SelfStudyManuals

SUSELinuxEnterpriseServer11Administration/WorkbookCourse3103

SUSELinuxEnterpriseServer11Administration/Workbook

Introduction

ThisworkbookisdesignedtohelpyoupracticetheskillsassociatedwithSUSELinux
EnterpriseServer11Administration(Course3103)objectives.
Theseskills,alongwiththosetaughtintheSUSELinuxEnterprise11Fundamentals(3101)
andSUSELinuxEnterprise11Administration(3102)courses,prepareyoutotakethe
NovellCertifiedLinuxProfessional11(NovellCLP11)certificationpracticumtest.
NOTE:InstructionsforsettingupaselfstudyenvironmentareinthedirectorySetuponthe
CourseDVD.
Beforestartingtheexercisesinthisworkbook,youneedtoreviewthefollowing:
"CourseScenario"
"ExerciseConventions"
CourseScenario

TheexercisesinthiscoursecenteraroundthefictionalDigitalAirlinesCompanythathas
officesatvariousairportsaroundtheglobe.
TheDigitalAirlinesmanagementhasmadethedecisiontomigrateseveralbackendservices
toLinuxserversrunningSUSELinuxEnterpriseServer11.
YouhavealreadyinstalledSUSELinuxEnterpriseServer11beforeandarefamiliarwith
administeringSUSELinuxEnterpriseServer11fromYaSTandfromthecommandline.
Themigrationplanincludesthefollowing:
Providingbasicnetworkingservicesaswellasfileandprintservices
IntroducingofIPv6
Automatingtasksusingshellscripts
InstallingofdesktopsandserversusingAutoYaST

 VirtualizingwithXen
Yourtaskistosetupatestserverinthelabtoenhanceyourskillsintheseareas.
ExerciseConventions

Whenworkingthroughanexercise,youwillseeconventionsthatindicateinformationyou
needtoenterthatisspecifictoyourserver.
Thefollowingdescribesthemostcommonconventions:
italicizedtext:Thisisreferstoyouruniquesituation,suchasthehostnameofyour
server.
Forexample,supposingthehostnameofyourserverisda50andyouseethefollowing
hostname.digitalairlines.com
Youwouldenter
da50.digitalairlines.com
172.17.8.xx:ThisistheIPaddressthatisassignedtoyourSUSELinuxEnterprise
Server11.
Forexample,supposingyourIPaddressis172.17.8.50andyouseethefollowing
172.17.8.xx
Youwouldenter
172.17.8.50
Select:Thewordselectisusedinexercisestepswithreferencetomenuswhereyou
canchoosebetweendifferententries,suchasdropdownmenus.
EnterandType:Thewordsenterandtypehavedistinctmeanings.
ThewordentermeanstotypetextinafieldoratacommandlineandpresstheEnter
keywhennecessary.ThewordtypemeanstotypetextwithoutpressingtheEnterkey.
Ifyouaredirectedtotypeavalue,makesureyoudonotpresstheEnterkeyoryou
mightactivateaprocessthatyouarenotreadytostart.

EnableFundamentalNetworkServices

Thissectioncontainsthefollowingexercises:
"SetUpandManageNetworkFileSystem(NFS)"
SetupandmanageNFSontheserverandontheclient.
"Configurentpd"
Configureyourservertogettimeinformationfromanotherserver.
"ConfiguretheInternetDaemon(xinetd)"
UsexinetdtoruntheTelnetandtheFingerserviceonyourserver.
"ConfigureAnonymousPureFTPdAccess"
ConfigureanonymousFTPaccesswiththepermissiontouploadfiles,butmakethe
downloadofthosefilesdependonadministratorapproval.
SetUpandManageNetworkFileSystem(NFS)

Inthefirstpartofthisexercise,youcreatea/export/documentationdirectory,copy
documentsfrom/usr/share/doc/manual/intoit,andexportittoothersusingNFS.
Inthesecondpart,youcreatethe/import/docsdirectoryanduseitasmountpointtoimport
the/export/documentationdirectoryfromyourownserverusingNFS.Createan/etc/fstab
entrytomountthedirectoryautomaticallyatboottime.
Inthethirdpart,youcreatethe/dataand/export/datadirectories,andthencreatesomefiles
in/data.Exportthe/exportand/datadirectoriesusingNFSv4.The/exportdirectoryshouldbe
thepseudorootdirectory,withthecontentof/dataappearingin/mountpoint/dataforthe
clients.Mounttheexportedpseudorootdirectoryto/mntusingNFSv4andcheckifthe
contentof/mnt/and/mnt/dataisasexpected.
Inthefourthpart,youconfiguretheautomounterondahosttomountthe/homedirectory
fromtheservertothe/remotehomedirectory.
YoucanusethecommandlineinterfaceorYaSTtodopartsonetothree.Thefollowingstep
bystepdescriptionusesYaST.Theautomounterconfigurationisdonewithatexteditor.
DetailedStepstoCompletetheExercise

"PartI:SetUpanNFSServer"

 "PartII:AddaRemoteFileSystemtotheNFSClient"
"PartIII:ExportaFileSystemUsingNFSVersion4"
"PartIV:Configuretheautomounter"
PartI:SetUpanNFSServer

Ondahost,dothefollowing:
1. Openaterminalwindowandsutoroot(password:novell).
2. Createthe/export/documentationdirectorybyentering
mkdirp/export/documentation
3. Copysomefilesintothatdirectoryusingthefollowingcommands
cd/export/documentation
cp/usr/share/doc/manual/slesadmin_enpdf/*.
4. StarttheYaSTNFSServerConfigurationmodulebyenteringyast2nfs_server&.
Ifadialogappearsthatinformsyouthatpackages,suchasnfskernelserver,needto
beinstalled,selectInstall.
ANFSServerConfigurationdialogappears.
5. SelecttheStartbuttonintheNFSserversectionofthedialog.
6. DeselecttheEnableNFSv4checkbox,thencontinuebyselectingNext.
ADirectoriestoExportdialogappears.
7. Addthe/export/documentationdirectorytothelistofdirectories:
1. SelectAddDirectory.
Adialogappearswhereyouhavetospecifythedirectorytoexport.
2. Type/export/documentation,thenselectOK.
Incasethedirectorydoesnotexist,amessageinformsyouofthefactandasks
ifyouwanttocreateit.Afterconfirmation,adialogappearswithfieldsfor
specifyingaHostWildCardandOptions.

3. Changethepresetvaluestomatchthefollowing,thenselectOK.
HostsWildCard:*
Options:rw,root_squash,sync,no_subtree_check(makesureyoureplace
"ro"with"rw")
Thedirectoryisaddedtothelist.
8. SavethechangestothesystembyselectingFinish.
9. Attheterminalwindow,verifythatthefilesystemwasexportedbyenteringthe
following:
showmountelocalhost
10.ViewtheentrymadebyYaSTtothefile/etc/exportsbyenteringcat/etc/exports
.
YoushouldseethesettingsyouenteredinYaST.
PartII:AddaRemoteFileSystemtotheNFSClient

ThisexerciseuseslocalhostastheNFSserver.ThisdoesnotrequireaseparateNFSserver.
Ondahost,dothefollowing:
1. Intheterminalwindowwhereyouswitchedtotherootaccount,createamountpoint
named/import/docsfortheremotefilesystemtobemountedonyourserverby
enteringthefollowing:
mkdirp/import/docs
2. AddaremotefilesystemtotheNFSClientConfiguration.
1. StarttheNFSClientConfigurationfromtheterminalwindowbyenteringyast2
nfs&.
MountaremotefilesystembyselectingtheNFSSharestab,thenclickAdd.
Adialogappearsforaddingtheremotefilesystem.
2. Specifythefollowing,thenselectOK.
NFSServerHostname:127.0.0.1(thisisthelocalhostaddress)
RemoteDirectory:/export/documentation/

 MountPoint(local):/import/docs
NFSv4Share:unchecked
Options:defaults,soft
YouarereturnedtotheNFSClientConfigurationdialogwhichnowliststhe
remoteDirectory.
3. SelecttheNFSSettingstabanddeselectEnableNFSv4.
4. SavethechangestothesystembyselectingOK.
5. Attheterminalwindow,verifythatthefilesystemismountedbyenteringmount.
Youseetheremotehost'sdirectorymountedon/import/docs.
6. Listthefilesinthemountedfilesystembyentering
lsl/import/docs
7. ChecktheentryenteredbyYaSTinthe/etc/fstabfilebyentering
cat/etc/fstab.
Thisentryensuresthatthefilesystemismountedeachtimetheserverboots.
PartIII:ExportaFileSystemUsingNFSVersion4

Dothefollowing:
1. Ifyourda1virtualmachineisnotrunning,starttheVMwareplayerandtheda1virtual
machine.
2. Logintoda1asgeeko,openaterminalwindow,andsutoroot(password:novell).
3. Onda1,createthe/datadirectoryandsomefilesinitusingthesecommands:
mkdir/data
touch/data/file{1,2,3}
4. Editthe/etc/exportsfilesoitcontainsthefollowinglines(deleteanylinesthatmight
alreadyexistinthefilefirst):
/export*(fsid=0,crossmnt,ro,no_subtree_check,sync)

/export/data
*(ro,no_subtree_check,sync,bind=/data)

5. Savethefileandclosetheeditor
6. MakesurethatNFSv4supportisturnedon.
Openthe/etc/sysconfig/nfsfileinaneditorandmakesurethevariableNFS4support
issetto"yes".Ifsetto"no,"changeitsoitlookslikethefollowing:
NFS4_SUPPORT="yes"

7. Savethefileandclosetheeditor.
8. RestarttheNFSserverwiththiscommand:
rcnfsserverrestart
9. Checkifthebindmountiscorrectusingthesecommands:
mount
ls/export/data
Youshouldseethefilesyoucreatedin/data.
10.Ondahost,openaterminalwindow,sutoroot,andmountthedirectoriesyoujust
exportedonda1tothe/mntdirectoryusingNFSv4:
mounttnfs4da1.digitalairlines.com://mnt
11.Usingls,checkifthefilesfrom/dataontheserverarevisiblein/mnt/dataonthe
client.
PartIV:Configuretheautomounter

Dothefollowing:
1. Ifyourda1virtualmachineisnotrunning,starttheVMwareplayerandthevirtual
machine.
2. Logintoda1asgeeko,openaterminalwindow,andsutoroot(password:novell).
3. Onda1,openthe/etc/exportsfileinaneditortoincludethefollowingtwolines(thefirst
lineshouldalreadyexistfromPartIIIofthisexercise,andthelinestartingwith
/export/datacanremaininthefile):

/export*(fsid=0,crossmnt,ro,root_squash,sync,no_subtree_check)
/export/home
*(rw,root_squash,sync,no_subtree_check,bind=/home)

4. Savethefileandclosetheeditor.
5. Onda1,restarttheNFSserverwiththecommandrcnfsserverrestart.
6. Onda1,makesuretheNFSserverisstartedautomaticallywhenthesystembootsby
enteringthecommandchkconfignfsserveron.
7. Ondahost,openaterminalwindowandsutoroot.
8. Openthe/etc/auto.masterfileinaneditorandmakethefollowingchanges:
Addacommentsign(#)infrontof+auto.master.
Addthefollowinglineattheendofthefile:
/remotehome/etc/auto.remotehome

9. Savethefileandclosetheeditor.
10.Createthe/remotehomedirectorywiththiscommand:
mkdir/remotehome
11.Createthenew/etc/auto.remotehomefilebyentering
vi/etc/auto.remotehome
thenaddthefollowinglinetoit:
*fstype=nfs4,rw,nosuid,nodev172.17.8.101:/home/&

12.Savethefileandclosetheeditor.
13.Starttheautomounterwiththecommandrcautofsstart.
14.Viewthecontentof/remotehomeusingls.
15.Viewthecontentof/remotehome/geekousingls.
16.Viewthemountedfilesystemusingmount

17.Stoptheautomounteragainwithrcautofsstop.
Configurentpd

Inthisexercise,youconfigureyourservertogettimeinformationfromanotherserver.
SetupanNTPserveronyourmachinethatgetsitstimefromaserverontheInternet.(Ifyou
donothaveInternetaccess,youcanstilldotheexercise,butyourtimewon'tbe
synchronizedwithanexternalserver.)
DetailedStepstoCompletetheExercise

Dothefollowingondahost:
1. Ataterminalwindow,sutoroot(password:novell).
2. Viewthesystemdateandtimebyenteringdate.
Recordthetime:
3. Viewthehardwareclocktimebyenteringhwclock.
4. ConfiguretheNTPserverwithYaST.
1. StarttheYaSTControlCenterandselectNetworkServices>NTPConfiguration
.
TheAdvancedNTPConfigurationdialogappears.
2. OntheGeneralSettingstab,underStartNTPdaemon,selectNowandOn
Boot.
3. MakesuretheRuntimeConfigurationPolicyissettoAutoandclickAdd.
TheNewSynchronizationdialogappears.
4. SelectServerasthetype,thenclickNext.
TheNTPServerdialogappears.
5. IntheServerSettingspane,selectPublicNTPServerfromthedropdown
menu.
ThePublicNTPServerdialogappears.
6. FromtheCountrydropdownmenu,selectyourcountryoracountry
geographicallynearyourcountry.

