Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

Posts Tagged ‘Suse’

OpenOffice_org 3.1.1 final available for openSUSE

Posted by madhavkobal on 06/09/2009

Opensuse team announces OpenOffice.org 3.1.1 final packages for openSUSE. They are available in the Build Service OpenOffice:org:STABLE project and include many upstreamand Go-oo fixes. Please, check the wiki page for more details about the openSUSE OOo build.

The openSUSE OOo team hopes that you will be happy with this release. Though, any software contains bugs and we kindly ask you to report them, so that we could fixed them in the future releases.

Advertisements

Posted in Uncategorized | Tagged: | Leave a Comment »

openSUSE-LXDE live CD now ready!

Posted by madhavkobal on 02/09/2009

“Lightweight X11 Desktop Environment”, is an extremely fast, performing and energy saving desktop environment. It is maintained by an international community of developers and comes with a beautiful interface, multi-language support, standard keyboard short cuts and additional features like tabbed file browsing. LXDE uses less CPU and less RAM. It is especially designed for cloud computers with low hardware specifications like netbooks, mobile devices (e.g. MIDs) or older computers. LXDE can be installed with distributions like Ubuntu or Debian. It provides a fast desktop experience connecting easily with applications in the cloud. LXDE supports a wealth of programs, that can be installed with Linux systems locally. The source code of LXDE is licensed partly under the terms of the General Public License and partly under the LGPL.

Features

Lightweight
It needs less CPU and performs extremely well with reasonable memory.
Fast
It runs well even on older computers produced in 1999.
Energy saving
It requires less energy to perform tasks to other systems on the market.
Simply Beautiful
It includes an internationalized and polished user interface powered by GTK+ 2.
Easy to use
It provides a choice to use the simple eeepc like Launcher user interface or a MS Windows like application panel.
Customizable
It is easy to customize the look and feel of LXDE.
Additional Features
It offers additional features like tabbed file browsing or menu run dialogs known from operating systems like Mac OS. Icons of new applications show up after install on desktop.
Desktop independent
Every component can be used independently from other components of LXDE offering the flexibility to use LXDE parts with different Unix like systems.

Download OpenSUSE iso from : http://lxde.bsnet.se/openSUSELXDE_32bit.i686-0.9.4.iso

Posted in Uncategorized | Tagged: , | Leave a Comment »

Configuring a TFTP/PXE Server

Posted by madhavkobal on 20/08/2009

Pre-eXecution Environment (PXE) is a method of booting computers off of a network card independent of local storage devices such as a hard drive or a DVD. PXE is very useful in thin client environments or as a quick way to deploy a new operating system to any computer. PXE is dependent on several network protocols:

  • IP: A network layer protocol in the Internet Protocol Suite. IP provides the service of communicable unique global addressing amongst computers.
  • UDP: A core of protocol of the Internet Protocol Suit. UDP allows programs to send short messages sometimes know as datagrams.
  • DHCP: A method for networked computers to obtain IP addresses and other necessary networking parameters.
  • TFTP: A simple file transfer protocol that can be implement in a very small amount of memory

Setting up a TFTP server will allow you to easily deploy operating systems to machines without having to boot them from a CD or a DVD. Since most, if not all, laptops have an auto-sensing NICs these days, it is very convenient to setup a TFTP server on your machine. This will allow you to connect your laptop to another machine by a standard Ethernet cable and deploy a new operating system. If your machine doesn’t have an auto-sensing nic you can use a ethernet crossover cable or a switch/hub.

All of the components required for setting up a TFTP server are included in SUSE Linux Enterprise Server (SLES). While unsupported, you can install the necessary component packages from SLES on a SUSE Linux Enterprise Desktop (SLED).

A TFTP server requires the following things:

  • A dhcp server
  • Atftp (I prefer atftp because of advanced features and support for KIWI)
  • An installation source. This can either be an image that you created using KIWI or in the case of this article a SLED DVD or ISO.
  • A method of serving the installation source, in this case Apache.

