1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE...
  6. Manual

Novell LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009 Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SUSE Linux Enterprise
Point of Service
11
October 02, 2009
SUSE Linux Enterprise Point of Service Guide
www.novell.com

Advertisement

Table of Contents
loading

Related Manuals for Novell LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009

Summary of Contents for Novell LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009

  • Page 1 SUSE Linux Enterprise Point of Service www.novell.com SUSE Linux Enterprise Point of Service Guide October 02, 2009...
  • Page 2 That this manual, specifically for the printed format, is reproduced and/or distributed for noncommercial use only. The express authorization of Novell, Inc must be obtained prior to any other use of any manual or part thereof. http://www.novell For Novell trademarks, see the Novell Trademark and Service Mark list .com/company/legal/trademarks/tmlist.html.

  • Page 3: Table Of Contents

    Contents About This Guide 1 Product Overview Architecture ......System Requirements ......Server Types .
  • Page 4 5 Setting Up a Dedicated Image Building Server 6 Setting Up a Branch Server Conditions to Configure a Branch Server ....Online Branch Server Configuration ....Offline Branch Server Configuration .
  • Page 5 1 2 Building Images with the Image Creator Tool 12.1 Creating an Image Based on Template ....12.2 Building Network Boot Images ....12.3 Building Bootable CD Images with a System Image .
  • Page 6 B Point of Service Scripts Overview ......Core Script Process ......Script Quick Reference .

  • Page 7: About This Guide

    Enterprise Server documentation, available from documentation/sles11/. For information on securing your applications using AppArmor, refer to the Security Guide, available from http://www.novell.com/documentation/sles11/. For an introduction to setting up High Availability environments with SUSE Linux http://www.novell Enterprise, refer to the High Availability Guide, available from...
  • Page 8 • To report bugs for a product component or to submit enhancement requests, please use https://bugzilla.novell.com/. If you are new to Bugzilla, you might find the Bug Writing FAQs helpful, available from the Novell Bugzilla home page. • We want to hear your comments and suggestions about this manual and the other documentation included with this product.

  • Page 9: Product Overview

    Product Overview SUSE® Linux Enterprise Point of Service is a secure and reliable Linux platform opti- mized for enterprise retail organizations. Built on the solid foundation of SUSE® Linux Enterprise, it is the only enterprise-class Linux operating system tailored specifically for retail Point of Service terminals, kiosks, self-service systems, and reverse-vending systems.
  • Page 10 Figure 1.1 SUSE Linux Enterprise Point of Service System Architecture All system information (system structure, image information, the configuration and deployment method for each Branch Server and Point of Service terminal, etc.) is stored in an LDAP database on the Administration Server (which may be replicated on Branch Servers).

  • Page 11: System Requirements

    WARNING: Protecting the Branch Servers Because Branch Servers contain sensitive information, they must be secured against unauthorized access. Close unused ports and allow only the root user to have access to the server console. Refer to Chapter 8, Securing Your Setup (page 111) for more details on how to protect your SUSE Linux Enterprise Point of Service setup.
  • Page 12 The required space depends on the size of your images. • A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per CPU) • One network card 1.2.2 Image Building Server The following list identifies the system requirements for a dedicated image building server: •...

  • Page 13: Server Types

    • One network card for the Branch Server's private network 1.2.4 Administration/Branch Server Combination The following list identifies the system requirements for an Administration/Branch Server combination: • One server with an x86 or x86-64 processor • A minimum of 4 GB hard disk space; recommended 25 GB The required space is dependent on the size of your images.
  • Page 14 of Service terminals (and which images to deploy to the Point of Service terminal) needs to be accepted in a YaST module. The Administration Server provides the following functions: • Maintains the master LDAP directory for the Branch Server systems. For more in- formation on the LDAP directory, see Chapter 10, The SUSE Linux Enterprise Point of Service LDAP Directory (page 121).
  • Page 15 In order to provide services of the Administration Server, the firewall running on the Administration Server needs to allow traffic on the ldap or ldaps ports (389 TCP/UDP and 636 TCP/UDP, respectively) and the rsync port ((TCP/UDP 873). For more infor- mation, refer to Section 4.2, “Initializing the LDAP Directory”...
  • Page 16 • Logs syslog output from the Point of Service terminals (optional). For information on installing and configuring the Branch Server, see Chapter 6, Setting Up a Branch Server (page 49). Find out more about the Branch Server structure and functions in the following sections. LDAP Branch Server Object Each Branch Server has a corresponding Branch Server object (scBranchServer) in the LDAP directory.
  • Page 17 If you need to update the Point of Service images stored on the Branch Server, you can run possyncimages.pl to manually trigger the RSYNC update process and download new image files from the Administration Server. For more information, see Section B.3.9, “possyncimages.pl” (page 217). Similarly, if you need to update the Point of Service hardware configuration information stored on the Branch Server, run either posldap2crconfig.pl --dumpall or posAdmin --updateconfig.
  • Page 18 Server. The secondary node stays synchronized with the primary, ready to take over and run the scripts and services if the primary fails. For information on installing a high availability environment, refer to the general High http://www.novell.com/documentation/ Availability Guide, available from sles11/.
  • Page 19 Table 1.2 TFTP Directory Structure on the Branch Server Directory Contents /tftpboot/CR/ Contains config.MAC image configuration files for every registered Point of Service terminal on the current Branch Server. /tftpboot/ Contains system configuration files, such as xorg.conf, for CR/MAC/ the individual Point of Service terminals. /tftpboot/ Contains the following boot images and configuration files for Point of Service terminals: initrd.gz, linux, the PXE...
  • Page 20 00:09:6B:3B:01:07 config.00:09:6B:3B:01:07 00:02:55:23:F3:93 config.00:02:55:23:F3:93 /tftpboot/CR/00:02:55:E8:FA:C9 XF86Config /tftpboot/CR/00:03:56:01:D5:5F XF86Config /tftpboot/CR/00:09:6B:3B:01:07 /tftpboot/boot initrd.gz linux pxelinux.0 pxelinux.cfg /tftpboot/boot/pxelinux.cfg default /tftpboot/image minimal-2.0.4 minimal-2.0.4.md5 graphical-2.0.4 graphical-2.0.4.md5 /tftpboot/upload hwtype.00:02:55:E8:FA:C9 NOTE: Deletion of Point of Service Control File The Point of Service control file hwtype.00:02:55:E8:FA:C9 is deleted after successful registration in LDAP.