7. FromthePublicNTPServersdropdownmenu,selectapublicNTPserverthat
accordingtoitspolicyallowsyoutouseitastimesource.
8. ClickOK>OK.
YouarereturnedtotheAdvancedNTPConfigurationdialog
9. SavetheNTPconfigurationbyclickingOK.
5. Attheterminalwindow,viewthestatusoftheNTPtimesynchronizationbyentering
rcntpstatus.
Theoutputwillvarydependingonthetimepassedsincentpdwasstartedandwhether
ornottheNTPserveryouconfiguredcanactuallybereachedfromyourcomputer.
6. ViewthelogoftheNTPserverbyentering
tailf/var/log/ntp
StoptailbypressingCtrl+c.
7. Viewthechangesmadetothe/etc/ntp.conffilebyenteringless/etc/ntp.conf
NoticethattheNTPserveristheserveryouselectedearlier.
8. Checkthehardwareclocktimebyenteringhwclock.
9. Setthehardwareclockfromthesystemtimebyenteringthefollowing:
hwclocksystohc
10.Checkthenewhardwareclocktimebyenteringhwclock.
11.Closeallopenwindows.
ConfiguretheInternetDaemon(xinetd)

Inthefirstpartofthisexercise,usetheYaSTNetworkServices(xinetd)moduletosetupa
Telnetserveronyourcomputer.
Inthesecondpart,installtheFingerservice,andedititsconfigurationin/etc/xinetd.d/to
activatetheservice.
DetailedStepstoCompletetheExercise

"PartI:EnablexinetdServiceswithYaST"

 "PartII:EnableanxinetdServicesManually"
PartI:EnablexinetdServiceswithYaST

Dothefollowingondahost:
1. StarttheYaSTControlCenterandselectNetworkServices>NetworkServices
(xinetd).
TheNetworkServicesConfiguration(xinetd)dialogappears.
2. SelectEnable.
Alistofcurrentlyavailableservicesbecomesactive.
3. Scrolldownandselecttheservicetelnet(Server:/usr/sbin/in.telnetd),thensetthe
servicetoOnbyselectingToggleStatus(OnorOff).
Ifthetelnetserverpackageisnotyetinstalled,itwillbeinstallednow.Insertthe
installationDVDasneededandselectInstall.
4. SavetheconfigurationtothesystembyselectingFinish.
5. Testtheconfiguration.
1. Openaterminalwindowandtelnettolocalhostbyenteringtelnet
localhost.
2. Loginasgeeko(password:novell).
3. Logoutbyenteringexit.
4. Onda1,openaterminalwindowandtelnettodahost.digitalairlines.comby
entering
telnetdahost.digitalairlines.com
5. Loginasgeeko(password:novell).
6. Logoutbyenteringexit.
PartII:EnableanxinetdServicesManually

Enablethefingerserverondahostbydoingthefollowing:
1. Ataterminalwindow,sutoroot(password:novell).

2. Installthefingerserverpackageifitisnotyetinstalled:
rpmqfingerserver||yastifingerserver
3. Attheterminalwindow,editthe/etc/xinetd.d/fingerfilebyentering
vi/etc/xinetd.d/finger
4. Atthebottomofthefile,changethedisable=yessettingtothefollowing:
disable=no

5. Savethechangesandclosevi.
6. Restarttheservicexinetdbyenteringrcxinetdrestart.
7. TesttheFingerservicebydoingthefollowing:
1. Onda1,openaterminalwindow.
2. Getthefingerinformationavailableatdahostbyentering
finger@dahost.digitalairlines.com
3. Getthefingerinformationavailableforaspecificuserbyentering
fingergeeko@dahost.digitalairlines.com
8. Optional:ChangetheFingerconfigurationtoallowaccessonlyatcertaintimesduring
theday.Testyourconfiguration.
9. Stoptheservicexinetdbyenteringrcxinetdstop.
ConfigureAnonymousPureFTPdAccess

Inthisexercise,youconfigureanonymousFTPaccesswiththepermissiontouploadfiles.
Makesurethatthefilescannotbedownloadedagainwithoutpermissionfromthesystem
administrator.Testyoursetupbyuploadingafileandtryingtodownloaditagain.Asasystem
administrator,allowdownloadingthefile,thentryagaintodoso.
DetailedStepstoCompletetheExercise

Dothefollowingonda1:
1. Openaterminalwindow,thensutoroot(password:novell).

2. Installthepureftpdpackageifitisnotyetinstalled:
rpmqpureftpd||yastipureftpd
3. Openthe/etc/pureftpd/pureftpd.conffileinaneditor.
AllowanonymoususerstouploadfilestotheFTPserverbychangingthe
AnonymousCantUploadparametertono.
4. Makesurethatfilesthatareownedbytheuserftpcannotbedownloadedbyverifying
thatAntiWarezissettoyes.
5. Whenyoufinish,savethefileandclosetheeditor.
6. StartthePureFTPdserverbyenteringrcpureftpdstart.
7. Changetheownershipofthe/srv/ftpdirectorytotheuserftpbyentering.
chownftp/srv/ftp
8. Loginbyenteringftplocalhost;loginusingthenameftp.
9. Verifythatyoucanuploadfilesastheanonymousftpuser.
1. Changetobinarytransfermodebyenteringbin.
2. Uploadthe/usr/lib/rpm/gnupg/susebuildkeyfilebyenteringthefollowing:
lcd/usr/lib/rpm/gnupgputsusebuildkey.gpg
3. Trytodownloadthefilebyentering:
getsusebuildkey.gpg
Youshouldseeamessagethatthefilehasnotyetbeenapprovedfor
download.
4. ExittheFTPsessionbyenteringbye.
10.Verifythatthefilewasuploadedbyentering
cd/srv/ftp
lsl.
Thefileislisted.

11.ChangeownershipofthefileandmakesurethattheFTPservercanaccessthefile:
chowngeeko/srv/ftp/susebuildkey.gpg
chmod444/srv/ftp/susebuildkey.gpg
12.Changetoyourhomedirectorybyenteringcd.
13.Enterftplocalhost,loginwiththeusernameftpandagaintrytodownloadthe
susebuildkey.gpgfile.
Thisshouldsucceednow.
14.Closetheftpclientbyenteringbye.
15.Closetheterminalwindow.

ManagePrinting

Thissectioncontainsthefollowingexercises:
"ConfigurePrinters"
Addalocalprinterandprinttoaremotequeue.
"ManagePrintersfromtheCommandLine"
Practicemanagingprinterqueuesfromthecommandline.
"ManageAccess"
AdministeraccesstoyourCUPSserver.
"UsetheWebInterfacetoManageaCUPSServer"
AddasecondprinterviathewebfrontendofCUPS
ConfigurePrinters

Inthisexercise,youaddalocalprinterandprinttoaremotequeue.(Forthepurposeofthis
exerciseitisnotnecessaryforaprintertobeconnectedtoyourcomputer.)
Theexercisehastwoparts.
Inthefirstpart,useYaSTtoaddaprintertoyourprinterconfiguration.Configureaparallel

printermodelHPLaserjet4withhplj4asthenameoftheprintqueue.Configuretheprinterto
useA4asthedefaultpapersize.
Inthesecondpart,configureaqueuecalledcolorlaserjetonthehostda1.Accessthisqueue
fromyourhostdahost.
DetailedStepstoCompleteThisExercise:

"PartI:AddaPrinter"
"PartII:PrinttoaRemoteCUPSPrinter"
PartI:AddaPrinter

Toaddaprinterondahost,dothefollowing:
1. Ondahost,starttheYaSTControlCenterandselectHardware>Printer.
ThePrinterConfigurationsdialogappears.
2. AddanewqueueforaprinterbyselectingAdd.
TheAddNewPrinterConfigurationdialogappears.
3. UnderDetermineConnection,makesureparallel:/dev/lp0isselectedintheupperpart
ofthedialog.
4. UnderSearchforDrivers,enterLaserJet4,thenclickShowMatchingDrivers.
Alistofdriversappears.
5. ScrolldownthelistandhighlighttherecommendeddriverforHPLaserJet4.
6. UnderSetNametypehplj4thenclickOK.
YouarereturnedtothePrinterConfigurationsmaindialog,withtheHPLaserJet4
printerlistedasalocalprinter.
7. MakesuretheHPLaserJet4printerishighlighted,thenclickEdit.
TheModifyhplj4dialogappears.
8. ClickAllOptionsfortheCurrentDriver.
ADriverOptionsforQueuehplj4dialogappears.

9. Fromthepapersizes,selectA4,thenclickOK.
YouarereturnedtotheModifyhplj4dialog.
10.SelectDefaultPrinter,intheLocationbox,typeMyoffice,thenclickOK.
YouarereturnedtothePrinterConfigurationsmaindialog.
11.FinishtheconfigurationbyclickingOK,thenclosetheYaSTControlCenter.
PartII:PrinttoaRemoteCUPSPrinter

Thisexerciseinvolvesconfiguringprintingontheda1virtualmachineandaccessingitfrom
dahost.
ToprinttoaremoteCUPSprinter,dothefollowing:
1. (Conditional)Ifyourda1virtualmachineisnotrunning,starttheVMwareplayerand
thevirtualmachine.
2. Logintoda1asgeekoandstarttheYaSTControlCenter.
3. RepeatPartIofthisexerciseonda1,usingthefollowinginformation:
SearchforDrivers:ColorLaserJet4500
SetName:colorlaser
1. Onda1,inthemainPrinterConfigurationsdialog,selectSharePrinters.
2. IntheSharePrintersdialog,selectthefollowingoptions,thenclickOKandconfirmthe
messagesthatappear.
Allowremoteaccess
Forcomputerswithinthelocalnetwork
Publishprintersbydefaultinthelocalnetwork
3. Onda1,clickOKtoclosetheYaSTPrinterConfigurationsdialog.
4. Ondahost,fromtheYaSTControlCenter,selectHardware>Printer.
ThePrinterConfigurationsdialogappears.
5. Notethatthereisanadditionalentrylistingtheremotecolorlaserqueue,thenclosethe

dialogbyclickingOK.
6. Testtheremoteprinterbyenteringthefollowingcommandinaterminalwindow:
lpdcolorlaser/etc/fstab
Youshouldseeamessagesimilartothefollowing:
requestidiscolorlaser1(1file(s))
ManagePrintersfromtheCommandLine

Inthisexercise,youpracticemanagingprinterqueuesfromthecommandline.
Usethelprandlpcommandstoprintthe/etc/hostsfiletothequeuehplj4.Viewthejobs
usinglpqandlpstat.Deletethefirstjobusinglprm.
DetailedStepstoCompleteThisExercise:

Dothefollowingondahost:
1. Openaterminalwindow.
2. SendaprintjobtotheHPLaserJet4printerusingtheBerkeleyprintercommands.
1. Sendthe/etc/hostsfiletobeprintedbyentering
lprPhplj4/etc/hosts
2. Viewtheprintqueueforhplj4byenteringthefollowingBerkeleycommand:
lpqPhplj4
3. SendaprintjobtotheHPLaserJet4printerusingtheSystemVprintercommands.
1. Sendthe/etc/hostsfiletotheprinterbyentering
lpdhplj4/etc/hosts
2. Viewtheprintqueueforhplj4byenteringthefollowingBerkeleycommand:
lpstathplj4
4. Attheterminalwindow,cancelthefirstprintjobbyenteringthefollowingBerkeley
command(usethejobnumberdisplayedinStep2babove):
lprmPhplj4jobnumber

5. Enterlpstathplj4.
Thefirstprintjobhasbeendeleted.
6. Checkthestatusoftheprinterbyentering
lpcstatus
ManageAccess

Inthisexercise,youlearnhowtoadministeraccesstotheCUPSserveronda1.
Bydefault,accesstothe/adminresourceoftheCUPSserverislimitedtolocalhost.Change
theconfigurationofCUPSonda1toallowaccesstotheresourcefromdahostbasedonits
IPaddress.
DetailedStepstoCompletetheExercise

TomanageaccesstotheCUPSserver,dothefollowing:
1. OpentheFirefoxbrowserondahost.
2. Intheaddressbar,enter
http://172.17.8.101:631/
YoushouldseetheCUPSmainpage.
3. ClicktheAdmintab.
Youshouldseea403Forbiddenmessage.
4. Onda1,openaterminalwindowandsutoroot(password:novell).
5. Openthe/etc/cups/cupsd.conffileinvi.
6. Scrolldowntothe<Location/admin>section.
7. Withinthatlocationdirective,addtheline
Allow172.17.8.1

IfthereisaDenyallentrywithinthatlocationdirective,putacommentsign(#)infront
ofitsothelinelookslikethis:
#Denyall

8. Savethefileandclosetheeditor.
9. RestarttheCUPSserverbyenteringrccupsrestart.
10.IntheFirefoxbrowser,ondahostopenhttp://172.17.8.101:631/.
YoushouldseetheCUPSmainpage.
ClicktheAdmintab.
Afterbeingredirectedtohttps://172.17.8.101:631/adminandacceptingthecertificate,
youshouldseetheAdminpage.
UsetheWebInterfacetoManageaCUPSServer

Inthisexercise,addasecondprinterviatheWebfrontendofCUPS(eventhoughasecond
printerisnotphysicallyavailableatyourworkstation).
Usingthewebinterface,addanetworkprinter,themodelbeingHPLaserJet4050,andits
nameFictive.
DetailedStepstoCompletetheExercise

Dothefollowingondahost:
1. StartaWebbrowseronyourworkstation.
2. Enterhttp://localhost:631/astheURLinyourbrowserwindow.
3. SelecttheAdministrationtab.
4. Toaddthe(nonexistent)printer,selectAddPrinter.
5. UnderName,typeFictive.
6. UnderLocation,typeNowhere.
7. UnderDescription,typeThisprinterdoesnotexist.
8. SelectContinue.
Ifthereisawarningmessagefromthebrowseraboutsendinginformationoveran
unencryptedconnection,selectContinue.
Aftersometime(thiscantakeminutes),aDeviceforFictivedialogappears.
9. FromtheDevicepulldownmenu,selectAppSocket/HPJetDirect,thenselect

Continue.
TheDeviceURIforFictivedialogappears.
10.AsDeviceURI,enter
socket://172.17.8.250:9100
SelectContinue.
TheMake/ManufacturerforFictivedialogappears.
11.FromtheMake/ManufacturerforFictivepulldownmenu,selectHP,thenselect
Continue.
TheModel/DriverforFictivedialogappears.
12.FromtheModel/Driverlist,selectoneoftheHPLaserJet4050SeriesPostscript
(recommended)(en)drivers,thenselectAddPrinter.
13.IntheAuthenticationdialog,typerootastheusernameandnovellasthepassword.
14.SelectOK.
15.Youshouldgetthefollowingmessage
PrinterFictivehasbeenaddedsuccessfully.
Afterafewmoments,theFictive:Optionsinstalledpageappears.Reviewtheavailable
options.
16.SelectthePrinterstabtoseethenewprinterinthelist.
Thissectioncontainsthefollowingexercise:
"ConfigureOpenLDAPonSLES11"
InstallandconfigureOpenLDAPonyourSLES11server.
ConfigureOpenLDAPonSLES11

Inthisexercise,youinstallandconfigureanLDAPserverondahost.Youthenconfigurethe
LDAPclientonyourDA1serverandonyourworkstationsuchthattheycanuseeithertheir
localfilesortheLDAPdirectoryforauthentication.