DHCP. Before a PXE booted machine can do anything it needs to get an an IP address. This means you must setup a DCHP server. Go into the YaST Software Management module and install the “DHCP and DNS Server” pattern. This includes dhcp, dhcp6, dhcp-relay, dhcp-server, dhcp-tools. Next configure your /etc/dhcpd.conf file. Here is what mine looks like:
default-lease-time 14400;
ddns-update-style none;
subnet 192.168.2.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.2.50;
default-lease-time 14400;
filename "pxelinux.0";
next-server 192.168.2.50;
max-lease-time 172800;
range 192.168.2.51 192.168.2.160;
}

The key values for PXE booting are “filename” and “next-server”. Pxelinux.0 is a SYSLINUX derivative, for booting Linux off a network server, using a network ROM conforming to the Intel PXE specification. We will discuss more in a bit. For more information visit here. Next-server defines the ip address of the TFTP boot server. In this case the DHCP server and TFTP server are running on the same machine. Next we will have to configure a static IP address on our machine so that it matches the next-server value. In this example that address is 192.168.2.50 and the subnet mask is 255.255.255.0. To setup a static IP address go into yast and choose the “network card” module. Restart or start your dhcp server by running rcdhcpd start or rcdhcpd restart

ATFP: There isn’t much that needs to be configured beyond the defaults. Here is my /etc/sysconfig/atftpd file:

## Path: Network/FTP/Atftpd
## Description: ATFTP Configuration
## Type: string
## Default: "--daemon "
#
# atftpd options
#
ATFTPD_OPTIONS="--daemon --no-multicast" #I use --no-multicast to increase reliability of blasting down KIWI images, but it is not necessary

## Type: yesno
## Default: no
#
# Use inetd instead of daemon
#
ATFTPD_USE_INETD="no"
## Type: string
## Default: "/tftpboot"
#
# TFTP directory must be a world readable/writable directory.
# By default /tftpboot is assumed.
#
ATFTPD_DIRECTORY="/tftpboot"
## Type: string
## Default: ""
#
# Whitespace seperated list of IP addresses which ATFTPD binds to.
# One instance of the service is started on each IP address.
# By default atftpd will listen on all available IP addresses/interfaces.
#
ATFTPD_BIND_ADDRESSES=""

Note that the default location of of the ATFTP directory is /tftpboot. Start/restart ATFTP by entering atftpd start or atftpd restart

/tftptpboot is the directory where you store all the files necessary for PXE booting a machine. My /tftpboot directory contains the following files and directories:

-rw-r--r-- 1 root root 13148 Jul 11 06:35 pxelinux.0
drwxr-xr-x 2 root root 4096 Sep 24 16:33 pxelinux.cfg/
drwxr-xr-x 2 root root 4096 Jul 11 06:36 sled10x86/

Let’s address each of these files and directories individually.

pxelinux.0: We addressed this file previously in the dhcp section. You can get this file from /usr/share/syslinux/pxelinux.0

pxelinux.cfg: This directory contains a file named “default”. Here is the contents of my default file:
prompt 1 #this will bring up a boot prompt on the PXE booted machine and force the user to enter the label of the system they want to boot into. This a a good way to prevent people from accidentally blowing away their computer.
# sled10
label sled10 #enter this label (sled10) into the boot prompt
kernel /sled10x86/linux
append initrd=/sled10x86/initrd install=http://192.168.2.50/install/sled10x86 splash=silent showopts

By utilizing “prompt 1″ you can setup several different installation environments (SLES, SLED, openSUSE, SLE ThinClient etc.) To do this add multiple enteries. Each entry should point to the correct initrd, linux and installation source for that system. Each label should be unique.

sled10×86: This directory contains two files:

  • initrd
  • linux

You can get these files off of the SLED or SLES installation dvd in /media/boot/i386/loader/. Simply copy over the initrd and linux files to your /tftpboot/sled10×86 directory.