  • Page 21: Images

    Image Building Server If your system needs to manage a large number of Point of Service images, you can outsource the image building task to a dedicated Image Building Server. This offloads the processor and memory load required to generate images from the Administration Server, and protects the Administration Server and LDAP directory from any possible corruption or user errors that might occur while building Point of Service images.
  • Page 22 1.4.1 Types of Images To help get you started, SUSE Linux Enterprise Point of Service comes with a set of pre-built image files that you can customize to set up your own system. Every Point of Service terminal requires two images: a boot image and a system image. You can also create your own images using Image Creator or KIWI.
  • Page 23 Maximum image size: 128 MB (compressed), minimum size of RAM required to boot the image: 64 MB Graphical The Graphical image includes the features of the Minimal image and essential graphical interface capabilities (the X Window System and a lightweight Window Manager), as well as the ability to run Java programs.

  • Page 24: Suse Linux Enterprise Point Of Service Deployment

    To make this work as designed, you must create reference objects in the LDAP directory for the types of Point of Service terminals you intend to deploy in your system. For detailed information, refer to Section 7.4, “Creating the Required LDAP Objects” (page 72).
  • Page 25 • Point of Service terminals The way in which these components are deployed depends on your system requirements. For example, systems that maintain hundreds of system images might require a dedicated Image Building Server, whereas smaller systems can have the image building utilities installed on the Administration Server.
  • Page 26 1 Install the Administration Server using one of the following configurations: • Install an Administration Server that includes the image building utilities (KIWI and Image Creator) and all the files and directories required to create Point of Service images. For detailed instructions, see Chapter 4, Setting Up the Administration Server (page 35).
  • Page 27 For general information on how to set up a high availability envi- http://www ronment, refer to the High Availability Guide, available from .novell.com/documentation/sles11/. • For stores where the Branch Server is only running the Point of Service in- frastructure (i.e. the Branch Server is running no additional applications), the Branch Server can be installed as a control terminal running on Point of Service hardware.
  • Page 28 disk. For more information on this process, see Section 7.8.1, “Network PXE Boot” (page 103). • If the Point of Service terminals do not have access to the network, create an isoboot or a usbboot image and deploy the image at the terminal. This method can be used for workstations that either are or aren't equipped with a hard disk, and have a CD drive or a USB port.

  • Page 29: Suse Linux Enterprise Point Of Service Installation

    SUSE Linux Enterprise Point of Service Installation SUSE Linux Enterprise Point of Service is distributed as an add-on product for SUSE Linux Enterprise Server 11 system. To install SUSE Linux Enterprise Point of Service 11 server, install the SUSE Linux Enterprise Server 11 base system first. You can choose to install the SUSE Linux Enterprise Point of Service add-on together with your base system during the initial installation process, or you can install the SUSE Linux Enterprise Point of Service add-on on top of an already-installed base system at any...

  • Page 30: Installation On Top Of An Already Installed System

    4 If you are installing from CD, insert the SUSE Linux Enterprise Point of Service add-on product CD. If you are installing from a different source, provide the necessary source. Click Continue. 5 Confirm the SUSE Linux Enterprise Point of Service license agreement and click Next.
  • Page 31 3 If you are installing from CD, insert the SUSE Linux Enterprise Point of Service add-on product CD. If you are installing from a different source, provide the necessary source. Click Continue. 4 Confirm the SUSE Linux Enterprise Point of Service license agreement and click Next.

  • Page 33: Basic Configuration

    Basic Configuration This chapter describes the basic configuration of a SUSE Linux Enterprise Point of Service system. More details are covered in the following chapters. 3.1 Setting Up the Administration Server The following procedure describes the installation process of the SLEPOS11 Adminis- tration Server: 1 Make sure the SLEPOS Admin Server pattern is installed on the machine that is to be configured.
  • Page 34 IMPORTANT: The New --userPassword Attribute The new mandatory attribute --userPassword was introduced in SLEPOS11. This password is needed when configuring a Branch Server. 3c Use the posAdmin.pl script to add a scServerContainer object as described in Section 6.4.3, “Adding an scServerContainer and scBranchServer Object”...

  • Page 35: Setting Up The Branch Server

    3.2 Setting Up the Branch Server The following procedure describes the basic configuration of a SLEPOS11 Branch Server. The Branch Server configuration can be performed in online or offline mode. Before configuring a Branch Server, check if the following conditions are met: •...
  • Page 36 scLocation object was created using posAdmin.pl on the Administration Server. 3 The script checks the resolvability of the Administration Server IP address and tries to download Administration Server certificates. The certificates are then used for the automatic establishment of encrypted SSL communication. If no certificates are found, unencrypted communication is used.
  • Page 37 3.2.2 Offline Branch Server Installation The following procedure describes the installation process of an SUSE Linux Enterprise Point of Service11 Branch Server without internet connection: 1 Preferably, execute posInitBranchserver.sh -f pathToOfflineInstallationFile. You can also execute the posInitBranchserver.sh script without options and select 2 when asked for the installation mode to be used.

  • Page 38: Adding A Point Of Service Terminal

    5 The script initializes the local branch LDAP database using the ldapadd com- mand from the offline installation file. 6 In the offline installation mode, it is not yet possible to find the branch server domain. Therefore, if there is no internet connection, the attempt fails and the script terminates.
  • Page 39 2 The POS machine uploads the hwtype.MAC file (for example hwtype.00: 11:25:A7:D6:0D) into the /srv/tftpboot/upload directory. 3 The posleases2ldap.pl script uses this file and the information in the LDAP database to create the config.MAC file (for example config.00: 11:25:A7:D6:0D) in the /srv/tftpboot/CR directory. 4 The POS machine uses the information in the config.MAC file to load the correct image, and boots up.
  • Page 40 Image objects are typically located in the global container under the default scDisributionContainer. To add the image to the default scDisributionContainer use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=default,cn=global,o=mycorp,c=us --add --scPosImage --cn myGraphical --scImageName myTestGraphical --scPosImageVersion "3.1.4;active" --scDhcpOptionsRemote /boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT --scImageFile myGraphical_test.i686 --scBsize 8192 •...
  • Page 41 When deploying to a ramdisk of our specific machine, use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=cshr4152,cn=global,o=mycorp,c=us --add --scRamDisk --cn ram --scDevice /dev/ram1 To add a scCashRegister object for a generic machine, use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=global,o=mycorp,c=us --add --scCashRegister --cn cr-test-default --scCashRegisterName default --scPosImageDn...
  • Page 42 IMAGE=/dev/sda2;myGraphical_test;3.1.4;192.168.90.1;8192 PART=1000;82;x,8000;83;/ DISK=/dev/sda If deploying to a ram disk, the following line should be present: IMAGE=/dev/ram1;myGraphical_test;3.1.4;192.168.90.1;8192 SUSE Linux Enterprise Point of Service Guide...