DetailedStepstoCompletetheExercise

"PartI:ConfigureanLDAPServerondahost"
"PartII:ConfiguretheLDAPClientondahost"
"PartIII:ConfiguretheLDAPClientonda1"
"PartIV:ManageEntriesintheLDAPDirectory"
PartI:ConfigureanLDAPServerondahost

First,youneedtoinstallandconfigureanLDAPdirectoryserverondahost:
1. Ondahost,startYaSTandselectNetworkServices>LDAPServer.
2. Whenpromptedtoinstalltheopenldap2packages,selectInstall.
Waitwhilethepackagesareinstalled.Whencomplete,anLDAPServerConfiguration,
GeneralSettingsdialogappears.
3. OntheGeneralSettingsscreen,configurethefollowing:
1. UnderStartLDAPServer,verifythatYesisselected.
2. SelectRegisteratanSLPDaemon.
3. Ifyourserver'shostfirewallisenabled,selectOpenPortinFirewall.
4. SelectNext.
anLDAPServerConfiguration,TLSSettingsdialogappears.
5. EnableencryptionusingTLSbydoingthefollowing:
1. VerifythatEnableTLSisselected.
2. VerifythatEnableLDAPOverSSL(ldaps)Interfaceisselected.
3. VerifythatUseCommonServerCertificateisselected.
NOTE:IfyoucannotmarkUseCommonServerCertificate,thenthiscertificate
wasn'tcreatedduringinstallation.InthiscaseyouhavetoclickLaunch
CAManagementModuleandcreateaCAandcommonservercertificate.
6. SelectNext.

TheBasicDatabaseSettingsscreenisdisplayed:
ConfiguringLDAPDatabaseSettings

7. Configureyourdatabasesettings.
1. VerifythattheDatabaseTypefieldissettohdb.
2. Verifythatdc=digitalairlines,dc=comhasbeenenteredforyouintheBaseDN
field.
3. Verifythatcn=AdministratorislistedintheAdministratorDNfield.

4. VerifythatAppendBaseDNismarked.
5. InthePasswordfields,typethepasswordnovellfortheAdministratoruser.
8. SelectNext.
9. OntheSummaryscreen,selectFinish.
10.InYaST,selectLDAPServeragain.
11.SelectDatabases>dc=digitalairlines,dc=com>PasswordPolicyConfiguration.
Thefollowingisdisplayed:
ConfiguringPasswordPolicySettings


12.EnablepasswordpolicysettingsforyourLDAPserver.
1. SelectEnablePasswordPolicies.
2. SelectHashClearTextPasswords.
3. Verifythatcn=DefaultPolicyislistedintheDefaultPolicyObjectDNfield.
4. VerifythatAppendBaseDNisselected.
5. SelectEditPolicy.
6. Whenprompted,typeapasswordofnovell,thenselectOK.

7. SelectthePasswordAgingPoliciestab.
Thefollowingscreenisdisplayed:
ConfiguringPasswordPolicies

8. Specifyaminimumpasswordageof4hours.
9. Specifyamaximumpasswordageof120days.
10.IntheTimebeforePasswordExpirationtoIssueWarningfield,specify5days.
11.IntheAllowedUsesofanExpiredPasswordfield,enter3.
12.SelecttheLockoutPoliciestab.
Thefollowingisdisplayed:
ConfiguringLockoutPolicies

1. SelectEnablePasswordLocking.
2. IntheBindFailurestoLockthePasswordfield,enter5.
3. Specifyapasswordlockdurationof5minutes.
4. Specifyabindfailurescachedurationof7days.
5. SelectOK.
2. OnthePasswordPolicySettingscreen,selectOK.
3. VerifythattheLDAPdaemonisrunningbyentering(asroot)inaterminalwindow
rcldapstatus.
Youshouldseeastatusofrunning.
PartII:ConfiguretheLDAPClientondahost

WiththeLDAPserverrunningondahost,younowneedtoconfiguretheLDAPclientonda

hostsuchthatauthenticationcanoccurviaeitherthelocalfiles(/etc/passwd,/etc/shadow,
andsoon)ortheLDAPdirectoryondahost.
Dothefollowingondahost:
1. InYaST,selectNetworkServices>LDAPClient.
Thefollowingisdisplayed:
ConfiguringtheLDAPClient

2. SelectUseLDAP.
3. Verifythat127.0.0.1islistedintheAddressesofLDAPServersfield.
4. IntheLDAPBaseDNfield,enterdc=digitalairlines,dc=com.
5. VerifythatLDAPTLS/SSLisselected.
6. SelectCreateHomeDirectoryonLogin.
7. SelectAdvancedConfiguration.
8. SelecttheAdministrationSettingstab,shownbelow:
ConfiguringAdministrationSettings

9. Verifythatou=ldapconfig,dc=digitalairlines,dc=comislistedintheConfigurationBase
DNfield.
10.IntheAdministratorDNfield,entercn=Administrator.
11.SelectAppendBaseDN.
12.SelectCreateDefaultConfigurationObjects.
13.ConfiguretheYaSTGroupandUserAdministrationmodules.
1. SelectConfigureUserManagementSettings.

2. Whenprompted,enterapasswordofnovell.
3. Whenpromptedthattheldapconfigorganizationalunitdoesn'texist,selectYes
tocreateditnow.
4. SelectNew.
5. Tocreateanewuserconfigurationmodule,selectsuseUserConfiguration.
6. IntheNameofNewModulefield,typeUsers;thenselectOK.
Youshouldseethefollowing:
ConfiguringLDAPModules

1. OntheModuleConfigurationscreen,selectNew.
2. Tocreateanewgrouptemplate,makesuresuseGroupConfigurationismarked.
3. IntheNameofNewModulefield,typeGroups;thenselectOK.
4. OntheModuleConfigurationscreen,selectOK.
5. OntheAdvancedConfigurationscreen,selectOK.
2. IntheLDAPClientConfigurationscreen,selectOK.
3. Conditional:Installthepam_ldapandnss_ldappackagesbyselectingInstallwhen
prompted.
PartIII:ConfiguretheLDAPClientonda1

Next,youneedtoconfiguretheLDAPclientonda1suchthatauthenticationcanoccurvia
eitherthelocalfiles(/etc/passwd,/etc/shadow)ortheLDAPdirectoryondahost.
Dothefollowingonda1:
1. Ifnecessary,logintoda1asgeekowithapasswordofnovell.
2. StartYaSTandselectNetworkServices>LDAPClient.
3. SelectUseLDAP.

4. IntheAddressesofLDAPServersfield,enterdahost.digitalairlines.com.
5. IntheLDAPBaseDNfield,enterdc=digitalairlines,dc=com.
6. VerifythatLDAPTLS/SSLisselected.
7. SelectCreateHomeDirectoryonLogin.
8. SelectAdvancedConfiguration.
9. SelecttheAdministrationSettingstab.
10.IntheAdministratorDNfield,entercn=Administrator.
11.SelectAppendBaseDN,thenselectOK.
12.OntheLDAPClientConfigurationscreen,selectOK.
13.Conditional:Installthepam_ldapandnss_ldappackagesbyselectingInstallwhen
prompted.
PartIV:ManageEntriesintheLDAPDirectory

WithLDAPconfiguredonyourserverandyourserverandworkstationconfiguredtouse
LDAPforauthentication,youcannowmanageusersandgroupsinthedirectorytree.
Completethefollowingoneitherda1ordahost:
1. CreateanewuserusingtheYaSTUserandGroupManagementmodule.
1. InYaST,selectSecurityandUsers>UserandGroupManagement.
2. SelectSetFilter>LDAPUsers.
AnLDAPServerPassworddialogappears.
3. IntheLDAPServerPasswordfield,enternovell.
4. IntheUserandGroupAdministrationdialog,SelectAdd.
5. IntheNewLDAPUserdialog,selecttheUserDatatabandenterthefollowing
userinformation:
FirstName:Tux
LastName:Penguin

 Username:tux
Password:novell
6. SelectOK.
7. Whenpromptedthatthepasswordistoosimple,selectYes>Yes.
IntheUserandGroupAdminstrationdialog,youshouldseethetuxuser
accountadded.
8. SelectOK.
9. CloseYaST.
2. TestyourLDAPconfigurationbylogginginastux.
1. Openaterminalandentersutux.
2. Whenprompted,enterapasswordofnovell.
Youshouldseethevarioushomedirectoryfolderscreatedasthetuxuserlogs
in,asshownbelow:
geeko@dahost:~/Desktop>sutux
Password:

Creatingdirect

Creatingdirect

Creatingdirect

Creatingdirect

tux@dahost:/ho

3. Attheshellprompt,enterexit.
3. CreateanLDIFfiletocreateanewLDAPuseraccountfromtheshellpromptbydoing
thefollowing:
1. Openaterminalsession.
2. Usingatexteditor,createanewuser.ldiffilewiththefollowingcontent:

#trixiLDIF
dn:
cn=trixi,ou=People,dc=digitalairlines,dc=com
changetype:add
objectClass:
inetOrgPerson
cn:trixi
givenName:Trixi
sn:Penguin
mail:
trixi@digitalairlines.com
uid:trixi
telephoneNumber:
8015557000

NOTE:Youcanfindthisfileonyour3103CourseDVD
3. Savethefileandclosetheeditor.
4. Attheshellprompt,enterinoneline:
ldapaddxDcn=Administrator,dc=digitalairlines,dc=comWf
newuser.ldif
5. Whenprompted,enterapasswordofnovell.
Youshouldseethetrixiuseradded,asshownbelow:
dahost:~#vinewuser.ldif

dahost:~#ldapaddxDcn=A
Wfnewuser.ldif
EnterLDAPPassword:

addingnewentry"cn=trixi,ou=

dahost:~#

6. ViewyourLDAPdirectorytreeusingtheYaSTLDAPBrowsermodule.
1. StartYaSTandselectNetworkServices>LDAPBrowser.
2. OntheLDAPConnectionsscreen,selectAdd.
3. Typeanameofdahostfortheconnection,thenselectOK.
4. IntheLDAPServerfield,typedahost.digitalairlines.com.
5. IntheAdministratorDNfield,typecn=Administrator,dc=digitalairlines,dc=com.
6. IntheLDAPServerPasswordfield,typenovell.
7. SelecttheLDAPTLSoption,thenselectOK.
8. Intheleftpane,clickdc=digitalairlines,dc=com.
9. Expandou=people.
Youshouldseethetrixiandtuxusers,asshownbelow:
ViewingLDAPUsersintheLDAPBrowser


10.Iftimepermits,exploretheattributesandvaluesassociatedwiththetwousers
youadded.
11.Whencomplete,selectClose.
12.CloseYaST,thenclosetheterminalwindow.

ConfigureandUseSamba

Thissectioncontainsthefollowingexercises:

 "CreateaBasicSambaShare"
CreateaSambashare.
"ConfigureSambatoUseLDAPAuthentication"
ConfigureSambatostoreitsuseraccountsinanLDAPdirectory.
"WorkwithSambaShares"
AccessasharewithsmbclientandyoumountaSambashareinthefilesystemofa
Linuxworkstation.
"ConfiguringSambaasaDomainController"
UseYaSTtoconfigureSambatofunctionasadomaincontroller.
CreateaBasicSambaShare

Inthisexercise,youcreateaSambashare.
Inthefirstpartoftheexercise,configuretheSambaserverasamemberofthedigitalairlines
workgroupandtouseuserlevelsecurity.
Inthesecondpartoftheexercise,createthe/srv/samba/geekodatadirectoryandcreatea
sharenamedgeekodata.
DetailedStepstoCompletetheExercise

"PartI:ConfiguretheSambaServer"
"PartII:Createthe[geekodata]Share"
PartI:ConfiguretheSambaServer

Inthispartoftheexercise,youconfigureglobalsettingsfortheSambaserviceondahost.
Completethefollowing:
1. InYaSTondahost,selectNetworkServices>SambaServer.
2. IntheWorkgrouporDomainNamefield,typedigitalairlines,thenselectNext.
3. UnderSambaServerType,selectNotaDomainController,thenselectNext.
4. OntheStartUptab,selectthefollowingoptions:

 DuringBoot
OpenPortinFirewall(ifnecessary)
5. SelecttheIdentitytab.
6. IntheNetBIOSHostnamefield,typedahost.
7. SelectWINSServerSupport.
8. DeselectRetrieveWINSServerviaDHCP,thenselectUseWINSforHostname
Resolution.
9. SelectAdvancedSettings>ExpertGlobalSettings.
ConfirmthewarningsbyclickingOK.
10.Verifythatsecurityissettouserandthatprintingissettocups.
11.SelectOK.
12.SelectOKtoclosetheSambaConfigurationmodule.
PartII:Createthe[geekodata]Share

Inthispartoftheexercise,youcreateasharenamedgeekodatathatpointstothe
/srv/samba/geekodatadirectory.
Completethefollowing:
1. Createthe/srv/samba/geekodatadirectoryondahost.
1. Attheshellprompt,(asroot)entermkdirp/srv/samba/geekodata.
2. Createatestfileinthedirectorybyenteringtouch/srv/samba/geeko
data/my_fileattheshellprompt.
3. Adjustthepermissionsassignedtothedirectoryandfiletoallowaccessbythe
geekouserbyenteringchownRgeeko:/srv/samba/geekodata/at
theshellprompt.
2. Createthe[geekodata]sharebydoingthefollowing:
1. InYaST,selectNetworkServices>SambaServer.
2. OntheSharestab,selectAdd.

