Lab Guide for installing Open Enterprise Server with Linux Kernel

Posted: 22 Jun 2005

This lab installs Open Enterprise Server with the Linux kernel. It creates an NSS volume to allow file sharing and adminitration via ConsoleOne and iManager. It sets up an Apache web server and has examples to set up an intranet or public web server and use LDAP for authentication. In my example I had a two Compaq Evo D510C workstations with 1 gig of ram and 70 gig hard drives. One I used for my server the other for my workstation. My nic and graphic cards auto detected so I do not cover this. I tried doing this lab with 2 450 Mhz workstations and I was unable to get OES to install properly. I did not setup DNS or DHCP so you will need to have an IP and a DNS name to do this lab. You will, of course, need to have downloaded the ISO files for OES and have created the CDs.

  1. To begin, insert OES-LINUX-1 CD into the server you wish to setup, and boot to it.
  2. Agree to the license agreement.
  3. Select English (US) for YAST2.
  4. Select New Installation.
  5. Select Partitioning.
  6. Select Create Custom Partition Setup.
  7. Select Custom Partitioning - for experts.
  8. From the bottom up delete all the partitions
    * If this server had a previous install of Linux click on Expert and delete partition table. I found I had to physically shut off the box at this point. If you get a msg like Cannot delete "volume" etc ., you did not delete the partition completely.
  9. Click Create - select Primary partition.
  10. Under format select Reiser.
    1. For Size End enter 1GB or the size you chose.
    2. For mount point enter /boot
    3. Click Create - select Primary partition.
    4. Select Do not format.
    5. For file system id select 0x8E Linux LVM.
    6. For End enter 30GB or the size you chose.
  11. Then click OK.
  1. Now Select the partition you just created above and then click EVMS.
  2. Click the Create Container button.
  3. Enter Vol1 for the Container name.
  4. Click Add Volume button and choose the 30GB volume.
  5. Click Add to create swap volume.
  6. Format select swap.
    1. Volume name swap
    2. Size 4.9 GB or the default
    3. mount point swap
  7. Click Add again this time to create the system volume.
  8. Format Reiser.
    1. Enter a volume name of sys_lx
    2. Specify a size by clicking on Max
    3. Leave the mount point as /
    4. Click Next.
    5. Click Next again (You should receive a message about it is not good to put EVMS & NonEVMS entities on the same disk; click YES).
  9. Select Software.
  10. Novell Open Enterprise Server
  11. Click on Details.
  12. Under Filter ? Selections, select Simple Web Server.
  13. Unselect Novell Quickfinder.
  14. Select Novell NSS.
  15. Select C++ compiler (optional).
  1. Under Filter - Package groups, scroll down and expand productivity and check authldap.
  2. Select Accept.
  3. Select Continue.
  4. Select Time Zone.
  5. Select USA - Central - and verify time and date.
  6. Select Accept - It will now begin copying data from CD1
    and OES-LINUX-2, OES-LINUX-4-SLES9-2
    and OES-LINUX-5-SLES9-3, OES-LINUX-6-SLES9-4

System should then reboot and prompt you to enter a password for the root account.

  1. You will now need to configure the NIC. Enter the ipaddress.
  2. Enter the subnet.
  3. Then click on hostname and name server.
  4. Enter a hostname and a domain name.
  5. Enter Name Server 1
  6. Enter Name Server 2
  7. Then click on routing and enter a default gateway.
  8. Then click Next, Finish, Next, and test connection, skip updates for now.
  9. Then edit default settings for CA Management and enter your email address (optional).
  1. Configure OES now and enter a tree name (ie., example).
  2. Enter FDN for admin account ie cn=admin.o=example (you may want to use the same password as you used for root. )
  3. Then click Next, Next, Next, do not configure SLP (you will get a nag message -- just hit OK).
  4. Click Next through the readme. Click Next through graphics and sound card configure.
  5. Click Finish, eject CD.
  6. Login in as the root user.
  7. Verify via YaST that auth_ldap has been installed. (If not, Enter YAST | Install Remove Software | Filter Package Groups | Productivity | check auth_ldap | click accept and put in requested CDs.)
  8. Do updates (optional may take 60 minutes plus) Online Updates | Make sure you have a channel partner | Run all updates and patches

The steps in this section are a continuation of setting up the drive partitions for EVMS. By default Linux does not use EVMS. EVMS is required for setting up a Novell NSS volume.

  1. Click on N | utilities | editor | File | Open | Open root | etcfstab
    • Modify the /boot partition from /dev/hda1 to /dev/evms/hda1
  2. Click on N | system | Yast | system | Run Level Editor | Click the expert mode button |
    • Scroll down to boot.lvm and then boot.md and disable these by clicking on the Set/Reset button

Now you need to edit the /etc/init.d/boot.evms script. See this section of the documentation for more information.