  • Page 43: Setting Up The Administration Server

    Setting Up the Administration Server The Administration Server is the central administration point for SUSE® Linux Enter- prise Point of Service. All system information (system structure, the configuration and deployment method for each Branch Server and Point of Service terminal, image infor- mation, and so forth) is stored in an LDAP directory on the Administration Server.

  • Page 44: Administration Server Configuration

    4.1 Administration Server Configuration To configure the Administration Server, follow these steps: 1 Check if the SLEPOS Admin Server pattern is installed on the machine to be configured. If it is missing, install it. For more information about installation, see Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21). If you want to use Administration Server to build Point of Service images, select also the Image server and Images patterns.
  • Page 45 4 Make sure the rsync port (usually 873) is open on the Administration Server. The rsync port is not open in the default SLES11 installation. You have to add it by adding its number in the YaST Firewall module under Allowed Services > Advanced >...

  • Page 46: Initializing The Ldap Directory

    4.2 Initializing the LDAP Directory All system information (system structure, the configuration and deployment method for each Branch Server, available system images, and Point of Service terminal types) is stored in an LDAP directory on the Administration Server. SUSE Linux Enterprise Point of Service uses the OpenLDAP directory service. The posInitLdap script defines the LDAP directory schema and the initial records for OpenLDAP.
  • Page 47 • Select N to disable SSL. IMPORTANT: Securing Your Server Communication Using SSL/TLS to secure the connections between Administration Server and Branch Servers is highly recommended. posInitLdap creates the certificates and keys required to run SSL regardless of whether or not SSL is enabled. This allows you to switch to SSL at a later time.

  • Page 48: Creating An Offline Installation Package

    ldapsearch -x -H ldap://administration_server_name -b o=mycorp,c=us -s base -D cn=admin,o=mycorp,c=us -w password TIP: Setting the LDAP Debugging Level Turn on a more verbose output for the ldapsearch command by enabling the debug option with -d1. 4.3 Creating An Offline Installation Package If you want to initialize an offline Branch Server without any internet connection, create an offline installation package:...

  • Page 49: Copying The Boot Image Files

    SUSE Linux Enterprise Point of Service provides image templates that can be customized and generated using the Image Creator tool. When you select the Image Server during the Administration Server installation, the image creation utilities (Image Creator and KIWI ) are installed on the Administration Server along with all the files and directories required to create Point of Service images.
  • Page 50 1 Use the following command to copy the initrd file to the /srv/SLEPOS/boot directory as initrd.gz (type the command all on one line): /var/lib/SLEPOS/system/images/image_name/initrd-netboot-image_name.architecture-version.gz /srv/SLEPOS/boot/initrd.gz 2 Use the following command to copy the kernel file to the /srv/SLEPOS/boot directory as linux (type the command all on one line): / v a r / l i b / S L E P O S / s y s t e m / i m a g e s / i m a g e _ n a m e / i n i t r d - n e t b o o t - i m a g e _ n a m e .

  • Page 51: Copying The System Image Files

    Alternatively, you can copy the new kernel and initrd to /srv/SLEPOS/boot with new file names (for example initrd-2.6.27.25.gz and linux-2.6.27.25). In such a case, you must create a new scDistributionContainer object (see Section 10.3.5, “scDistributionContainer” (page 140) and add a new scPosImage object to it (see Section 4.6.1, “Deploying New Versions of System Images”...
  • Page 52 If the images have been built on a dedicated Image Building Server, use the scp com- mand or the remote copy option of your file browser: 1 Use the following command to copy the system images to the /srv/SLEPOS/ image directory (type the command all on one line): /var/lib/SLEPOS/system/images/image_name/image_name.architecture-version adminserver_address:/srv/SLEPOS/image/image_name.architecture-version 2 Use the following command to copy the corresponding MD5 checksum files to...

  • Page 53: What's Next

    4.7 What's Next If you need to install a dedicated Image Building Server, follow the instructions in Chapter 5, Setting Up a Dedicated Image Building Server (page 47) before you install your Branch Servers. The next step is to set up your Branch Servers. For information about setting a Branch Server, refer to Chapter 6, Setting Up a Branch Server (page 49).

  • Page 55: Setting Up A Dedicated Image Building Server

    Setting Up a Dedicated Image Building Server Although a dedicated image building server requires an additional server on your SUSE® Linux Enterprise Point of Service network, it provides several advantages, (particularly for large systems that manage a large number of Point of Service images). Providing a dedicated image building server offloads the processor and memory load required to generate images from the Administration Server.
  • Page 56 poscopytool.pl to simplify the process of managing the source files required to build system images. For detailed information, refer to Section 11.2, “POSCopyTool Command Line Options” (page 156). 3 Create system images required for your Point of Service terminals. For a detailed, step-by-step introduction to building SUSE Linux Enterprise Point of Service images using Image Creator, refer to Chapter 12, Building Images with the Image Creator Tool (page 163).

  • Page 57: Setting Up A Branch Server

    Administration Server is available, the offline installation mode can be used. If you intend to set up a high-availability Branch Server, check out the High Availabil- http://www.novell.com/documentation/ ity Guide, available from sles11/. for general information. NOTE: Setting Up a POSBranch Server In the NLPOS9, a specialized POSBranch image was needed to setup a Branch Server running on Point of Service hardware.

  • Page 58: Conditions To Configure A Branch Server

    6.1 Conditions to Configure a Branch Server Before configuring a Branch Server, check if the following conditions are met: • The Branch server pattern must be installed on the machine to be configured. If it is missing, install it. For more information about SLEPOS11 installation, see Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21).