3. OntheNewSharescreen,enterthefollowinginformation:
ShareName:geekodata
ShareDescription:Geeko'sDataDirectory
SharePath:/srv/samba/geekodata
4. SelectOK.
5. Withthegeekodatashareselected,selectEdit.
6. OntheSharegeekodatascreen,selectAdd.
7. IntheSelectedOptiondropdownlist,selectvalidusers;thenselectOK.
8. Inthevalidusersfield,entergeeko,thenselectOK.
9. SelectOKtoclosetheSharegeekodatadialog.
10.SelectOKtoclosetheSambaConfiguration.
3. CloseYaST.
4. TesttheconfigurationoftheSambaserverandthe[geekodata]sharebyentering
testparmattheshellprompt.
Youshouldseenoerrormessages.
5. PressEntertoseeadumpofyoursharedefintions.
Youwillusethisshareinalaterexerciseinthissection.
ConfigureSambatoUseLDAPAuthentication

Inthisexercise,youlearnhowtoconfigureSambatostoreitsuseraccountsinthe
OpenLDAPdirectoryserviceyourconfiguredondahostintheprevioussectionofthis
course.
DetailedStepstoCompletetheExercise

Completethefollowingondahost:
1. StartYaSTandselectNetworkServices>SambaServer.
2. SelecttheLDAPSettingstab.

Thefollowingisdisplayed:
ConfiguringSambaLDAPSettings

3. SelectUseLDAPPasswordBackEnd.
4. Whenpromptedthatallvalueswillberewritten,selectYestocontinue.
Thevariousfieldsinthisinterfaceareautomaticallypopulatedforyouusingthedefault
valuesfoundinyourserver's/etc/openldap/ldap.conffile.
5. Verifythatthefollowingsettingsaresettothefollowingvalues:

 LDAPServerURL:ldap://127.0.0.1
UseLDAPIdmapBackEnd:Selected
LDAPServerURL:ldap://127.0.0.1
SearchBaseDN:dc=digitalairlines,dc=com
AdministrationDN:cn=Administrator,dc=digitalairlines,dc=com
6. Typeanadministrationpasswordofnovell.
7. SelectTestConnection.
8. Ifthetestwassuccessful,selectOK.
9. SelectOKtoapplyyoursettings.
10.VerifythattheLDAPintegrationoccuredcorrectly.
InYaST,selectNetworkServices>LDAPBrowser.
FromtheLDAPConnectionsdropdownlist,selectdahost.
IntheLDAPServerPasswordfield,typenovell.
SelectOK.
Expanddc=digitalairlines,dc=com.
Youshouldseethefollowingobjectsandcontainersadded:
ou=Idmap
ou=Machines
ou=group
sambaDomainName=DAHOST
LeavetheLDAPBrowserrunning.
11.Sambaenableyourgeekouser.
Openaterminalsessionandswitchtorootusingthesucommandanda

passwordofnovell.
Attheshellprompt,entersmbpasswdageeko.
Whenprompted,enteraSMBpasswordofnovell.
12.SwitchbacktoyourLDAPBrowserwindow.
13.SelectReload.
14.Expanddc=digitalairlines,dc=com.
15.Expandou=people.
Youshouldseethegeekouseradded.
16.Selectthegeekouser.
YoushouldseethatthegeekouserhasavarietyofSambarelatedattributesadded.
17.SelectClose.
WorkwithSambaShares

InPartIofthisexercise,youaccessthegeekodatashareyoudefinedearlierusingthe
smbclientutility.
InPartIIofthisexercise,youmountthegeekodatashareondahosttothefilesystemof
yourda1server.
DetailedStepstoCompletetheExercise

"PartI:AccessaSharewithsmbclient"
"PartII:MountaShareintheFileSystem"
PartI:AccessaSharewithsmbclient

Toaccessasharewithsmbclient,completethefollowing:
1. Switchtoyourda1server.
2. Ifnecessary,loginasyourgeekouserwithapasswordofnovell.
3. Openaterminalsession.
4. VerifythattheSambaserverisrespondingtoSMBrequestsbyenteringsmbclient

L//dahostattheshellprompt.
5. Whenpromptedforapassword,pressEnter.
Youshouldseealistofsharesondahost,includingthegeekodatashare.
6. AccessthedatasharebyenteringsmbclientUgeeko//dahost/geeko
dataattheshellprompt.
7. Whenpromptedforapassword,enternovell.
Youshouldseethesmb:\promptdisplayed.
8. Listthecontentofthesharebyenteringlsatthesmb:\prompt.
Youshouldseethemy_filefilethatyoucreatedearlier.
9. Copythemy_filefiletothecurrentdirectorybyenteringgetmy_fileatthesmb:\
prompt.
Youshouldseethemy_filefileappearonthedesktop.
10.Exitsmbclientbyenteringexit.
11.Closeyourterminalwindow.
PartII:MountaShareintheFileSystem

Tomountashareinthefilesystem,completethefollowing:
1. Onyourda1server,openaterminalwindowandswitchtorootusingthesu
commandandapasswordofnovell.
2. Mountthedatashareinthe/mntdirectorybyenteringthefollowingcommandatthe
shellprompt:
mounttcifsousername=geeko//dahost/geekodata/mnt
Whenpromptedforapassword,enternovell.
3. Attheshellprompt,entermount.
Youshouldseethat//dahost/geekodataismountedon/mnt.
4. Displaythecontentofthemountedsharebyenteringls/mnt/attheshellprompt.

Youshouldseethemy_filefile.
5. Umountthesharebyenteringumount/mntattheshellprompt.
6. Optional:Createanentryinthe/etc/samba/smbfstabfiletomounttheshareusingthe
rcsmbfsstartcommand.Testyourentryusingrcsmbfsstartandrcsmbfs
stop.
7. Closeyourterminalwindow.
ConfiguringSambaasaDomainController

Inthisexercise,youconfiguretheSambaserviceondahostasaPrimaryDomainController
fortheDigitalAirlinesdomain.
DetailedStepstoCompletetheExercise

Completethefollowing:
1. Switchtoyourdahostworkstation.
2. Ifnecessary,loginasgeekowithapasswordofnovell.
3. StartYaSTandselectNetworkServices>SambaServer.
4. SelecttheIdentitytab.
Thefollowingisdisplayed:
ViewingtheIdentityTab


5. TomaketheSambaserveradomaincontroller,selectPrimary(PDC)fromtheDomain
Controllerdropdownlist.
6. SelectOK.
Adialogtocreateanadministrativeaccountappears.
7. Inthefieldsprovided,typeapasswordofnovellfortheSambarootuser,thenselect
OK.
8. CloseYaST.

9. Checktheconfigurationbyopeningaterminalwindowondahostandentering
smbclientL//dahost.
10.Whenpromptedforapassword,pressEnter.
Youshouldseethatthenetlogonsharehasbeenenabledandthattheserverisnowa
masterforthedigitalairlinesdomain.
Itmaytakeafewmomentsfordahosttoappearasmaster.Ifnomasterserveris
listedintheoutputofthecommand,waitamomentandenterthecommandagain.
11.CreateaworkstationaccountinthedomainforahypotheticalWindowsXP
workstationnamedWS1.
1. Attheshellpromptondahost,switchtorootusingthesucommandanda
passwordofnovell.
2. Attheshellprompt,entergroupaddmachines.
3. Attheshellprompt,createauseraccountnamedWS1in/etc/passwdby
enteringthefollowingcommand:
useraddgmachinesd/var/lib/nobodyc"WS1WindowsXP
Workstation"s/bin/falsews1$
4. Sambaenablethemachineaccountbyenteringthefollowingcommandatthe
shellprompt:
smbpasswdamws1
Whenyoudo,themachineaccountws1$isaddedtoyourSambaaccount
database.
5. StarttheYaSTLDAPBrowsermoduleandverifythatthews1$machine
accountwascreatedintheou=Machinescontainer.

ConfigureaWebServer

Thissectioncontainsthefollowingexercises:
"ConfigureaVirtualHost"
ConfigureavirtualhostonyourApacheWebserver.
"ConfigureUserAuthentication"

Configureyourvirtualhosttousebasicauthentication.
"ConfigureSSLforaVirtualHost"
ConfigureyourvirtualhosttouseSSLencryption.
"TestPHP"
InstallandtestPHPonyourApacheWebserver.
ConfigureaVirtualHost

Inthisexercise,youconfigurevirtualhostsfortheaccounting.digitalairlines.comandthe
hr.digitalairlines.comWebsitesonyourdahostserver.
Createtheirdocumentrootsin/srv/www/accountingand/srv/www/hr,andtheir
accounting.confandhr.confconfigurationfilesinthe/etc/apache2/vhosts.d/directory.
Change/etc/apache2/listen.conftosupportnamebasedvirtualhostingandincludethetwo
domainsin/etc/hosts,pointingto172.17.8.1.
DetailedStepstoCompletetheExercise

Completethefollowingondahost:
1. IntheYaSTControlCenter,selectSoftware>SoftwareManagement.
2. FromtheFilterdropdownlist,selectPatterns.
3. MarktheWebandLAMPServerpatternandclickAccept.
4. IntheAutomaticChangesscreen,selectContinue.
Waitwhilethepackagesareinstalled.
5. Wheninstallationiscomplete,closeYaST.
6. Openaterminalwindowandswitchtorootusingthesucommandandapassword
ofnovell.
7. Openthe/etc/apache2/listen.conffileinaneditorandremovethecommentsignin
frontoftheline
NameVirtualHost*:80

Savethefileandclosetheeditor.
8. Createdirectoriesforthevirtualhostsbyenteringthefollowing(asroot)attheshell

prompt:
mkdir/srv/www/accounting
mkdir/srv/www/hr
9. Usinganeditorofyourchoice,asrootcreatetheAttheshellprompt,entervi
/srv/www/accounting/index.htmlfilewiththefollowingcontent:
<html>
<head>
<title>AccountingIntranet
Server</title>
</head>
<body>
<h1>AccountingIntranet</h1>
Underconstruction.
</body>
</html>

Savethefileandclosetheeditor.
Createa/srv/www/hr/index.htmlfilewithsimilarcontentforthehrwebsite.
NOTE:Youcanusetheaccountingindex.htmlandhrindex.htmlfilesfromthe
Exercises/Section_05directoryontheStudentDVD.
10.Intheterminalwindow,asrootchangetothe/etc/apache2/vhosts.d/directoryand
copythevirtualhosttemplatefilebyentering
cpvhost.templateaccounting.conf
11.Edittheaccounting.conffilesoitlookslikethefollowing:
<VirtualHost_default_:80>
ServerAdmin
webmaster@digitalairlines.com

ServerName
accounting.digitalairlines.com
DocumentRoot/srv/www/accounting
ErrorLog
/var/log/apache2/accounting.digitalairlines.comerror_log
CustomLog
/var/log/apache2/accounting.digitalairlines.comaccess_log
combined
UseCanonicalNameOn
ScriptAlias/cgibin/"/srv/www/cgi
bin"
<Directory"/srv/www/cgibin">
AllowOverrideNone
Options+ExecCGIIncludes
Orderallow,deny
Allowfromall
</Directory>
<Directory"/srv/www/accounting/">
OptionsIndexesFollowSymLinks
AllowOverrideNone
Orderallow,deny
Allowfromall
</Directory>
</VirtualHost>

12.Copytheaccounting.conffiletohr.confandedititsoitfitstherequirementsofthe
hr.digitalairlines.comdomain.
NOTE:Youcanfindtheaccounting.confandhr.confconfigurationfilesinthe
Exercises/Section_05directoryontheStudentDVD.
13.Fortestingpurposes,addaccounting.digitalairlines.comandhr.digitalairlines.comto

the/etc/hostsfile.
Asroot,openthe/etc/hostsfileinaneditorofyourchoice,andaddthefollowinglines
atthebottomofthefile:
172.17.8.1accounting.digitalairlines.comaccounting
172.17.8.1hr.digitalairlines.comhr

14.Testthesyntaxofyourconfigurationfilebyenteringapache2ctlconfigtestat
theshellprompt.
ThecommandshouldreturnaSyntaxOKmessage.Ifnot,inspectyourconfiguration
toidentifyandfixanyerrors.(Ifyouseea"Couldnotopenconfigurationfile
/etc/apache2/sysconfig.d/include.conf"messageyoucanignoreit,asthisfilewillbe
createdautomaticallywhenApacheisstartedinthenextstep.)
15.StarttheApachedaemonbyenteringrcapache2startattheshellprompt.
16.MakesureApachestartsautomaticallyusingthecommandinsservapache2.
17.Testyourvirtualhost.
1. StartFirefoxondahostbyselectingComputer>Firefox.
2. AccesstheAccountingvirtualhostbyentering
http://accounting.digitalairlines.com/intheURLfieldoftheFirefoxbrowser.
YoushouldseetheAccountingIntranetpagethatyoucreatedearlier.
3. AccesstheHRvirtualhostbyenteringhttp://hr.digitalairlines.com/intheURL
fieldoftheFirefoxbrowser.
YoushouldseetheHRIntranetpagethatyoucreatedearlier.
4. CloseFirefoxandanyopenterminalwindows.
ConfigureUserAuthentication

Inthisexercise,youconfigureuserauthenticationfortheAccountingvirtualhostyousetupin
thepreviousexercise.
DetailedStepstoCompletetheExercise

Completethefollowing:

1. Createyourhtpasswdfileandaddthegeekousertoitbydoingthefollowing:
1. Openaterminalsessionandchangetoyourrootuseraccountbyenteringsu
followedbyapasswordofnovell.
2. Attheshellprompt,enter
htpasswd2c/etc/apache2/htpasswdgeeko
3. Whenpromptedforapassword,enternovell.
4. Attheshellprompt,entercat/etc/apache2/htpasswd.
Youshouldseethatthegeekorecordwithanencryptedpasswordhasbeen
addedtothefile.
5. Addausernamedtuxtothefilebyenteringthefollowing:
htpasswd2/etc/apache2/htpasswdtux
6. Whenpromptedforapassword,enternovell.
2. Edityouraccounting.confvirtualhostconfigurationfileandconfigureittousebasic
authenticationbydoingthefollowing:
1. Attheshellprompt,enter
vi/etc/apache2/vhosts.d/accounting.conf
2. Withinthe<Directory"/srv/www/accounting/">directive,addthefollowinglines:
AuthTypeBasic
AuthName"Accounting
Intranet"
AuthUserFile
/etc/apache2/htpasswd
Requireusergeeko

3. Saveyourchangesandexittheeditor.
4. Checkthesyntaxoftheconfigurationfilebyenteringapache2ctl
configtestattheshellprompt.

