,

he has been an enthusiastic Linux user, working with it on a professionalbasis since 1995 Sander is an independent trainer and consultant living inthe Netherlands He has worked professionally everywhere from Singapore

to San Francisco (and is willing to cover the rest of the planet as well) Sander

is a Novell-certified trainer for the SUSE Linux Advanced Technical Trainerprogram and is authorized to teach most other Novell technical courses aswell In addition to being a trainer, he is an author, having written more than

30 books and hundreds of technical articles Sander is also working as a volunteer for the LPI

organization, contributing topics for the LPIC-3 certification Most important of all, Sander is the

father of Alex and Franck and the loving husband of Florence You can reach Sander via his website

at http://www.sandervanvugt.com or via e-mail at mail@sandervanvugt.nl

xxiii

7087fmfinal.qxd 11/8/06 10:56 PM Page xxiv

About the Technical Reviewer

■ROB BASTIAANSEN is an independent consultant, trainer, and author

Rob has a strong focus on Linux and NetWare, clustering services, eDirectory,and ZENworks He delivers advanced technical training for Novell in EMEAregarding these topics Rob is also a technical writer; he writes for several ITmagazines in the Netherlands, where he lives VMware is another area in whichRob works as a consultant and trainer In 2004, Rob wrote and published his

first book, Rob’s Guide to Using VMware (Books4brains, 2004), and a second edition was published in 2005 In 2005, he published The NetWare Toolbox

(Books4brains, 2005) He is a master-certified Novell instructor; he has all the major Novell

certi-fications, including Certified Linux Professional; and he is LPI level 1 certified

xxv

7087fmfinal.qxd 11/8/06 10:56 PM Page xxvi

Although my name is the only one printed on the cover of this book, this book is the result

of some fine teamwork, and I would like to thank everyone who was part of that team for all their

efforts First I’d like to thank Jason Gilmore, who had enough trust to start this project Then I’d like

to thank Keir Thomas for taking over the role of responsible editor while at the halfway point of this

project The work of both of them has definitely made this a much better book Next, I’d like to

thank my technical editor and friend Rob Bastiaansen for some very valuable tips and comments

that helped improve this book Next, I want to thank Denise Santoro Lincoln, the project manager,

who with patience and kindness helped me complete this book in a timely manner Next I’d like

to thank Kim Wimpsett, who had the—I hope not too difficult—task of transforming my manuscript

into easy-to-read English prose Last but not least, I’d like to thank Florence, Franck, and Alex for

their support Even if they didn’t modify a word in this book, without their help I wouldn’t have

been able to complete it

xxvii

7087fmfinal.qxd 11/8/06 10:56 PM Page xxviii

This book is about SUSE Linux Enterprise Server 10 With SUSE Linux Enterprise Server 10,

Novell launched the best professional Linux server operating system ever, based on work that

started more than 10 years ago by the people from SUSE in Germany With this software, Novell

has managed to create an easy-to-manage yet very complete, robust, and versatile operating

system that can perform a broad range of tasks everywhere within a company

This book is meant as a complete work, helping people who have never worked with Linuxbefore to set up a functional server while also helping advanced administrators of SUSE Linux

by providing some details about new functionality and about some of the most complex parts of

SUSE Linux

Who This Book Is For

This book was written for new as well as experienced administrators of SUSE Linux Enterprise

Server The first part of the book contains some introduction-level material that new administrators

will like, and the last part of the book contains some advanced information aimed at experienced

Linux administrators Everything in between was written to help the reader set up all the important

services on SUSE Linux Enterprise Server Because of its broad approach, this book is an

indispen-sable reference guide for everyone administrating SUSE Linux Enterprise Server

How This Book Is Structured

This book is divided into four parts, with a total of no less than 35 chapters

Part 1: Getting Familiar with SUSE Linux Enterprise Server

As the name suggests, this part is for people who are new to SUSE Linux Enterprise Server and even

for people who haven’t worked with Linux before In this part, you’ll learn how to install SUSE Linux

Enterprise Server and understand the way it is structured This part includes information about

working from the GNOME graphical user interface, working with the file system, and working with

the management utility YaST

Part 2: Administering SUSE Linux Enterprise Server

In this part, you’ll get in-depth information about generic SUSE Linux administration tasks This

part starts with a discussion of Linux users and groups management This is followed by a chapter

about working with file and directory permissions Next, two chapters cover all the important tasks

related to managing the file system Then you’ll learn how to manage software Next, I’ll cover

sys-tem initialization, process management, and syssys-tem logging

xxix

Part 3: Networking SUSE Linux Enterprise Server

In this part, you’ll get detailed information about the most important network services and how

to set them up in a SUSE Linux Enterprise Server environment At the start of this part, you’ll learnhow to configure the network interface This part covers popular services such as Apache, DNS,DHCP, Postfix, and Squid, as well as some essential network functionality such as remote access