  • Page 59: Online Branch Server Configuration

    6.1.2 Changing Branch Server Password On Admin server, change the password in ldap database. Enter the following command in the command line. Replace $BRANCHNAME, $ORGUNIT, $COMPANY and $COUNTRY variable with your configured values: ldappasswd -x -d localhost -D "cn=admin,o=$COMPANY>,c=$COUNTRY" -w "admin_password" "cn=$BRANCHNAME,ou=$ORGUNIT,o=$COMPANY,c=$COUNTRY"...
  • Page 60 3 The script checks resolvability of the Administration Server IP address and tries to download Administration Server certificates. The certificates are then used for automatic establishment of encrypted SSL communication. If no certificates are found, an unencrypted communication is used. IMPORTANT: Administration Server's rsync Port Must Be Open Make sure the rsync port (usually 873) is open on the Administration Server.

  • Page 61: Offline Branch Server Configuration

    8 If everything is in order, the script finishes successfully. If any error is encountered it is reported and logged in syslog. NOTE: Aborting the Script If you select no in any configuration step (except when selecting not to use a local branch LDAP), the script deletes all its intermediate data and exits.
  • Page 62 If an Administration Server certificate is found, you are asked to acknowledge its fingerprint and validate it. SSL communication is then automatically estab- lished. If no certificate is found, unencrypted communication is used. 4 The script asks if you want to create and use a local branch LDAP database on the Branch Server.

  • Page 63: Creating Branch Server Objects In Ldap

    6.4 Creating Branch Server Objects in LDAP Before you can configure and deploy a Branch Server, you must first create the necessary objects in the LDAP directory stored on the Administration Server. All posAdmin.pl calls must be executed on the Administration Server. These objects include: •...
  • Page 64 organizationalUnit containers within the LDAP directory. Use only alphanu- meric characters for ou objects. Here is the posAdmin command syntax for adding an organizationalUnit object in LDAP (type the command all on one line): posAdmin.pl --user dn_of_admin_user --password password --base base_context --add --organizationalUnit --ou ou_name [--description `string´] Table 6.1, “Attributes for organizationalUnit Objects”...
  • Page 65 should be stored or referenced in the Location containers to limit the need to grant write privileges to subtrees. Table 6.2, “posAdmin Options for Creating scLocation Objects” (page 57) summa- rizes the posAdmin command options for scLocation object attributes. Here is the posAdmin command syntax to add an scLocation object in LDAP (type the command all on one line): posAdmin.pl --user dn_of_admin_user --password password --base...
  • Page 66 Option Type Description ue pair; for example, 192.168.1.10, 192.168.1.54. --scDhcpFixedRange must The fixed IP address range of the DHCP server reserved for the Point of Service terminals. It is also a comma- separated value pair, such as 192.168.1.55, 192.168.1.88. --scDhcpExtern must Allow an external DHCP server to be used instead of setting up your own on...
  • Page 67 Option Type Description the first newly registered terminal gets the name CR001 and the IP address 192.168.1.55. The next terminal is named CR002 and gets the IP ad- dress 192.168.1.56, and so on. The IP addresses are taken from the range specified by scDhcpFixedRange.
  • Page 68 6.4.3 Adding an scServerContainer and scBranchServer Object There must be an scBranchServer object for every Branch Server in the system. These objects store configuration information that is specific to each Branch Server. An scBranchServer object contains information about hardware, at least one defined network card, and services like TFTP, DNS, and DHCP.
  • Page 69 You can also define the reference hardware with the --scRefServerDn option, a pointer (Distinguished Name) to the global directory. 3 Add a network interface card (with a static IP address from the subnet defined in the scLocation object) using the --scNetworkcard option and the --scDevice and --scIpHostNumber attributes.
  • Page 70 Option Type Description address assigned to the network inter- face card. 4 Set up the Branch Server services. At a minimum, define the required DNS, TFTP and DHCP services. The following examples demonstrate how to add the DNS, DHCP, and TFTP services.
  • Page 71 Option Type Description --scDnsName must The name of entry in the DNS table under which the service will be available. --scServiceName must The name of the service; for example, dns, dhcp, tftp. --scServiceStartScript must The name of the init script in /etc/init.d;...

  • Page 72: Downloading Images From The Administration Server

    6.5 Downloading Images from the Administration Server After the Branch Server is up and running, you can run the possyncimages.pl script to download the Point of Service images that have been created from the Admin- istration Server to the /srv/tftpboot directories on the Branch Server. 1 Verify the scPosImage object settings for the Point of Service images in the /srv/tftpboot/image directory.

  • Page 73: Starting The Core Script

    6.6 Starting the Core Script Start the core script (posleases2ldap) as a daemon process on the Branch Server. The core script is responsible for registering any new Point of Service terminals at the LDAP directory and transferring image install notification data to the LDAP directory on the Administration Server.
  • Page 74 NOTE: When the posASWatch service is not required. If the Administration server is not used, or the Administration server and the Branch server is a combo machine, this service is not required. When the combo machine is configured and an attempt to start the service is made, the service will exit with an error message.

  • Page 75: Deploying Point Of Service Terminals

    Deploying Point of Service Terminals Point of Service terminals are the end point in the SUSE® Linux Enterprise Point of Service architecture. They provide customer service functions such as Point of Service terminals or bank teller workstations. 7.1 Operating System The Point of Service terminal operating system is a minimal operating environment for specialized Point of Service applications.

  • Page 76: Conditions To Add A Point Of Service Terminal

    NOTE: The Default scCashRegister Object If a Point of Service does not have an scCashRegister object for its specific hardware type, it uses the configuration for the default scCashRegister object. For more information on defining a default scCashRegister object, see Section 7.4.1, “Adding an scCashRegister Object” (page 74). A set of system image templates are provided with SUSE Linux Enterprise Point of Service.
  • Page 77 2 The POS machine uploads the hwtype.MAC file (for example hwtype.00: 11:25:A7:D6:0D) into the /srv/tftpboot/upload directory. 3 The posleases2ldap.pl script uses this file and the information in the LDAP database to create the config.MAC file (for example config.00: 11:25:A7:D6:0D) in the /srv/tftpboot/CR directory. 4 The POS machine uses the information in the config.MAC file to load the correct image in a correct way and boots up.
  • Page 78 Image objects are typically located in the global container under the default scDisributionContainer. To add the image to the default scDisributionContainer use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=default,cn=global,o=mycorp,c=us --add --scPosImage --cn myGraphical --scImageName myTestGraphical --scPosImageVersion "3.1.4;active" --scDhcpOptionsRemote /boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT --scImageFile myGraphical_test.i686 --scBsize 8192 •...
  • Page 79 secret --base cn=cshr4152,cn=global,o=mycorp,c=us --add --scRamDisk --cn ram --scDevice /dev/ram1 To add a scCashRegister object for a generic machine use command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=global,o=mycorp,c=us --add --scCashRegister --cn cr-test-default --scCashRegisterName default --scPosImageDn cn=myGraphical,cn=default,cn=global,o=mycorp,c=us (note the scCashRegisterName name ). When deploying to a harddisk of our generic machine, use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=cr-test-default,cn=global,o=mycorp,c=us...