ThecommandshouldreturnaSyntaxOKmessage.Ifnot,checkyour
configurationfileforerrorsandthenrunthecommandagain.
3. ReloadtheApachedaemonbyenteringrcapache2reloadattheshellprompt.
4. Testtheconfigurationbydoingthefollowing:
1. OpenFirefoxontheserverdesktopbyselectingComputer>Firefox.
2. IntheURLfield,enterhttp://accounting.digitalairlines.com.
YoushouldseeanAuthenticationRequiredwindow,asshownbelow:
AuthenticatingtoApache

NoticethevalueoftheAuthNameparameterisdisplayedintheAuthentication
Requiredwindow.

1. Authenticateastuxwithapasswordofnovell.
TheauthenticationshouldfailandtheAuthenticationRequiredwindowshould
beredisplayed.
2. Authenticateasgeekowithapasswordofnovell.
Becausegeekowasdefinedasarequireduser,authenticationisgrantedtothe
accountingWebsite.
2. Closeyourbrowserwindowandanyopenterminalwindows.
ConfigureSSLforaVirtualHost

Inthisexercise,youaddSSLencryptiontotheAccountingvirtualhostyouconfigured
previouslyonyourdahostworkstation.
DetailedStepstoCompletetheExercise

Completethefollowing:
1. Openaterminalsessionondahostandswitchtorootusingthesucommandand
apasswordofnovell.
2. Createthe/tmp/randomfile.
1. Attheshellprompt,enter
cat/dev/random>/tmp/random
2. Presskeysonthekeyboardandmovethemousetogeneraterandomevents.
Thiswillhelpcreatetherandomfile.Youcancontrolthesizeofthegenerated
fileinanotherterminalwindowwiththelsl/tmp/randomcommand.
3. StoptheprocessafterafewminutesbypressingCtrl+c.
3. Generateaserverkey.
1. Attheshellprompt,enterthefollowingcommand:
opensslgenrsades3out/tmp/accounting.keyrand
/tmp/random1024
2. Whenpromptedforapassphrase,enternovell.
Youshouldseeoutputsimilartothefollowing:

GeneratingtheServerKey

4. Signthekey.
1. Attheshellprompt,enterthefollowingcommand:
opensslreqnewx509key/tmp/accounting.keyout
/tmp/accounting.crt
2. Whenpromptedforapassphrase,enternovell.
3. Whenprompted,typethefollowinginformation:
Option

Value

CountryName

US

StateorProvinceName

Utah

LocalityName

Provo

OrganizationName

DigitalAirlines

OrganizationalUnitName Accounting
CommonName

accounting.digitalairlines.com

EmailAddress

webmaster@digitalairlines.com

5. Copythefilesbyenteringthefollowingcommandsattheshellprompt:

cp/tmp/accounting.key/etc/apache2/ssl.key/
cp/tmp/accounting.crt/etc/apache2/ssl.crt/
6. Modifythefilesystempermissionsfortheaccounting.keyfilesuchthatthefileowner
hasreadaccessbutallothershavenoaccessbyenteringthefollowingcommandsat
theshellprompt:
chmod400/etc/apache2/ssl.key/accounting.key
7. ModifyyourvirtualhostconfigurationfiletosupportSSL.
1. Attheshellprompt,entervi
/etc/apache2/vhosts.d/accounting.conf.
2. Changethefollowinglines:
OldValue

NewValue

<VirtualHost_default_:80>

<VirtualHost_default_:443>

ServerName
accounting.digitalairlines.com

ServerName
accounting.digitalairlines.com:443

3. AddthefollowinglinesaftertheServerNamedirective(youcancopymostof
themfrom/etc/apache2/vhosts.d/vhostssl.template):
SSLEngineon
SSLCipherSuiteALL:!ADH:!
EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/etc/apache2/ssl.crt/accounting.crt
SSLCertificateKeyFile
/etc/apache2/ssl.key/accounting.key

NOTE:TheSSLCipherSuitedirectiveanditsvalueshouldbeononeline.
4. Saveyourchangestothefileandclosetheeditor.
8. Edityour/etc/sysconfig/apache2filetosupportSSL.
1. Attheshellprompt,entervi/etc/sysconfig/apache2.

2. Makethefollowingchangestothefile:
APACHE_SERVER_FLAGS="SSL"
APACHE_START_TIMEOUT="10"

3. Saveyourchangestothefileandclosetheeditor.
9. Checkthesyntaxoftheconfigurationfilebyenteringapache2ctlconfigtestat
theshellprompt.
ThecommandshouldreturnaSyntaxOKmessage.Ifnot,checkyourconfiguration
fileforerrorsandrunthecommandagain.
10.RestartApachebyenteringrcapache2restartattheshellprompt.
11.Whenpromptedforthepassphrase,enternovell.
Youshouldseeoutputsimilartothefollowing:
StartingApachewithSSLEnabled

12.AsthepassphrasehastobeenteredeverytimetheApachedaemonstarts,youcan
preventtheWebserverfrombeingstartedautomaticallyatbootbyenteringinsserv
rapache2attheshellprompt.
13.TesttheSSLconfigurationbydoingthefollowing:
1. StartFirefoxontheserverdesktop.
2. IntheURLfieldoftheFirefoxbrowser,enter
https://accounting.digitalairlines.com/.

Youshouldseeamessagewarningyouofaselfsignedcertificateandafter
clickingOKascreensimilartothefollowing:
TestingtheSSLConfiguration

3. SelectOrYouCanAddAnException,thenselectAddException.
4. OntheAddSecurityExceptionscreen,selectGetCertificate.

5. SelectConfirmSecurityException.
6. Inthelogindialog,enterausernameofgeekowithapasswordofnovell.
AccessingApacheviaSSLEncryption

Noticeinthebottomrightcornerofthescreen,thelockiconthatindicatesthe
connectionissecured.

6. CloseFirefoxandallopenterminalwindows.
TestPHP

Inthisexercise,youtestPHPondahostbycreatingafilethatcallsthephpinfo()function.
BasicPHPfunctionalityisalreadyinstalledwiththeLAMPpattern.
DetailedStepstoCompletetheExercise

Completethefollowing:
1. StartYaSTandselectSoftware>SoftwareManagement.
2. FromtheFiltermenu,selectSearch.
3. EnterphpintheSearchfield;thenselectSearch.
4. Verifythattheapache2mod_php5andphp5packageshavebeeninstalledandifthey
haven't,installthem.
5. CreateatestPHPfilebydoingthefollowing:
1. Openaterminalsessionandswitchtorootusingthesucommandanda
passwordofnovell.
2. Attheshellprompt,entervi/srv/www/hr/php_info.phpandaddthe
followinglinestothefile:
<?PHP
phpinfo();
?>

3. saveyourchangesandclosetheeditor.
4. OpenFirefoxontheserverdesktopandenter
http://hr.digitalairlines.com/php_info.php.
YoushouldseethePHPversioninformationpagedisplayed.
6. Closeyourbrowserwindowandallterminalwindows.

InternetProtocolVersion6(IPv6)

Thissectioncontainsthefollowingexercise:
"ConfigureIPv6"
ConfigureandusedifferentaspectsofIPv6.
ConfigureIPv6

Inthisexercise,youconfigureandusedifferentaspectsofIPv6.
Thisexercisehastwoparts.
Inthefirstpartyouping6da1fromdahost,usingthelinklocalIPv6address.Inthesecond
part,yousetagloballyuniqueIPv6addressandconfiguretherouteradvertisementdaemon
todistributeyourIPv6prefixtoothermachines.
DetailedStepstoCompletethisExercise

"PartI:UseLinkLocalAddressestoping6OtherHosts."
"PartII:Setupradvd"
PartI:UseLinkLocalAddressestoping6OtherHosts.

Tousethelinklocaladdress,dothefollowing:
1. Ifnecessary,starttheVMwareplayerandtheda1virtualmachine.
2. Logintoda1asgeeko,openaterminalwindowandsutoroot(password:novell).
3. Intheterminalwindowonda1,enteripaddressshowandnotetheIPv6linklocal
addressoftheeth0interface(inet6fe80...scopelink).
4. Onyourhostdahost,loginasgeeko,openaterminalwindow,andsutoroot
(password:novell).
5. Intheterminalwindowondahost,enteripaddressshowandnotetheIPv6link
localaddressofthevmnet1interface.
vmnet1istheVMwareinterfacethatisusedtoconnecttoda1usingahostonly
network.
6. Pingyourowninterfaceusingthecommand
ping6Ivmnet1ipv6_address_of_vmnet1

Stoptheping6byeneteringCtrl+c.
7. Pingda1usingtheIPv6addressestablishedinstep3andthecommand
ping6Ivmnet1ipv6_address_of_eth0da1
Stoptheping6byeneteringCtrl+c.
PartII:Setupradvd

ThisexerciseyousetanIPv6addressandconfigureradvdonda1.
Dothefollowing:
1. Onda1,inaterminalwindowasroot,installtheradvdpackageusingthecommand
yast2iradvd
2. Onda1,addanIPv6address(fromtherangereservedforexamplesand
documentation)totheeth0interfacewiththecommand
ipaddressadd3fff:ffff::1/64deveth0
3. ViewtheIPv6addressesoftheeth0interfacewiththecommand
ipaddressshowdeveth0
Theaddressyoujustaddedhasthescope"global."
4. Inaneditor,openthe/etc/radvd.conffileandscrolldowntothefollowinglines.
#
#exampleofastandardprefix
#
prefix2001:db8:1:0::/64

5. Changethelinebeginningwithprefixtoread
prefix3fff:ffff::/64

6. Addthefollowinglinestothesectionbelowyourprefix:
AdvPreferredLifetime120;

AdvValidLifetime300;

Thewholesectionshouldlooknowlikethefollowing:
#
#exampleofastandardprefix
#
prefix3fff:ffff::/64
{
AdvOnLinkon;
AdvAutonomouson;
AdvRouterAddroff;
AdvPreferredLifetime120;
AdvValidLifetime300;
};

7. Deletealllinesbelowtheabovesection,withtheexceptionofthelastlinethatreads
};

8. Savethefileandclosetheeditor.
9. TurnonIPv6routingonda1withthecommand
echo1>/proc/sys/net/ipv6/conf/all/forwarding
10.Startradvdwiththecommand
rcradvdstart
11.Ondahost,inaterminalwindow,enter
ip6asdevvmnet1
YoushouldseethattheinterfacehasnowanadditionalIPv6addresswiththeprefix
3fff:ffffandthescope"globaldynamic."

12.Ondahost,ping6da1usingtheIPaddressyouaddedinstep1withthecommand
ping63fff:ffff::1
13.Fromdahost,logintoda1usingtheIPaddressyouaddedinstep1withthe
command
ssh3fff:ffff::1
Enteryeswhenpromptedandthepasswordnovell.
Youareloggedintoda1.
14.Logoutfromda1byenteringexit.

PerformaHealthCheckandPerformanceTuning

Thissectioncontainsthefollowingexercise:
"AnalyzeSystemPerformance"
Analyzesystemperformanceandreduceresourceutilization.
AnalyzeSystemPerformance

Inthisexercise,youanalyzesystemperformanceandreducesourceutilization.
Inthefirstfourparts,youanalyzeprocessor,memory,harddisk,andnetworkutilization.
Inthefifthpart,youreducetheresourceutilizationofaSUSELinuxEnterpriseServer11
system.
DetailedStepstoCompletethisExercise

"PartI:AnalyzeProcessorUtilization"
"PartII:AnalyzeMemoryUtilization"
"PartIII:AnalyzeHardDiskUtilization"
"PartIV:AnalyzeNetworkUtilization"
"PartV:ReduceResourceUtilization"

PartI:AnalyzeProcessorUtilization

Dothefollowing:
1. MakesurethatyouhaveinstalledtheC/C++CompilerandToolssoftwarepatternas
wellasthekernelsourcepackage.
Ifthesepackagesarenotinstalled,installthemwiththeYaSTsoftwareinstaller.
2. Openaterminalwindow.
3. Entertop.
Watchtheinformationaboutthesystemloadandtheprocesslistforafewmoments.
4. Openasecondterminalwindowandsutoroot.
5. Enterthefollowingcommands:
cd/usr/src/linuxmakecloneconfig
NOTE:Ifthe/usr/src/linuxdirectorydoesnotexist,youneedtoinstallthekernel
sourcepackage.
6. Whenthesecondcommandfinishes,startaLinuxkernelcompilationbyenteringmake
bzImage.
Thecompilationgeneratesahighloadonthesystem.
7. Atthefirstterminalwindow,watchtheloadnumbers.
Noticethattheloadvaluesareconstantlyrising.Thethreevaluesdifferastheydisplay
theaverageofthreedifferentperiodsoftime.
8. Waituntiltheloadaverageofthelastminutevaluehasreached1,thenquitthe
compilationprocessinthesecondterminalwindowbypressingCtrl+C.
9. Atthesecondterminalwindow,restoretheinitialstatebyenteringmakeclean.
10.Atthefirstterminalwindow,watchtheloadvaluesforafewmoments.
Noticethatthevaluesdecrease.
11.Endthetopprogrambytypingq.