In addition, this part covers setting up an LDAP server and managing cryptography Finally, I’ll cuss the topics of remote access, NTP time synchronization, and the CUPS print server

dis-Part 4: Advanced SUSE Linux Enterprise Server Configuration

After reading the first three parts of this book, you’ll be able to install and manage a completelyfunctional SUSE Linux Enterprise Server In this part of this book, I’ll discuss some of the moreadvanced tasks The chapters in this part cover tasks that are not essential but that make your SUSELinux Enterprise Server a lot more useful You will find chapters about tasks that will make you abetter system administrator, such as kernel and hardware management, shell scripting, optimiza-tion, troubleshooting, and firewall configuration Also, I’ll cover some new technologies such asHeartbeat clustering, AppArmor application security, and Xen virtualization Finally, I’ll cover someuseful techniques such as creating an installation server and working with the Service LocationProtocol

Prerequisites

To get the most out of this book, you should have a copy of SUSE Linux Enterprise Server at hand.You can download this for free from http://www.novell.com/download

Contacting the Author

You can reach the author of this book by e-mail at mail@sandervanvugt.nl or on the Web at http://www.sandervanvugt.com

■I N T R O D U C T I O N

xxx

7087fmfinal.qxd 11/8/06 10:56 PM Page xxx

d51b07054b56b5c0852aa55b196128ed

Getting Familiar with

SUSE Linux

Enterprise Server

T his book is divided into four parts This first part is for people who are new to Linux in general or SUSE Linux Enterprise Server in particular The first chapter describes how to install SUSE Linux Enterprise Server After that, Chapters 2 through 4 show you how to navigate the SUSE Linux Enter- prise Server interface These chapters will be especially interesting to users not only new to SUSE Linux but also new to Linux, since this part covers many Linux basics.

P A R T 1

■ ■ ■

Installing SUSE Linux

Enterprise Server

This chapter teaches you everything you need to know to properly install SUSE Linux Enterprise

Server 10

Meeting the Installation Requirements

Before you can start installing SUSE Linux Enterprise Server 10, you need a computer that meets

the minimal requirements The following are the minimal system requirements:

• A CPU that runs at 1GHz or better

Indeed, if you’re planning on running SUSE in an even mildly critical environment, you should

greatly improve upon these minimum specifications As for the CPU, it doesn’t need to be an Intel

i386 CPU SUSE Linux Enterprise Server runs on almost all hardware platforms, from i386 to the

IBM Z series In this book, however, I will assume you are installing on i386 architecture or

compati-ble (such as AMD)

Starting the Installation

In the “old days” to install a server, you needed to insert a CD in the CD drive and boot from the CD

For SUSE Linux Enterprise Server, this is not the only option In addition to installing it from a CD,

you can start the installation from a boot image delivered by an installation server

Using a bootable CD is the most common installation method If you need to install manyservers, you may be able to use an installation server Chapter 35 covers this subject in detail

After booting from the installation device, you will see the installation welcome screen, asshown in Figure 1-1 Note that on this screen, the option Boot from Hard Disk is selected by default;

this prevents you from starting a new installation by accident if you forget to remove the installation

medium from the drive after adding some packages

3

C H A P T E R 1

■ ■ ■

The menu offers four installation options; under normal circumstances, you should select theInstallation option If that doesn’t work, you can try one of the safe options; the Installation—SafeSettings option is the simplest way of booting your installation system You cannot use the RescueSystem option for installation; it is for troubleshooting a server that has already been installed Youcan use the last option—Memory Test—to diagnose the RAM chips in your server and exclude faultyRAM chips from usage.

In addition to the options in the installation menu, the welcome screen offers some otheroptions In particular, an important element is the Boot Options prompt Using this prompt youcan enter any option you want to pass to the kernel when starting the installation Usually this isthe work of an expert; in other words, don’t use it if you don’t know exactly what you’re doing

C H A P T E R 1 ■ I N S TA L L I N G S U S E L I N U X E N T E R P R I S E S E R V E R

4

Figure 1-1.In the installation menu, the option Boot from Hard Disk is selected by default.