  • Page 80: Creating Point Of Service Images

    If deploying to a ram disk, the following line should be present: IMAGE=/dev/ram1;myGraphical_test;3.1.4;192.168.90.1;8192 7.3 Creating Point of Service Images Before you can deploy Point of Service terminals, you must first create the image files containing the operating system, application files, and system settings required to boot the terminals.
  • Page 81 the Workstation object. For more information on this process, see Section 7.7.3, “The hwtype.MAC File” (page 100). Before you can boot the Point of Service terminals, use posAdmin.pl to create the following objects in the LDAP directory (see also Section 10.2, “Using posAdmin to Manage the LDAP Directory”...
  • Page 82 7.4.1 Adding an scCashRegister Object An associated object representing the cash register must exist in the LDAP database. This scCashRegister object can either represent a specific machine or a generic machine. The generic object is used if a specific image is not found for the given ma- chine.
  • Page 83 Table 7.1 posAdmin Options for Creating scCashRegister Objects Option Type Description --cn must The common name of the Point of Service terminal. --scCashRegisterName must The model type of the Point of Service terminal. If this field is set to default the current scCashRegister object is used as the default Point of Service configuration.
  • Page 84 cr-test-default --scCashRegisterName default --scPosImageDn cn=myGraphical_test,cn=default,cn=global,o=mycorp,c=us 7.4.2 Adding an scRamDisk Object The scRamDisk object stores configuration information for a Point of Service terminal RAM disk. If no hard disk is available, you must configure a RAM disk for the Point of Service terminal. Table 7.2, “posAdmin Options for scRamDisk Objects”...
  • Page 85 --base cn=cr-test-default,cn=global,o=mycorp,c=us --add --scRamDisk --cn ram --scDevice /dev/ram1 7.4.3 Adding an scHarddisk Object The scHarddisk object stores configuration information for a Point of Service ter- minal hard disk. Table 7.3, “posAdmin Options for scHarddisk Objects” (page 77) summarizes the posAdmin command options for scHarddisk object attributes. Table 7.3 posAdmin Options for scHarddisk Objects Option...
  • Page 86 Option Type Description tion, size can be specified as x which re- sults in all remaining available space to be used. When deploying to the harddisk of a specific machine, use: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=cshr4152,cn=global,o=mycorp,c=us --add --scHarddisk --cn sda --scDevice /dev/sda --scHdSize 9000 --scPartitionsTable "1000 82 x;8000 83 /"...
  • Page 87 object to create a configuration file in /srv/tftpboot/CR/MAC/ directories on the Branch Server. The configuration file name is the same as the cn name of the re- spective LDAP entry. Using TFTP, the configuration file is then distributed from the Branch Server to the appropriate Point of Services terminals at boot time.
  • Page 88 Table 7.4 posAdmin Options for scConfigFileTemplate Objects Option Type Description --cn must The common name of the configu- ration file, also name of the result- ing configuration file created on the Branch Server. --scMust must This flag is used to enable or dis- able the configuration file.
  • Page 89 Option Type Description --scConfigFileUpdateModel The update model for synchroniz- ing configuration files. Allowed values are pulled and changed. The following example adds a scConfigFileTemplate object below the Hardware Reference object, crtype3 (type the command all on one line): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=crtype3,cn=global,o=mycorp,c=us --add --scConfigFileTemplate --cn xorg.conf...
  • Page 90 IMPORTANT: Location Of Configuration Files Any configuration files referenced in the scConfigFileSyncTemplate object must be located in the /srv/SLEPOS/config/ directory on the Ad- ministration Server, otherwise they will not be transferred to the Branch Server. Using TFTP, the configuration file is then distributed from the Branch Server to the appropriate Point of Service terminals at boot time.
  • Page 91 Table 7.5 posAdmin Options for scConfigFileSyncTemplate Objects Option Type Description --cn must The common name of the configura- tion file, also name of the resulting configuration file on the Branch Server. --scMust must The flag used to enable or disable the configuration file.
  • Page 92 The following example adds an scConfigFileSyncTemplate object below the Hardware Reference object, crtype3 (type the command all on one line): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base cn=crtype3 ,cn=global,o=mycorp,c=us --add --scConfigFileSyncTemplate --cn xorg.conf --scConfigFile /etc/X11/xorg.conf --scMust TRUE --scBsize 1024 --scConfigFileLocalPath /srv/SLEPOS/config/xorg.conf.cr3 7.4.6 Adding an scPosImage Object All system images that you want to distribute to Point of Service terminals must have a corresponding scPosImage object in the LDAP directory.
  • Page 93 Table 7.6 posAdmin Options for scPosImage Objects Option Type Description --base must The base distinguished name of the scPosImage object; for example, cn=default,cn=global,o=mycorp,c=us. --cn must The common name of the system image; for example, mydesktop. --scImageName must The name of the system image; for example, mydesktop.
  • Page 94 Option Type Description less than 256MB, 16384 (16 KB) for image sizes of less than 512 MB and 32768 (32 KB) for image sizes less than 1GB. Also, the image block size can- not exceed 65464 Bytes, which together also limits the maximum image size to 2GB.
  • Page 95 highest active version, according to the rules in Table 7.7, “Possible Values for the scPosImageVersion Attribute” (page 87). Table 7.7 Possible Values for the scPosImageVersion Attribute Value Description 1.1.2 The version number is set to 1.1.2, but this system image is disabled in LDAP and cannot be used for a new Point of Service terminal, even when the scCashRegister object that corre- sponds to the Point of Service terminal matches the...
  • Page 96 7.4.8 Assigning an Image to a Point of Service Terminal You can manually assign a specific image to a Point of Service terminal through its scWorkstation object. The following command assigns 'myMinimal' image 2.0.4 to the CR001 scWorkstation object in the east-boston location (type the command all on one line): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --modify --scWorkstation...