Edit the /etc/init.d/boot.evms script by adding the following lines to the Stop section.

mount -n -o remount,rw / 
 
echo -en "
Deleting devices nodes" 
 
rm -rf /dev/evms 
 
mount -n -o remount,ro / 

For example, after the edit, the Stop section looks like this:

stop)  echo -n "Stopping EVMS" 
 
  mount -n -o remount,rw / 
 
  echo -en "
Deleting devices nodes" 
 
  rm -rf /dev/evms 
 
  mount -n -o remount,ro / 
 
  rc_status -v 
 
;; 

These steps are to create an NSS volume and setup folders for users and the web.

  1. Now enter iManager (you will need to use Mozilla, since iManager does not like to work under Konqueror). Just enter your ip address http://ipaddress/nps/iManager and login in as Admin.
  2. Expand Storage | Pools | Find your server | Create a new pool ie. pool1 | select device and use all the diskspace for the pool.
  3. Click on Volumes | Create new volume ie. soft | Select the pool, keep the check box of allow volume to grow | choose options of salvage and user space quoatas (optional)| mount point to /medai/nss/soft
  4. Enter filemanager and go under media sssoft and create a folder called users and a folder called web.

You will now create an NCP mount so you can see the NSS volume.

  1. Go to the system console by doing a CTL ALT F1 (FYI, To exit the console you can click CTL ALT F7 ).
  2. Login as the root account.
  3. Type ncpcon create volume soft /media/nss/soft
  4. Go back into iManager and create a container called "people".
  5. Then click on Passwords | Password Policiets |Edit | Policy Assignment | select the people container.
  6. Then click Groups | Create Group | call it LUMUsers | place it in the people container | when prompted for the Linux Config Object click on the UNIX Config object.

Now repeat the process above and create a group called web.

Now create a user account for yourself and make yourself an administrator (do not use the same username that you may have in another tree - use something unique.) Do not set a simple password. Make your user directory on the soft NSS volume you created above. When prompted for the group for the LUM user select the group you created above.

  1. To setup your workstation, load the Open Enterprise Novell Client on a workstation (download from novell.com), and login with the account you created above (if you have problems getting on you may need to click on the advanced button and put the ipaddress of the server on the line for Tree and also enter the context).
  2. Install ConsoleOne from Novell's web site.
  3. Verify your account has rights to your user directory.
  4. Edit your login script under ConsoleOne and add map root u:=youserversoft:username
  5. Logout and back in again to test this. Create a document and store it in your userdirectory. Possibly create a text file via wordpad then go to your OES server and see if you can open and edit via the Kate editor.

Setting up an Apache web server

FYI -

The default home page is located at srvwwwhtdocsindex.html.en
The apache server is located under etcapache2
The apache log files are found at varlogsapache2error_log
To stop and start apache you can type the following commands
/etc/init.d/apache2 stop
/etc/init.d/apache2 start

  1. Test to make sure your apache webserver works (ie, goto http:\ipaddress).
  2. Under iManager | LDAP | Group | uncheck Require TLS for simple binds.
  3. Click on N | System | File Manager | go to your nss volume soft | make a folder called web. Also make a folder at /var/web and a folder at /etc/apache2/passwd/
  4. Then make an index.html document in each of these folders -- you should be able to compose this via Mozilla.

Go back to ConsoleOne and grant your user account rights to this folder.

Click on N | Utilities | editor | File | Open | root folder | etcapache2httpd.conf | edit this file scroll down to the bottom of the global environment section and # out the sections regarding .htaccess and forbid access to entire file system. Below are several trials for restricting user access to folders. You may cut and paste these to the bottom of the httpd.conf file. Only do one at a time. I found that I could not cut and paste in Mozilla and needed to use Konqueror. To test each go to Mozilla and put in http://ipaddress/Trial1, etc.

Trial1 creates a file to store usernames and passwords and then the following Directory grants the rights for your username.

First you need to create this file by running this command and the System prompt
htpasswd -c /etc/apache2/passwd/passwords yourusername

If you want to grant additional users you do not need the -c (only for the first user).

Alias /trial1/ "/var/web/"

<Directory "/var/web">
AuthType Basic
AuthName webusers
AuthUserFile /etc/apache2/passwd/passwords
require user yourusername
</Directory>

Trial2 uses ldap for authentication for this folder. This trial will allow any user with a valid eDirectory account access to this folder.

Alias /trial2/ "/var/web/"

<Directory "/var/web">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require valid-user
</Directory>

Trial3 uses ldap for authentication for this folder. This trial will allow just the users listed to have access to this folder.

Alias /trial3/ "/var/web/"

<Directory "/var/web">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require user yourusername
</Directory>
Trial4 uses ldap for authentication for a folder on an NSS volume.

In order for this to work you should give access to the wwwrun user account to this folder via ConsoleOne. Also then change the default password for this account so it is not blank. You will now also need to grant rights to your own account to this folder.

Alias /trial4/ "/media/nss/SOFT/web/"

<Directory "/media/nss/SOFT/web">
EnableSendfile Off 
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require user yourusername
</Directory>

That is the end of the Lab. Hopefully all went well.



Informacja z serwisu http://www.djack.com.pl