PartII:AnalyzeMemoryUtilization

Dothefollowing:
1. IfserversarerunninginVMware,shutthemdown.
2. Makesurethatthesysstatpackageisinstalled:
rpmqsysstat||yast2isysstat
3. Rebootyoursystemandaddthemem=256mkernelparameteratthebootprompt.
Thisreducestheamountofavailablemainmemorytomakeiteasiertodemonstrate
swapping.
NOTE:IfyouhaveXeninstalled,selecttheregularoptionatthebootpromptandnot
theXensystem.
4. Login,opentwoterminalwindows,andsutorootinbothterminals.
5. Atthefirstterminalwindow,entervmstat1.
6. Watchthevmstatoutputforafewmoments,especiallythesi(swapin)andso(swap
out)columns.
7. Atthesecondterminalwindow,enter
cd/usr/src/linux.
makej20bzImage
8. Atthefirstterminalwindow,watchthesoandsicolumnsforafewminutes.
9. Atthesecondterminalwindow,stopthemakeprocessbypressingCtrl+C.
10.Atthefirstterminalwindow,watchastheswapactivitydeclines.
11.TerminatethecommandvmstatbypressingCtrl+C.
12.Atthesecondterminalwindow,enter
makeclean.
13.Rebootyoursystemwithoutthememparametertomakethefullinstalledmain
memoryavailableagain.

PartIII:AnalyzeHardDiskUtilization

Dothefollowing:
1. Opentwoterminalwindowsandsutorootinbothterminals.
2. Installthebonniefilesystembenchmarkbyenteringinoneoftheterminals
yast2ibonnie
3. Atthefirstterminalwindow,enterthefollowing:
iostatx2/dev/sda
Ifyourrootpartitionisonadifferentdevicethansda(suchassdc),adjustthe
commandaccordingly.
4. Watchtheoutputofiostatforawhile,particularlytheawaitandsvctmcolumns.
5. Inthesecondterminalwindow,enter
bonnies1024.
6. Watchtheiostatvaluesintheawaitandsvctmcolumns.
Noticethatbothvaluesarerisingduetohighdiskutilizationcausedbythebonnie
command.
7. Atthesecondterminalwindow,stopbonniebypressingCtrl+c.
8. Watchhowtheawaitandsvctmtimesdecreaseagain.
9. EndiostatbypressingCtrl+c.
10.Closebothterminalwindows.
PartIV:AnalyzeNetworkUtilization

Dothefollowing:
1. Ifyourda1serverisnotrunningstarttheVMwareplayerandtheda1server.
2. Ondahost,makesurethatthekdebase4workspacepackageisinstalledonyour
system:
rpmqkdebase4workspace||yast2ikdebase4workspace

Ifitisnotinstalled,theabovecommandwillinstallseveralKDEpackagesthatare
requiredbythekdebase4workspacepackage.
3. Openaterminalwindowandsutoroot.
4. Enterksysguard.
5. Onthemenubar,selectFile>NewWorksheet.
6. SpecifyatitleofNetwork.
7. Select2rowsand1columns.
8. SelectOK.
9. OntherightsideoftheKDESystemGuardwindow,browsetoNetwork>Interfaces>
vmnet1.
10.OpenReceiverandTransmitter.
11.DragthePacketssensorfromtheReceiveranddropitintotheupperpartofthe
Networkworksheet.
12.Forthedisplaymode,selectLineGraph.
13.DragthePacketssensorfromtheTransmitteranddropitinthelowerpartofthe
Networkworksheet.
14.Forthedisplaymode,selectLineGraph.
15.Watchthenetworkactivityforafewmoments.
16.Openaterminalwindowandsutoroot.
17.Producesomenetworkloadwiththeda1systembyenteringthefollowing:
pingfda1.digitalairlines.com
18.Watchthenetworkloadriseinthereceiverandthetransmitter.
19.TerminatethepingcommandbypressingCtrl+c.
20.Closetheterminalwindow.
21.Watchhowthenetworkloadgoesdownagain.

22.ClosetheKDESystemGuardwindow.
PartV:ReduceResourceUtilization

Dothefollowing:
1. Onda1,logoutoftheGnomedesktopenvironmentandrebootyourda1system.
2. WhentheGDMloginappearswithintheVMwareplayer,changetoatextconsoleby
pressingCtrl+Alt,and,whileCtrl+Altarestillpressed,pressSpaceandthenF2.
3. Onthetextconsole,loginasroot.
4. Enterfree.
Notetheamountoffreephysicalmemory:
5. Rebootyourda1systembyenteringreboot.
Atthebootprompt,enter3.
Thesystembootstorunlevel3.
6. Loginasroot,thenenterfree.
7. Comparetheamountoffreephysicalmemorywiththenumberyounotedearlier.
Noticethatrunlevel3useslessmemorythanrunlevel5.
NOTE:Thesuccessofthisdependsontheamountoffreememoryyouhaveavailable
onyourhardware.
8. Switchtorunlevel5byenteringinit5.
9. Loginasgeekowithapasswordofnovell.

CreateShellScripts
Introduction

Theexercisesinthissectionhaveadifferentformatthantheotheronesyouknowinthis
course.
Developingshellscriptsismainlyacreativetask.Therefore,youwon'tfinddetailed,stepby
stepinstructionshere.Instead,moregeneralgoalsaredefinedandyouarefreetofindyour
ownsolution.

Ifyouneedhelpatanypoint,refertothecorrespondingsectionofthecoursemanual.The
exercisesarebasedonthecourseproject(backupscript).Youcanalsofindallexample
scriptsonthecourseDVD.
Somepartsoftheexercisesaremarkedasoptional.Thesepartsarenotcoveredinthe
coursemanual,andtheyshouldbeseenaschallengeandinspirationforfurther
improvements.
Inthissectionoftheworkbook,youcanfindthefollowingexercises:
"CreateaSimpleShellScript"
Createyourfirstshellscript.
"UseVariablesandCommandSubstitution"
Usevariablesandcommandsubstitution.
"UseanifControlStructure"
Expandthebackupscriptwiththeuseofanifcontrolstructure.
"UseawhileLoop"
Useawhilelooptoiteratethroughthepositionalparametersincludedonthecommand
line.
"UseArithmeticOperators"
Usearithmeticoperators
"ReadUserInput"
Readuserinputandprocesstheinputinyourscript
"UseArrays"
Usearrays
"UsersynctoKeepVersionsofFiles"
Usersynctokeeppastversionsofyourfiles.
"UseShellFunctions"
Useshellfunctions.

CreateaSimpleShellScript

Inthisexercise,youcreateyourfirstshellscript.
Dothefollowing:
Openatexteditoracreateashellscriptthatbacksupthe/home/geekodirectorytothe
/backupdirectory.Thescriptshouldalsoprintamessagewhenit'sstarted.
Makesurethatthescriptcanbedirectlyexecutedatthecommandline.
Executethescriptandcorrectanyerrors.Asrootcreatethe/backupdirectoryandmakesure
geekocanwritetoit.Asgeekouser,runthescriptagain.
UseVariablesandCommandSubstitution

Inthisexercise,youusevariablesandcommandsubstitution.
Dothefollowing:
EnhancethescriptbydefiningaNAMEvariablewiththevalue"geeko"andreplacing
occurrencesoftheusernamereferencewiththecontentofthisvariable.
Changethersynccommandtobemoreverboseandredirecttheoutputofrsynctothe
/backup/backuplog_YYYYMMDDhhmmfile.
UseanifControlStructure

Inthisexercise,yourlearnhowtouseanifcontrolstructure.
Dothefollowing:
Inadditiontohavingyourscriptwritealogandanerrorlogfile,havethescriptmailthese
filestotheusergeeko,dependingonthereturnvalueofthersynccommand.
Optional:Dothesamewithacasestatement.
UseawhileLoop

Inthisexercise,youuseawhilelooptoiteratethroughthepositionalparametersincludedon
thecommandline.
Dothefollowing:
Changethescripttobackupeachfileordirectorygivenonthecommandlineasparameters
tothebackupscript.Usetheshiftcommandandawhilelooptoprocesseachofthe
positionalparameters$1,$2,etc.

Seethemanualfordetailsandanexamplescript.
Optional:Dothesame,butuseanuntilloopinstead.
Optional:Dothesame,butuseaforloopinstead.
UseArithmeticOperators

Inthisexercise,youusearithmeticoperators.
Dothefollowing:
Modifyyourscriptsothatthenumberofparametersisusedtodetermineifthewhileloopis
runthroughornot.Use$#,whichcontainsthenumberofparametersonthecommandline
andacounterthatcountstheiterationsthroughthewhileloop.
Optional:Useanuntilloopinsteadofawhileloop.
ReadUserInput

Inthisexercise,youreaduserinputandprocesstheinputinyourscript.
Dothefollowing:
Modifyyourscriptinthefollowingway:Insteadofprocessingfilesanddirectoriesenteredon
thecommandline,asktheusertotypethefilesanddirectorieshewantstobackup.Backup
thefilesanddirectoriestothe/backupdirectory.
Optional:Changethescripttoallowtheusertoenterfilenamesthatcontainspaces.
UseArrays

Inthisexercise,youusearrays.
Dothefollowing:
Letyourscriptreadthedirectoriestheuserwantstobackupintoanarray.Thenusethe
arraytobackupthosedirectories.
UsersynctoKeepVersionsofFiles

Inthisexercise,youusersynctokeeppastversionsofyourfiles.
Dothefollowing:
Createascriptthatcreatesaninitialbackuptoa/backup/YYYYMMDDhhmmdirectory.

Insteadofcreatingafullbackuponeachsubsequentrunofthescript,letrsynccreatehard
linkstofilesinthepreviousbackupifthefileshavenotchanged,usingthelinkdest=option
ofrsync.
Removeoldbackupdirectoriessothattherearenotmorethanacertainnumberofbackup
directories.
Createacronjobthatcallsthescriptatregularintervals,suchaseverytwohours.
UseShellFunctions

Inthisexercise,youlearnhowtouseshellfunctions.
Dothefollowing:
1. Reviewthefollowingfunction:
#Prompttheusertoanswerwith"yes"or"no".
#Thequestionitselfissuppliedasan
argument
#whencallingthefunction,for
example:
#"yesnoDoyouwanttocontinue?"
yesno(){
whiletrue
do
echoe"$*"
echo"Pleaseanswerbyentering(y)esor
(n)o:"
readANSWER
case"$ANSWER"in
[yY]|[yY][eE][sS])
return0
;;
[nN]|[nN][oO])
return1

;;
*)
echo"Icannotunderstandyouover
here."
;;
esac
done}

Thisfunctionaskstheusertoenteryorn.Dependingontheanswer,thefunction
returns0or1.Iftheansweriswrong,anerrormessageisdisplayed.
Thecommandecho"$*"isusedtoprintaquestion,whichispassedasaparameter
tothefunction.
2. Integratetheaboveyesnofunctioninthebackupscriptfromexercise"UseArrays",so
thatthedirectoriestobackuparedisplayedforconfirmationbeforetheyarebacked
up.
Usetheyesnofunctiontointerprettheuser'sanswer.On"yes,"startthebackup.On
"no,"havetheuserchoosethedirectoriesagain.
Hint:Useanifstructuretointerpretthereturnvalueoftheyesnofunction.

DeploySUSELinuxEnterprise11

Thissectioncontainsthefollowingexercises:
"SetUpanInstallationServer"
Setupaninstallationserverandanaddonrepository.
"SetUpPXEBootforinstallations"
SetupaTFTPserver,fillthe/tftpbootdirectorywiththefilesneededforPXEbootand
setupaDHCPserver.
"CreateanAutoYaSTControlFile"
CreateanAutoYaSTcontrolfilebyusingtheCreateReferenceProfilefeatureofthe
YaSTAutoYaSTmodule.

 "ActivatePXEBootingandInstallSUSELinuxEnterpriseServer"
BootyourmachineusingPXEandstarttheinstallationofSUSELinuxEnterprise
Server11.
SetUpanInstallationServer

Inthisexercise,yousetupaninstallationserverandanaddonrepository.
Inthefirstpart,copythefilesoftheinstallationDVDtoadirectoryandmakethisdirectory
accessibleoverthenetworkusingNFS.
Inthesecondpart,prepareanaddonproductsrepositorytoallowtheinstallationof
additionalRPMs.
DetailedStepstoCompletetheExercise

"PartI:PreparetheInstallationRepository"
"PartII:SetUpanAddonProductsRepository"
PartI:PreparetheInstallationRepository

Topreparetheinstallationrepository,dothefollowingondahost:
1. Ataterminalwindow,sutoroot(password:novell).
2. Createthe/srv/installrepo/sles11/CD1directoryusingthecommand
mkdirp/srv/installrepo/sles11/CD1
3. InserttheSUSELinuxEnterpriseServer11DVD,thencopythecontentoftheDVDto
thedirectoryyoujustcreatedusingthecommand
cpa/media/SUSE_SLES1100.001/*/srv/installrepo/sles11/CD1
NOTE:Somestepsinthisexerciserefertothe/srv/installrepo/sles11/CD1directory
astherootoftheinstallationdirectory.
4. Ascopyingthecontentwilltakesometime,openanotherterminalwindow,suto
root(password:novell).
5. Editthe/etc/exportsfiletoaddthefollowingline:
/srv/installrepo/sles11*(ro,sync,no_subtree_check)

6. RestarttheNFSserverusingthecommand

rcnfsserverrestart
7. MakesuretheNFSserverisstartedeverytimethesystemstartsupbyentering
insservnfsserver
NOTE:YoucanalsousetheYaSTInstallationServermoduletoaccomplishtheabove.
PartII:SetUpanAddonProductsRepository