  • Page 97: Distributing Images To Point Of Service Terminals

    7.5 Distributing Images to Point of Service Terminals To distribute new or updated system images, you must first copy the images into the central RSYNC directory of the Administration Server and then transfer the images to the Branch Servers. From there the images are distributed to the Point of Service termi- nals when they boot.
  • Page 98 1 Copy the extended Graphical system image: cp /srv/SLEPOS/image/Graphical-2.0.4-2004-12-05 \ /srv/SLEPOS/image/graphical-2.0.4 2 Copy the corresponding Graphical image MD5 checksum file: cp /srv/SLEPOS/image/Graphical-2.0.4-2004-12-05.md5 \ /srv/SLEPOS/image/graphical-2.0.4.md5 Copying Boot Images to the Administration Server’s RSYNC Directory The following example demonstrates how to copy the first and second stage boot images to the Administration Server’s RSYNC directory so they can be received, on request, by the Branch Server: NOTE...
  • Page 99 images to the Branch Server after the images are in the Administration Server’s RSYNC directory. IMPORTANT: RSYNC Service and LDAP Objects The RSYNC service must be properly configured and running on the Adminis- tration Server for the possynimages.pl script to run. For more information, see Section 6.4.3, “Adding an scServerContainer and scBranchServer Object”...

  • Page 100: Hardware

    7.5.3 Distributing Images to Point of Service Terminals New or updated images are distributed to Point of Service terminals at boot time. For information on this process, see Section 7.8, “Booting the Point of Service Terminal” (page 102). 7.5.4 Image Install Notification When the Branch Server distributes a new image to a Point of Service terminal, the system provides notification that the image was successfully installed on the Point of Service terminal.
  • Page 101 istration Server over rsync must be located in the /srv/SLEPOS/config/ directory and must have a corresponding scConfigFileSyncTemplate object in the LDAP directory. NOTE: Point of Service Configuration Files The hardware configuration files discussed in this section should not be confused with config.MAC Point of Service configuration files.

  • Page 102: Point Of Service Configuration Files

    However, if the terminal's hardware configuration information changes after its initial registration, you must manually run either posldap2crconfig.pl --dumpall or posAdmin --updateconfig to update the hardware configuration information on the Branch Server. These commands regenerate the hardware configuration and config.MAC files for all Point of Service terminals found in LDAP. For more information on the posldap2crconfig.pl script, see Section B.3.4, “posldap2crconfig.pl”...
  • Page 103 When the Branch Server connects to the Administration Server, it logs into the LDAP directory, accesses the configuration parameters for its registered Point of Service ter- minals, and stores the information locally as ASCII configuration files (config.MAC) in the /srv/tftpboot/CR directory. At boot time, each Point of Service terminal connects to the Branch Server over TFTP and loads its associated config.MAC file.
  • Page 104 device The storage device to which the image is linked; for example, /dev/ram1 or /dev/sda2. RAM devices should not be confused with hard disk devices which use a par- tition table. On a Point of Service terminal, partition sda1 is used for the Linux swap partition and sda2 defines the root file system (/).
  • Page 105 IMPORTANT: Image Compression The name of the compressed image must contain the .gz suffix and must be compressed with gzip. SYNC= Specifies an optional syncfile (syncfilename) to download over TFTP. The syncfile indicates the number of seconds to wait before downloading the image. syncfilename The name of the syncfile downloaded over TFTP.
  • Page 106 bsize The block size for the TFTP download. If the block size is too small according to the maximum number of data packages (32768), linuxrc automatically cal- culates a new block size for the download. The maximum block size is 65464 Bytes.
  • Page 107 JOURNAL= Specifies a journaling file system. The value for this parameter must be set to ext3 because that is the only journaling file system SUSE Linux Enterprise Point of Service supports. If you have an existing ext2 image, you can change the file system by setting a flag in the scCashRegister or the scWorkstation objects rather than recreate the image.
  • Page 108 IMAGE=/dev/sda2;image/browser;2.0.4;192.168.1.1;4096;compressed CONF=/CR/00:30:05:1D:75:D2/ntp.conf;/etc/ntp.conf;192.168.1.1;1024, /CR/00:30:05:1D:75:D2/xorg.conf;/etc/X11/xorg.conf; 192.168.1.1;1024 PART=500;S;x,x;L;/ DISK=/dev/sda 7.7.2 The KIWI isoboot Configuration Files For more information on creating a isoboot image, see Section 13.1, “Understanding the KIWI Configuration” (page 174). 7.7.3 The hwtype.MAC File When a Point of Service terminal comes online for the first time, it does not have a config.MAC file on the Branch Server.
  • Page 109 NOTE: Hardware Detection Program The Point of Service hardware manufacturer provides a program for this function. 2. Using this information, the posleases2ldap.pl script creates the control file, hwtype.MAC. For more information, see Section B.3.7, “posleases2ldap.pl” (page 215). 3. The linuxrc program uploads hwtype.MAC to the Branch Server's upload directory, /srv/tftpboot/upload.