Installation source: As seen in the /tftpboot/pxelinux.cfg/default file we point to an installation source hosted on the same machine (install=http://192.168.2.50/install/sled10x86 splash=silent showopts)

  • Open up the “installation Server” yast module
  • Choose the appropriate protocol (in this case http)
  • Select a directory where you want to keep your installation source (in this case /install/).
  • Choose an alias for your directory (install)
  • Click Finish
  • Copy over the contents of SLED or SLES iso or dvd to the directory you just specified.
  • Check and make sure you can browse to your source through firefox

At this point you should be able to pxe boot a machine off of your laptop or desktop. Make sure that the machine to be PXE booted supports PXE and has it enabled in the BIOS. Some computers will refer to it as “network boot”. On most machines hitting F12 after powering on will force the machine to PXE boot. After the machine PXE boots enter “sled10″ at the boot prompt, hit enter, and then go forward with your installation.

Posted in Uncategorized | Tagged: , | Leave a Comment »

SUSE Linux Desktop Moves Ahead

Posted by madhavkobal on 20/08/2009

What’s New?

SLED 11 leverages all the updates found in openSUSE 11.1 to bring a fully up-to-date distribution to the enterprise. In addition, SLED 11 includes a number of Novell developed features, such as the AppArmor application security tool, specifically targeted at enterprise users. It also includes proprietary applications like Adobe Acrobat Reader, not typically included with an open source distribution.

Single-click install is another new-to-SLED 11 feature that makes installing application programs a breeze. We tested this out with the just-released MonoDevelop 2.0. There are actually three options on the download page, and you’ll need to pick the openSUSE 11.1 button for SLED 11. Version 2.4 of the core Mono components were also released this week. The download page has instructions for using the zypper command line tool to add the mono repository and perform the upgrade with three instructions.

The default file system has changed from ReiserFS to ext3 with SLED11. There are some basic differences between the two, including maximum individual file size. For ext3 that number is 2 TB and shouldn’t be an issue for the typical desktop user. ReiserFS supports file sizes up to 1024 TB or 1 EB (Exabyte) and would make sense in a server-based environment.

Installation

The entire process takes less than 30 minutes start to finish. After the first boot we ran into a minor problem with broadcom wireless networking in that we couldn’t see any networks. This required a driver downloaded from the Broadcom site. Once that’s obtained you simply double click on the file, and installation happens automatically.

This is a known issue, and Novell support identified it right off. SLED 11 uses Novell’s update service to provide automated security and program updates. This requires an activation code that you get from Novell. You will be prompted during the installation process for this code although you can choose to skip that step and configure the service later. You’ll also need an active Internet connection to complete the registration process.

Another feature carried over from the previous version has to do with Windows networking interoperability. By default SLED has the firewall turned on and all interfaces assigned to the “external” zone. This is the highest level of protection and essentially blocks the ability to browse a Windows network. There are several ways to fix this issue depending on your approach to security. You could just turn off the firewall, but this isn’t a recommended best practice. The easiest way is to set your network interface to the internal zone. This probably works fine for a wired connection but not the best idea for a laptop you use to connect to public WiFi. The third option is to set a few firewall rules to open up the proper ports for Windows networking, but this one requires some understanding of port numbers and the firewall configuration tool.

SLED 11 has a definite high intensity focus on security, and it includes both SELinux and AppArmor. With that in mind it’s important to note that basic SELinux (Security-Enhanced Linux) capabilities have been added but not enabled in the base distribution. While the capabilities have been added, Novell is not offering direct support for this configuration at this time.

Novell’s AppArmor product ships as an integral part of SLED 11. From the SLED 11 release notes: “The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor.” Note that you should use only SELinux or AppArmor; don’t use both at the same time.

Should you choose to implement this feature you should take heed to the following statement: “The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments.”

Bottom Line

This release of the SLED product brings features from the latest distributions to a fully-supported enterprise offering. If you were a previous SLED user it had to be hard to watch the innovation happening with openSUSE and not have the same features available for use. The increased emphasis on security should help get the product more notice from the decision makers that count.

Posted in Uncategorized | Tagged: , | Leave a Comment »