ToaddarepositoryforaddonproductsorRPMsofyourown,dothefollowing:
1. Ataterminalwindowasroot,installtheinstsourcutilspackageifnotyetinstalled,
usingthecommand
rpmqinstsourceutils||yastiinstsourceutils
2. Createthedirectorystructureforthefilesyouwanttomakeavailable,usingthe
command
create_update_source.sh/srv/installrepo/sles11/CD1
3. Explorethedirectorystructurecreatedinthe/srv/installrepo/sles11/CD1/updates/
directoryusingls.
4. Createthe/srv/installrepo/sles11/CD1/updates/suse/i586directoryusingthemkdir
command.
5. InserttheStudentDVDfromyourStudentKitintotheDVDdriveandcopythe
Exercises/Section_09/tree1.5.12.8.i586.rpmfilefromtheStudentDVDtothe
/srv/installrepo/sles11/CD1/updates/suse/i586directory.
6. Changetothe/srv/installrepo/sles11/CD1/updates/suse/directoryandrunthe
command
create_package_descrxsetup/descr/EXTRA_PROV
7. Changetothe/srv/installrepo/sles11/CD1/updates/suse/setup/descr/directory.
8. Viewthecontentofthepackages,packages.en,andpackages.DUfilesinthe
/srv/installrepo/sles11/CD1/updates/suse/setup/descr/directoryusingcat.
9. Inthe/srv/installrepo/sles11/CD1/updates/suse/setup/descr/directoryrun
ls>directory.yast

10.Changetothe/srv/installrepo/sles11/CD1/updates/directoryandrunthecommand
create_sha1sumsxn.
(Notethedotattheendofthecommandforthecurrentdirectory.)
11.Viewthecontentfileusingcat.
12.LookupyourcurrentIPaddressofthephysicalinterfaceconnectedtoother
computersinyournetwork(usuallyeth0)usingtheipaddressshowcommandand
recordithere:
IPaddress:
13.Changetothe/srv/installrepo/sles11/CD1/directory(therootoftheinstallation
repository).
14.Intherootoftheinstallationrepository,useatexteditortocreatean
add_on_products.xmlfilewiththefollowingcontent:
<?xmlversion="1.0"?>
<add_on_products
xmlns="http://www.suse.com/1.0/yast2ns"
xmlns:config="http://www.suse.com/
1.0/configns">
<product_itemsconfig:type="list">
<product_item>
<name>SLES11Addons</name>
<url>nfs://your_ip/srv/install
repo/sles11/CD1/updates</url>
<path>/</path>
<ask_user
config:type="boolean">false</ask_user>
<selected
config:type="boolean">true</selected>
</product_item>
<!Anotherproductitem>
<product_item/>

</product_items>
</add_on_products>

15.Savethefileandclosetheeditor.
16.CreateaSHA1SUMSfile,containingtheSHA1hashvalueofthefileyoujustcreated,
usingthecommand
sha1sumadd_on_products.xml>SHA1SUMS
17.Createagpgpublicprivatekeypairusingthecommand
gpggenkey
Usethedefaultvaluesandanswerthequestions(name,emailaddress,comment)
appropriately.Forthepurposesofthisexerciseyoucanuseasimplepasswordlike
"secret".
Ifyougeta"Can'tconnectto'/root/.gnupg/S.gpgagent'"message,switchtoatext
console(Ctrl+F1),loginasroot,enterthegpgcommandasabove,thenswitchback
tothegraphicalinterfacd(Ctrl+F7).
18.SigntheSHA1SUMSfilewiththecommand
gpgbsignarmorSHA1SUMS
or
gpgbsignarmoruyour_keyID>SHA1SUMS
with,forinstance,theemailaddressyouenteredinStep17asyour_keyID.
ThiswillcreatetheSHA1SUMS.ascfile.
Ifyougeta"Can'tconnectto'/root/.gnupg/S.gpgagent'"message,switchtoatext
console(Ctrl+F1),loginasroot,changetothe/srv/installrepo/sles11/CD1directory,
enterthegpgcommandasabove,andswitchbacktothegraphicalinterfacd(Ctrl+F7).
19.ExportyourGPGpublickeytotheSHA1SUMS.keyfile,usingthefollowingcommand
(with,forinstance,theemailaddressyouenteredinStep17asyour_keyID):
gpgexportarmoryour_keyID>SHA1SUMS.key
20.Createanupdateddirectory.yastfileintherootofyourinstallationrepositorywiththe
command

ls>directory.yast
21.SignthecontentfilecreatedinStep10:
cdupdates/
gpgbsignarmorcontent
Thiswillcreatethecontent.ascfile.
Ifyougeta"Can'tconnectto'/root/.gnupg/S.gpgagent'"message,switchtoatext
console(Ctrl+F1),loginasroot,changetothe/srv/installrepo/sles11/CD1/updates
directory,enterthegpgcommandasabove,andswitchbacktothegraphicalinterfacd
(Ctrl+F7).
22.Ifyouwanttouseadifferentnameorlocationfortheupdatesdirectory,suchasadd
onsor/srv/installrepo/sles11/addons,proceedasfollows:
1. Renametheupdatesdirectoryusingthemvcommand.
2. Edit<url>...</url>entryintheadd_on_products.xmlfiletoreflectthenewname
orlocationoftherepository.
3. CreateanewSHA1SUMSfileintherootdirectoryoftheinstallationrepository,
usingthecommand
sha1sumadd_on_products.xml>SHA1SUMS
4. SigntheSHA1SUMSfileasinStep18,overwritingtheexisting
SHA1SUMS.ascfile.
23.ToincludeyourGPGpublickeyintheinitrd,enterthefollowingcommands:
cd/tmp
cp/srv/installrepo/sles11/CD1/SHA1SUMS.keymykey.gpg
cp/srv/installrepo/sles11/CD1/boot/i386/loader/initrd.
mvinitrdinitrd.gz
gunzipinitrd.gz
findmykey.gpg|cpiooAFinitrdHnewc
gzipinitrd

Youwillcopythenewinitrd.gzfileyoujustcreatedtothe/tftpbootdirectoryinalater
exercise.
SetUpPXEBootforinstallations

Inthisexercise,setupaTFTPserver,fillthe/tftpbootdirectorywiththefilesneededforPXE
boot,andsetupaDHCPserver.
Inthefirstpart,installthetftppackageandconfigurexinetdtolistenonport69forTFTP
requests.
Inthesecondpart,copythefilesneededforPXEboottothe/tftpbootdirectoryandcreatea
defaultpxelinuxconfigurationfilethatcanbeusedtoinstallclients.
Inthethirdpart,youworktogetherwithanotherstudent.Installthedhcpserverpackageand
configuretheDHCPservertoprovideanIPaddresstoyourpartner'scomputerandanyother
neededinformationtobootthepartner'scomputerusingPXE.
Inthefourthpart,testyoursetup.
DetailedStepstoCompletetheExercise

"PartI:InstallandConfigureTFTP"
"PartII:Configurepxelinux"
"PartIII:ConfiguretheDHCPServer"
"PartIV:TestYourSetup"
PartI:InstallandConfigureTFTP

ToconfigureTFTP,dothefollowing:
1. Ataterminalwindow,sutoroot(password:novell).
2. Installthetftppackageusingthecommand
yastitftp
3. CreatethedirectorytoholdthefilesthatwillbeservedbytheTFTPserverbyentering
thecommand
mkdir/tftpboot
4. Editthe/etc/xinetd.d/tftpfiletoputacommentsigninfrontofthelinedisable=yesand

addrblksizetotheserver_argsline.
Thefileshouldthenlooksimilartothefollowing:
#default:off
#description:tftpserviceis
providedprimarilyfor
#bootingorwhenarouterneedan
upgrade.Mostsites
#runthisonlyonmachinesactingas
"bootservers".
servicetftp
{
socket_type=dgram
protocol=udp
wait=yes
user=root
server=
/usr/sbin/in.tftpd
server_args=s/tftpbootr
blksize
#disable=yes
}

5. Startxinetdusingthecommand
rcxinetdstart
6. Makesurexinetdisstartedeverytimethesystemstartsupbyentering
insservxinetd
PartII:Configurepxelinux

Toconfigurepxelinux,dothefollowing:

1. Ataterminalwindow,sutoroot(password:novell).
2. Installthesyslinuxpackageusingthecommand
rpmqsyslinux||yastisyslinux
3. Createthe/tftpboot/pxelinux.cfgdirectory.
4. Copythe/usr/share/syslinux/pxelinux.0fileto/tftpboot,thendothesamewiththelinux
andmessagefilesfromthe/srv/instalrepo/sles11/CD1/boot/i386/loader/directory.
Copytheinitrd.gzyoucreatedinStep23filetothe/tftpbootdirectoryusingthe
command
cp/tmp/initrd.gz/tftpboot/initrd
5. Usinganeditor,createa/tftpboot/pxelinux.cfg/defaultfilethatcontainsthefollowing:
defaultharddisk

#SLES11
labelSLES11
kernellinux
appendinitrd=initrd
install=nfs://your_IP/srv/installrepo/sles11/CD1

#harddisk(default)
labelharddisk
localboot0

implicit0
displaymessage
prompt1
timeout100

AdapttheIPaddressoftheNFSserveraccordingtoyoursetupandmakesurethat
theoptionsafterappendarewritteninoneline.
6. Editthefile/tftpboot/messagetomatchyourdefaultfile.
Itshouldlooksimilartothefollowing:
Tobootfromharddisk,justpress<return>.
Availablebootoptions:
SLES11InstallationofSLES11

PartIII:ConfiguretheDHCPServer

ToconfiguretheDHCPserver,dothefollowing:
1. Ataterminalwindow,sutoroot(password:novell).
2. InthemainmenuofYaST,selectSoftware>SoftwareManagement.
3. Searchfordhcp,selectdhcpserverfromthesearchresults,thenselectAccept.
4. Ifadditionalpackagesneedtobeinstalled,selectContinue.
5. Editthe/etc/sysconfig/dhcpdfileandaddthenameofyourinterfacetothe
DHCPD_INTERFACEparameter.
Thelineshouldlooklikethefollowing:
DHCPD_INTERFACE="eth0"

6. LookupyourcurrentIPaddressoneth0usingtheipaddressshowcommandand
recordithere:
IPaddress:
7. Getthefollowingvaluesfromyourpartner,
Partner'scomputerIPaddress:
CorrespondingMACaddress:
NOTE:Youcanpingyourpartner'sIPaddressandthenusethearpcommandina
terminalwindowtofindouttheMACaddressofhisnetworkinterfacecard.

8. Editthe/etc/dhcpd.conffilebyaddingthevaluesestablishedinthepreviousstepinthe
hostdeclarationasshownbelow.
ThiswillmakesurethatyourDHCPserverdistributesanIPaddressonlytoyour
partner'scomputeranddoesnotinterferewithotherstudents.
Your/etc/dhcpd.confshouldlooksimilartothefollowing:
#
#/etc/dhcpd.conf
#
ddnsupdatestylenone;
#
#specifydefaultandmaximumlease
time
#
defaultleasetime600;
maxleasetime7200;
#
#WhatistheDNSdomainandwhereis
thenameserver?
#
optiondomainname
"digitalairlines.com";
optiondomainnameservers
172.17.8.101;
#
#Thisisarouteradapttoyour
network
#
optionrouters172.17.8.1;
#
#Asubnet

#(Usethevaluesthatfityoureth0
device)
#
subnet172.17.0.0netmask255.255.0.0
{
}
#
#Thisdhcpserverservesjustone
machine
#Usethevaluesestablishedinthe
previousstep
#
hostda49{
fixedaddress172.17.8.149;
hardwareethernet00:11:22:33:44:55;
}
#
#Parametersnecessaryforbootpand
PXE
#
allowbootp;
#yourmachine'sIP:
nextserver172.17.8.110;
servername"da
host.digitalairlines.com";
filename"pxelinux.0";

9. StarttheDHCPserverwiththercdhcpdstartcommandandwatchforanyerror
messagesandcorrectyour/etc/dhcpd.conffileasneeded.
10.MakesuretheDHCPserverisstartedeverytimethesystemstartsupbyentering

insservdhcpd
PartIV:TestYourSetup

TotestyourPXEsetup,dothefollowing:
1. (Conditional)IfthereisanotherDHCPserverrunningthatdistributesaddressestoyour
eth0interface,turnitoffor,ifinaclassroom,asktheinstructortoturnitoff.
2. Decideonwhichofyourmachines(yoursoryourpartner's)willactasinstallation
server.
3. Onthemachinethatactsasinstallationserver,checkinYaSTiftheeth0interface
usesDHCP;ifso,changetheconfigurationtoafixedIPaddressusingtheIPaddress
DHCPassignedtoyourmachineforeth0,asestablishedinPartIII,Step6
4. Reboottheothermachine.
MakesuretheBIOSisconfiguredtoallowbootingviathenetworkcard.
ThecomputershouldgettheIPaddressfromtheDHCPserverrunningonitspartner's
computeranddisplaythemessagefile.
5. EnterSLES11attheprompt.ThecomputershouldfetchthenecessaryfilesviaTFTP
andshouldstartYaST.
ApossiblesourceoferrorsisSuSEfirewallrunningontheinstallationserver,forbidding
accesstotheTFTPservice.Checkthisbyenteringasrootataterminalwindow
rcSuSEfirewallstatusandifSuSEfirewallisrunning,stopitwith
rcSuSEfirewallstop.
6. Totestyouraddonrepository,proceedwiththeinstallationworkflowuptothe
InstallationSettingsdialog,acceptingthesuggesteddefaultvalues(attheInstallation
ModeScreen,donotselectIncludeAddOnProducts).
7. IntheInstallationSettingsdialog,selectSoftware>DetailsandintheFilterdropdown
menuselectSearch.IntheSearchtextbox,typetreeandclickSearch.
Thetreepackageshouldappearintheupperrightpaneofthedialog.
Ifitdoesnotappear,thereisanerrorintheconfigurationofyouraddonrepository
(seeSetUpanInstallationServer,"PartII:SetUpanAddonProductsRepository"
8. Donotprocedewiththeinstallation,butresetthecomputerandbootSUSELinux
EnterpriseServer11fromtheharddisk.