  • Page 110: Booting The Point Of Service Terminal

    For a detailed review of the core scripts involved in this process, see Section B.2, “Core Script Process” (page 206). 7.8 Booting the Point of Service Terminal IMPORTANT: Creating LDAP Objects Before Booting You must create scCashRegister and its associated objects before you can boot the Point of Service terminals.
  • Page 111 Figure 7.1 Point of Service Terminal Boot Process Point of Service Terminal CD or Boot CD USB Boot? Network Boot? Have First Disk Time System? Boot? Update Image? Load pxelinux.0, linux, and initrd.gz Use Same Image? Load pxelinux.0, Run linuxrc linux, and initrd.gz Upload Run linuxrc...
  • Page 112 • The terminal must have a network connection to the Branch Server. • While the TFTP service is set up and started automatically by the posInitBranchserver.sh script, you must make sure to open the TFTP port in the firewall on the Branch Server. For more information on Branch Server configuration, see Chapter 6, Setting Up a Branch Server (page 49).
  • Page 113 3. The Point of Service terminal downloads the Linux kernel from the netboot image which consists of several files (the Linux kernel and a symbolic link, the initrd, and the initrd's md5sum), for example: initrd-netboot-SLEPOS11.i686-3.1.8.gz initrd-netboot-SLEPOS11.i686-3.1.8.kernel.2.6.16.46-0.12-default initrd-netboot-SLEPOS11.i686-3.1.8.kernel initrd-netboot-SLEPOS11.i686-3.1.8.md5 The naming scheme of the kernel is initrd-netboot_image _name-SLEPOS11.i686-image_version.kernel.kernel _version-default.
  • Page 114 1 0 . The module is loaded using modprobe. Any dependencies to other modules are resolved at that time. 1 1 . The network interface is set up via DHCP. 1 2 . After the interface has been established, the DHCP variables are exported into the /var/lib/dhcpcd/dhcpcd-eth0.info file and the contents of DOMAIN and DNS are used to generate an /etc/resolv.conf file.
  • Page 115 c. After the upload, the Point of Service terminal renews the DHCP lease file (dhcpcd -n). d. The Point of Service terminal attempts to load its new config.MAC file from the TFTP server. e. If the config.MAC file is not yet available, the Point of Service terminal waits 60 seconds before repeating steps c and d.
  • Page 116 All the indicated files are loaded from the TFTP server and stored in a /config/ path. For more information about the KIWI configuration, see Section 13.1, “Un- derstanding the KIWI Configuration” (page 174). 2 2 . All the userland processes based on the boot image (dhcpcd -k) are terminated. 2 3 .
  • Page 117 The behavior of Point of Service terminals booting from CD is similar to Point of Service terminals that receive the first and second stage boot images over the LAN from a Branch Server. The following is a general description of what takes place when a Point of Service terminal boots from CD: 1.
  • Page 118 In these boot scenarios, the system image is stored on the CD resp. the USB device. During the boot process no network is involved at all and otherwise the boot process is similar to Section 7.8.1, “Network PXE Boot” (page 103). SUSE Linux Enterprise Point of Service Guide...

  • Page 119: Securing Your Setup

    Securing Your Setup A SUSE® Linux Enterprise Point of Service setup includes various components that should be secured against intentional and unintentional tampering with the data and against software misbehavior. Securing your setup involves several different aspects: Physical Server Security First and foremost, every server component of the SUSE Linux Enterprise Point of Service setup must be secured against unauthorized access.

  • Page 120: Physical Server Security

    applications and keep them from performing unnecessary file or directory accesses and this helps to make sure that every profiled application just does what it was designed to and not become a security risk itself. For more details on AppArmor usage on SUSE Linux Enterprise Point of Service, refer to Section 8.4, “Application Security”...

  • Page 121: Data Security

    • Do not export or import any file systems on these servers, i.e. do not allow NFS or Samba shares on your servers. SUSE Linux Enterprise Point of Service itself provides some security against data manipulation via the network: • LDAP-related network traffic can be configured via secure SSL/TLS channels. •...
  • Page 122 The following example includes creating effective ACLs and a user setup as outlined above. Modify both the ACLs and the user configuration to match your own setup: 1 Create ACLs similar to the following and make sure you replace the example entries by the ones matching your setup.

  • Page 123: Application Security

    Use AppArmor to protect each of your servers. If you need additional profiles, use the YaST AppArmor tools to generate new profiles. To learn more about AppArmor refer to the AppArmor documentation included in the Security Guide that is available from http://www.novell.com/documentation/sles11/. Securing Your Setup...

  • Page 125: Testing Your Suse Linux Enterprise Point Of Service Environment

    Testing Your SUSE Linux Enterprise Point of Service Environment To complete the SUSE® Linux Enterprise Point of Service installation process, it is recommended that you verify the installation by booting at least one Point of Service client attached to the Branch Server. 9.1 Monitoring the Terminal Bootup To verify and test your SUSE Linux Enterprise Point of Service installation: 1 Attach a Point of Service client to the Branch Server network.
  • Page 126 • The scCashRegister object which matches the model type of the Point of Service client must exist in LDAP; for example, IBMSurePOS300Series. • There must be an scPosImage object for each image in the /srv/ tftpboot/image/ directory on the Branch Server. The scPosImageDn attribute within each object must correspond to an existing Point of Service image.
  • Page 127 .. bs1 tftpd[31442]: Serving /boot/pxelinux.cfg/C to 192.168.2.15:56328 .. bs1 tftpd[31443]: Serving /boot/pxelinux.cfg/default to 192.168.2.15:56201 .. bs1 tftpd[31444]: Serving /boot/linux to 192.168.2.15:56202 .. bs1 tftpd[31445]: Serving /bootinitrd.gz to 192.168.2.15:56203 .. bs1 dhcpd: DHCPDISCOVER from 00:06:29:e3:02:e6 via eth0 .. bs1 dhcpd: DHCPOFFER on 192.168.2.15 to 00:06:29:e3:02:e6 via eth0 ..

  • Page 128: Troubleshooting Terminal Bootup Problems

    9.2 Troubleshooting Terminal Bootup Problems If the Point of Service terminal does not successfully boot, check the following: • Verify that an scCashRegister object exists for the Point of Service terminal. For more information, see Section 7.4.1, “Adding an scCashRegister Object” (page 74).

  • Page 129: 0 The Suse Linux Enterprise Point Of Service Ldap Directory

    The SUSE Linux Enterprise Point of Service LDAP Directory All system information (system structure, the configuration and deployment method for each Branch Server, available client images, and Point of Service terminal types) is stored in an LDAP directory on the Administration Server. The SUSE® Linux Enter- prise Point of Service LDAP directory runs on an OpenLDAP directory.