7087ch01final.qxd 11/9/06 12:13 AM Page 4

■ Tip Having problems starting the graphical installation? Use the option x11i=fbdevat the Boot Options

prompt This starts a generic driver for your graphics hardware known as the frame buffer device This allows

the graphical installation to start in almost all cases

On the bottom of the welcome screen, you see the five function keys you can use to tune theinstallation:

F1: Press this key to display help about the installation procedure.

F2: Press this key to change the language of the installation program.

F3: Press this key if you need to change the resolution of the installation program Usually the

installer selects the best resolution for your hardware automatically If that doesn’t work, fromthis menu you can select any supported resolution If you are having problems with the graphi-cal installation, select Text Mode This runs the installation in text mode without the graphicalinterface Note that this is the same installation as the one used in graphical mode; it just looksdifferent

F4: Press this key to select the installation source Currently, six different sources are supported:

• CD-ROM: This option installs from either a CD or a DVD.

• SLP: This option uses the Service Location Protocol (check Chapter 33 for more details)

to locate an installation server automatically and use it

• FTP: Select this option if you want to use an FTP server for installation.

• HTTP: This option allows you to install from an HTTP server.

• NFS: If your network has an NFS server offering the installation files, use this option to

start the installation from it

• SMB/CIFS: Use this option if the installation files are on a share on a Samba or Windows

server

F5: This option opens a prompt where you can load an additional driver Use this option if you

need a specific driver to support the device on which you want to install

After selecting the way you want to install, press Enter This will load the installation kerneland bring you to the next phase of the installation procedure While loading the kernel, you will

see a blue screen with the text SUSE Linux Enterprise Server on it This isn’t very helpful if you

want to know exactly what is happening To close this screen, press the Escape key You’ll then

see information about what is happening, as shown in Figure 1-2 If something goes wrong,

you’ll see information about what part of the installation went wrong

Preparing the Installation

When the installation kernel has loaded, the preliminary phase of the installation process begins

As the first step of this phase, you need to select the language you want to work with (see Figure 1-3).For support reasons, I recommend using English (US) or German, but if so required, you can chooseanother local language In that case, you should be aware that although much is translated into alocal language, not everything is localized, so you will still see some elements in English Afterselecting the language you want to use, click Next to continue

C H A P T E R 1 ■ I N S TA L L I N G S U S E L I N U X E N T E R P R I S E S E R V E R

6

Figure 1-2.Hit the Escape key when the kernel is loading to see more details.

7087ch01final.qxd 11/9/06 12:13 AM Page 6

■ Note Since Novell’s support system is internationalized, it supports only English (US) and German (After all,

SUSE has German roots.) If you really need to run it in another language, check with your local Novell contact to

learn more about the possibilities

After selecting the language, read and accept the license agreement, as shown in Figure 1-4

Figure 1-3.For support reasons, it is best to install your server in English (US).

d51b07054b56b5c0852aa55b196128ed

As shown in Figure 1-5, now you can indicate the preferred installation mode If nothing isinstalled on your server’s hard drive, you must select New Installation On an installed server thatcontains a previous version of SUSE Linux Enterprise Server, you can select the Update option Thisoption will install new versions of existing packages on your server If you have add-on productsyou want to install during the installation procedure, select the Include Add-On Products fromSeparate Media option Also, clicking the Other button will present some useful options, includingRepair an Installed System This option allows you to start an automatic troubleshooting modulethat helps you find any existing problems on your server and repair them automatically You’ll learnmore about this in Chapter 34 In this chapter, I’ll assume you want to perform a new installation;therefore, select New Installation, and then click Next to proceed.

C H A P T E R 1 ■ I N S TA L L I N G S U S E L I N U X E N T E R P R I S E S E R V E R

8

Figure 1-4.You must accept the license agreement to proceed with the installation.

7087ch01final.qxd 11/9/06 12:13 AM Page 8

Now, to finish preparing the installation, you can specify the region and time zone you are in(see Figure 1-6) After doing this, you need to set the hardware clock of your server Linux servers

often are set to UTC so that all clocks on servers—no matter where on Earth they are—can

com-municate the same time If for whatever reason you don’t want that, you can use local time on the

hardware clock You should be aware that no matter what clock setting you specify, the software

clock you’ll see on your server will always indicate local time Based on the Region and Time Zone

settings, local time is calculated as an offset to UTC After selecting the clock type you want to use,

you can also change the current time setting Be sure to do this only after setting the hardware clock

to local time or UTC; otherwise, you might get confused about the type of time currently in use on

your server After specifying the time settings you want to use, click Next to continue

Figure 1-5.In addition to a new installation, you can update an existing server that contains an older

version of SUSE Linux Enterprise Server.