9. Oncetheserverisrunningagain,switchrolesandrebootthemachinethatactedas
theDHCPserverbefore.
CreateanAutoYaSTControlFile

Inthisexercise,createanAutoYaSTcontrolfilebyusingtheCreateReferenceProfilefeature
oftheYaSTAutoYaSTmodule.
DetailedStepstoCompleteThisExercise:

TocreateaAutoYaSTcontrolfile,dothefollowing:
1. StartYaSTandselectMiscellaneous>Autoinstallation.
2. SelectTools>CreateReferenceProfile.
3. IntheCreateReferenceControlFiledialog,selectthefollowingentries,thenclick
Create.
BootLoader
PackageSelection
Partitioning
UserandGroupManagement
4. Browsethroughthecreatedprofilebyselectingsectionsofthetreeontheleftsideof
thedialogandselectingentriesinthemainwindow.
Changetheconfigurationifyoulike.
5. SavethefilebyselectingFile>Save,typingsles11.xmlasthefilename,thenselecting
Save.
6. Ataterminalwindow,sutoroot(password:novell).
7. Reviewthe/var/lib/autoinstall/repository/sles11.xmlfileinaneditor,thenquittheeditor
whendone.
ActivatePXEBootingandInstallSUSELinuxEnterpriseServer

Inthisexercise,workwithafellowstudent(oruseasecondcomputerifthereisnoonewith
whomtodotheexercise)tobootyourmachineusingPXEandstarttheinstallationofSUSE
LinuxEnterpriseServer11.

NOTE:AprerequisiteforthisexerciseisanetworkcardthatisPXEcapable.
DetailedStepstoCompleteThisExercise:

ToactivatePXEbootandtostarttheinstallationofSUSELinuxEnterpriseServer11,dothe
following:
1. Decidewithafellowstudentwhosemachineyouwilluseastheinstallationserverand
whichofyouwillreboothiscomputer.
2. Createthe/srv/installrepo/sles11/ay/directoryandcopytheautoyastfileyoucreated
intheexercise"CreateanAutoYaSTControlFile"intothisdirectoryassles11.xml.
3. Ontheinstallationserver,makesurethatthefile/tftpboot/pxelinux.cfg/defaultcontains
theautoyastparameterintheappendline,usingyourownIPaddressinsteadof
172.17.8.110,likeinthefollowing(note:theappendoptionshavetobeinoneline):
#SLES11
labelSLES11
kernellinux
appendinitrd=initrd
install=nfs://172.17.8.110/srv/installrepo/sles11
autoyast=nfs://172.17.8.110/srv/install
repo/sles11/ay/sles11.xml

4. Thefollowingstepsapplytothestudentwhorebootshismachine:
1. Rebootyourcomputer.
IfyourcomputerdoesnottrytogetanIPaddressduringthefirststagesofthe
bootprocessrightafterPowerOnSelfTestandbeforestartingtheoperating
system,makesurePXEisactivatedintheBIOS.
2. Consultthemanualthatcamewiththecomputerhardwareonhowtochange
therespectivesettingintheBIOS.
Ifeverythingissetupcorrectly,thecomputerwillgetanIPaddressfromthe
DHCPserverandloadthepxelinux.0file,aswellasthemessagefile.
5. Atthemessagescreen,enterSLES11.
NOTE:Ifyoudonotwanttoreinstallthemachineatthispoint,youhavetopoweritoff

beforetheharddrivegetspartitioned!
ThekernelandinitrdaretransferedfromtheTFTPserver.YaSTwillstart,fetchthe
sles11.xmlfile,andautomaticallyinstallSLES11,basedontheconfigurationcontained
inthesles11.xmlfile.

ManageVirtualizationwithXen

Thissectioncontainsthefollowingexercises:
"InstallaXenServerandanUnprivilegedDoman"
InstallXenandconfigureDom0,andinstallSLES11inaXenguestdomainusingvm
install.
"ChangeMemoryAllocationofaGuestDomain"
ChangethememoryallocationofaguestdomainusingtheVirtualMachineManager.
"AutomateDomainStartup"
Startupdomainsautomaticallywhenthesystemisbooted.
"ChecktheNetworkConfiguration"
Usethebrctlshowcommandtoviewthebridgesetupandchangestoit.
InstallaXenServerandanUnprivilegedDoman

Inthisexercise,youlearnhowtoinstallXenandconfigureDom0andhowtoinstallSLES11
inaXenguestdomainusingvminstall..
IMPORTANT:VMwarecannotrunonSLES11runningtheXenkernel.Therefore,theda1
VMwarevirtualmachinewillnotbeavailableinthissection.
Inthefirstpart,installthesoftwarenecessarytorunaXenvirtualmachineserver.
Inthesecondpart,changethegrubmenutoloadtheXenkernelbydefault,turnoffthe
firewall,andrebootyourmachine.Thenusexmlisttofindoutifdomain0isrunningas
expected.
Inthethirdpart,createavirtualmachineforSUSELinuxEnterpriseServer11andinstallit,
usingtheinstallationservercreatedintheprevioussection.

DetailedStepstoCompletetheExercise

"PartI:InstallXenPackages"
"PartII:PrepareandTestXen"
"PartIII:InstallaGuestDomain"
PartI:InstallXenPackages

Dothefollowing:
1. IftheVMwareplayerisrunning,shutdownda1andclosetheVMwareplayer.
2. Openaterminalwindowandsutoroot(password:novell).
3. UnloadtheVMwarekernelmodulesusingthecommand
/etc/init.d/vmwarestop
4. Makesurethemodulesarenotloadedautomaticallyusingthecommand
chkconfigvmwareoff
5. InserttheSUSELinuxEnterpriseServer11DVDintotheDVDdrive.
6. StarttheYaSTandselectVirtualization>InstallHypervisorandTools.
7. SelectAcceptandletYaSTinstallallrequiredsoftwarepackages.
ConfirmtheinstallationofanyautomaticallyselectedpackagesbyselectingContinue.
8. SelectYesintheNetworkBridgeConfigurationdialog.
9. ClosetheYaSTControlCenter.
PartII:PrepareandTestXen

Dothefollowing:
1. Openaterminalwindowandsutotherootuser(password:novell).
2. Openthe/boot/grub/menu.lstfilewithatexteditor(suchasvi).
3. MakesurethefilecontainsasectionwiththetitleXen.
4. IntheXensection,makesurethattheroot=parameterpointstotherootpartitionof

yourinstallation.
5. ChangethedefaultlinetopointtotheXenentry.
IftheXenentryisthefirstentryinthefile,changethedefaultvalueto0;ifitisthe
second,changethedefaultentryto1,andsoon:
default0

6. Savethefileandclosetheeditor.
7. TurnoffSuSEfirewallbyenteringthefollowingcommands:
insservrSuSEfirewall2_setup
and
insservrSuSEfirewall2_init
8. Closetheterminalwindow.
9. Rebootyoursystem.
10.Atthebootmenu,makesuretheXenentryisselectedandpressEnter.
11.Whenthesystemhasbooted,loginasusergeekowiththepasswordnovell.
12.Openaterminalwindowandsutoroot.
13.Enterthecommandxmlist.
Intheoutput,youshouldseeonedomain(Domain0)withthestatusrunning.
PartIII:InstallaGuestDomain

Dothefollowing:
1. StartYaSTandselectVirtualization>CreateVirtualMachines.
2. Readtheinformationdisplayed,thenselectForward.
3. SelectIneedtoinstallanoperatingsystem,thenselectForward.
4. SelectSUSELinuxEnterpriseServer11,thenselectForward.
5. OntheSummarypage,selectNameofVirtualMachine.

6. TypedaxenintheNamefieldandselectApply.
YouarereturnedtotheSummarypage.
7. OntheSummarypage,selectNetworkAdapters.
8. Makesurethenetworkadapterisselected,thenselectEdit.
9. SelectSpecifiedMACaddressandentersomerandomhexadecimalnumbers,suchas
01:cf:43,inthespacesprovided.
10.SelectApplytoreturntotheNetworkAdaptersdialog.
SelectApplyagaintoreturntotheSummarypage.
11.OntheSummarypage,selectDisks>Edit,increasethesuggestedvaluefora4GB
diskto6GB,thenselectOK.
12.IntheDisksdialog,selectApply.
YouarereturnedtotheSummarypage.
13.OntheSummarypage,selectOperatingSystemInstallation.
14.IntheOperatingSystemInstallationdialog,selectNetworkURLastheinstallation
medium,thentypenfs://your_IP_address/srv/installrepo/sles11/CD1andselectApply.
YouarereturnedtotheSummarydialog.
15.IntheSummarydialog,selectOK.
AVNCwindowopenswiththeSLES11installationsystemstartingup.
16.WithintheVNCwindow,followtheinstallationworkflow,usingthefollowingvaluesin
therespectivedialogs(usethesuggesteddefaultsforitemsnotmentionedhere):
Timezone:USAMountain
Rootpassword:novell
Hostname:daxen
DomainName:digitalairlines.com
ChangeHostnameviaDHCP:Uncheck

WriteHostnameto/etc/hosts:Check
Firewall:Disablebyselectingenabled
SkiptheInternetconnectiontest.
Localuser:
User'sFullName:GeekoNovell
Username:geeko
Password:novell
CloneThisSystemforAutoyast:Deselect
17.Whenallstepsoftheinstallationaresuccessfullycompleted,testifyoucanloginto
theyourSLES11serverasusergeekowiththepasswordnovellattheloginscreen
thatappears.
ChangeMemoryAllocationofaGuestDomain

Inthisexercise,youlearnhowtochangethememoryallocationofaguestdomainusingthe
VirtualMachineManager.
Whilethevirtualmachineisturnedoff,changethemaximumallocationforthatmachineto
750MBandthecurrentallocationto600MB.
Startthevirtualmachine,login,andrunthetopcommandinaterminalwindowinsidethe
VM.ChangethememoryallocationinVirtManagerandwatchthechangeintop.
DetailedStepstoCompletetheExercise

Dothefollowing:
1. Ifthevirtualmachinedaxenisrunning,shutitdown.
2. Openaterminalwindowandsutotherootuser.
3. Enter
virtmanager&
4. InVirtManager,doubleclickthelocalhostentry,selectthedaxenentrywiththeright
mousebutton,thenselectDetails.

5. SelecttheHardwaretab;thenselecttheMemoryentry.
6. ChangetheMaximumAllocationto750MB.
7. SelectApply.
8. IntheChangeAllocationfield,enter600.
9. SelectApply.LeavetheDetailswindowopen.
10.IntheVirtualMachineManagerwindow,doubleclickthedaxenvirtualmachineentry.
AVNCwindowopensup.
11.StartthevirtualmachinebyselectingRun.
12.Logintothevirtualmachineasgeeko(password:novell)andopenaterminalwindow.
13.EnterthetopcommandandnotetheMem(total)value.
14.IntheVirtualMachineDetailswindow,changethememoryallocation(Change
allocationfield)to500MB,thenselectApply.
15.WatchtheMemvaluechangeintheoutputoftop.
16.IntheVirtualMachineDetailswindow,changethememoryallocation(Change
allocationfield)to650MB,thenselectApply.
Notethatthevalueisincreasedonlytothe600MBsetwhenyoustartedthevirtual
machine.
17.IntheVirtualMachineManagerDetailswindow,changethememoryallocation
(Changeallocationfield)backto512MB,thenselectApply.
AutomateDomainStartup

Inthisexercise,youlearnhowtostartupdomainsautomaticallywhenthesystemisbooted.
Createalinkinthe/etc/xen/autodirectorythatpointstothe/etc/xen/vm/daxenconfiguration
fileandrebootyourmachine.
DetailedStepstoCompletetheExercise

Dothefollowingondahost:
1. Openaterminalwindowandsutotherootuser.

2. Createalinktothe/etc/xen/vm/daxenconfigurationfileintheautousingthe
command
lns/etc/xen/vm/daxen/etc/xen/auto/daxen
3. Shutdownyourvirtualmachine.
4. Waitamomentandverifywiththexmlistcommandthatthedomainhasbeenshut
down.
Continuewiththenextstepwhenthedomaindaxenisnolongerlistedasrunning.
5. Rebootyoursystembyenteringreboot.
6. Atthebootprompt,makesuretheXenentryisselected.
7. Whenthesystemhasbeenstartedup,logintothegraphicalinterfaceasusergeeko
withthepasswordnovell.
8. Openaterminalwindowandsutotherootuser.
9. Enterthexmlistcommand.
Thedaxendomainshouldhavestartedautomaticallyandshouldbelistedinthexm
listoutput.
10.Removethelinkagainusingthefollowingcommand:
rm/etc/xen/auto/daxen
11.Optional:Createastartscriptbasedon/etc/init.d/skeletonthatusesthexmorvirsh
commandstostartandshutdownmanageddomains.
ChecktheNetworkConfiguration

ThisexerciseassumesthatyouhaveaXensystemwithDom0andoneDomUrunning.
Usethebrctlshowcommandtoviewthebridgesetupandchangestoitaftershutting
downandstartingavirtualmachine.
DetailedStepstoCompletetheExercise

Dothefollowingondahost:
1. Openaterminalwindowandsutotherootuser.
2. Tomakesurethatthedaxendomainisrunning,enterxmlist.

3. Intheoutputofthexmcommand,notetheIDofthedaxendomain.
4. Toviewthenetworkbridgeconfiguration,enterbrctlshow.
Youshouldseetheconfigurationofthebridgexenbr0.Thefollowinginterfacesshould
havebeenaddedtothebridge:
eth0(physicalinterface)
vifx.0(wherexisthedomainIDofthedaxendomain)
5. Toshutdownthedomain,entervirshshutdowndaxen.
6. Waitamoment,thenenterxmlisttoverifythatthedomainhasbeenshutdown.
Continuewithnextstepwhenthedaxendomainisnolongerlistedasrunning.
7. Enterbrctlshowagain.
Notethattheinterfaceofthedaxendomainhasbeenremovedfromthebridge.
8. Torestartthedomain,entervirshstartdaxen.
9. TonotetheIDofdaxen,enterxmlist.
10.Enterbrctlshowtodetermineiftheinterfaceofdaxenhasbeenaddedagain.