  • Page 130: Logical Structure Of The Ldap Directory

    10.1 Logical Structure of the LDAP Directory The LDAP directory is designed with multiple, hierarchical object classes so it can ac- commodate large corporate structures. The following list describes the standard object classes represented in the SUSE Linux Enterprise Point of Service LDAP directory tree.
  • Page 131 Global (scRefObjectContainer) This initial reference object container is created automatically. All globally valid information for a chain or company—that is server hardware, Point of Service hardware, or client images—is stored in the Global container in the form of reference objects. These reference objects are linked to the actual entries for the Point of Service terminals and servers in the branches using distinguished names.
  • Page 132 • File-Based Configuration Template • LDAP-Based Configuration Template File-Based Configuration Template (scConfigFileSyncTemplate) scConfigFileSyncTemplate objects are used when you run services, such as X Windows, that require hardware-dependent configuration files. The scConfigFileSyncTemplate object points to the configuration file that a Point of Service terminal needs to run a given service. This object differs from scConfigFileTemplate objects because the configuration data is not stored in the object;...
  • Page 133 • Hard Disk • RAM Disk • File-Based Configuration Template • LDAP-Based Configuration Template Hard Disk (scHarddisk) The configuration for a Point of Service terminal hard disk. For information on adding this object class to the LDAP directory, see Section 7.4.3, “Adding an scHarddisk Object”...
  • Page 134 • Server Container Workstation (scWorkstation) The Workstation object stores information for a specific Point of Service terminal. Using information from the Hardware Reference object (scCashRegister) and Image Reference object (scPosImage), posldap2crconfig.pl automati- cally creates a Workstation object in the LDAP directory for every Point of Service terminal that registers on the Branch Server.
  • Page 135 The Administration Server does not have an associated object in the LDAP tree structure. For information on adding this object class to the LDAP directory, see Section 6.4.3, “Adding an scServerContainer and scBranchServer Object” (page 60). The next level is represented by: •...

  • Page 136: Using Posadmin To Manage The Ldap Directory

    2. Below this scLocation, a search is made for an object of objectClass: scServerContainer (server). 3. Below this scServerContainer, a search is made for an object of objectClass: scBranchServer with cn=bs. 4. Data specific to this server is located below this scBranchServer object, such as objects of objectClass: scNetworkcard in which the IP addresses are indicated.
  • Page 137 Terminal information in the LDAP directory. For an overview of the LDAP directory structure and a reference of all SUSE Linux Enterprise Point of Service elements repre- sented in the LDAP directory, refer to Chapter 10, The SUSE Linux Enterprise Point of Service LDAP Directory (page 121).
  • Page 138 Branch Objects: • One or more organizationalUnit objects to represent your organization’s structure. • An scLocation object for each site where a Branch Server is located. • An scServerContainer to contain all the Branch Server objects for a given site. •...
  • Page 139 the corresponding physical image from the Branch Server at boot time. For more information on setting the scPosImageVersion attribute to Active, see Section 7.4.7, “Activating Images” (page 86). --> When you boot the Point of Service terminals, posldap2crconfig.pl automati- cally creates a Workstation object (scWorkstation) in the LDAP directory for every Point of Service terminal that registers on the Branch Server.
  • Page 140 Option Description In some cases, you can use an abbreviation or a common name for the base. This is possible only if the common name is a unique value in the directory. For example, --base boston If posAdmin cannot determine the base (no base or more than one base is found), it exits with an error message.
  • Page 141 Attribute Type Explanation --attribute must Attribute; for example, scPosImageVersion. --value If a value is given, the attribute is modified; otherwise, the attribute entry is deleted. The following command removes image reference in terminal CR01 (scPosImageDn value under scWorkstation object): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --modify --scWorkstation --scPosImageDn --DN cn=CR01,cn=east,ou=boston,o=mycorp,c=us The following command removes both image reference and image version in terminal...
  • Page 142 posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --modify --multival --scPosImage --scPosImageVersion '=>2.1.1;active' --DN cn=myMinimal,cn=myTestImages,cn=global,o=mycorp,c=us The following command removes image version 2.0.4;active (if it exists): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --modify --multival --scPosImage --scPosImageVersion '2.0.4;active=>' --DN cn=myMinimal,cn=myTestImages,cn=global,o=mycorp,c=us The following command modifies image version 2.0.4;active into 2.0.4;passive (assuming it exists): posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --modify --multival --scPosImage --scPosImageVersion...
  • Page 143 The following command removes the image (scPosImage object) myMinimal in the distribution container myTestImages: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --remove --DN cn=myMinimal,cn=myTestImages,cn=global,o=mycorp,c=us The following command removes registered terminal (scWorkstation object) CR01: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --remove --DN cn=CR01,cn=east,ou=boston,o=mycorp,c=us 10.2.5 Querying LDAP Objects To query an object, use the --query option, an object option such as --scLocation or --scBranchServer, and, if desired, an attribute-value pair.

  • Page 144: Ldap Objects Reference

    Example 1 List all locations with all data in boston: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base ou=boston,o=mycorp,c=us --query --scLocation Example 2 List all locations in boston that show only the ipNetworkNumber: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base ou=boston,o=mycorp,c=us --query --scLocation --ipNetworkNumber Example 3 List all locations in boston that show only the ipNetworkNumber 192.168.1.0: posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret...
  • Page 145 IMPORTANT: Defining the Branch Server Hostname The location of the scBranchServer object in the LDAP directory must correspond to the hostname defined for the Admin/Branch Server during in- stallation. For example, if the hostname is bs.east.boston.mycorp.us, the dn of the scBranchServer object would be cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us.
  • Page 146 Table 10.6 Attributes for scCashRegister Elements Name Role Description Must Common name an entity is known scCashRegisterName Must Hardware Type of the cash register scPosImageDn Default Image DN for a cash register scDiskJournal Turn on disk journaling 10.3.3 scConfigFileSyncTemplate scConfigFileSyncTemplate objects are used when you run services, such as X Windows, that require hardware-dependent configuration files.
  • Page 147 Name Role Description scConfigFile Must Configuration file scBsize Must Size in blocks scConfigFileLocalPath Must Local path to the configuration file. This path must be located in the rsync directory scConfigMd5 MD5sum of the configuration file description Description 10.3.4 scConfigFileTemplate scConfigFileTemplate objects are used when you run services, such as the X Window service, that require hardware-dependent configuration files.
  • Page 148 Name Role Description scBsize Must Size in blocks scConfigFileData Data of a configuration file scConfigFileParser Name of the parserFunction to apply scConfigMd5 MD5sum of the configuration file description Description 10.3.5 scDistributionContainer An scDistributionContainer is a container for the distribution of sets of images. A distribution set is a collection of images designed for Point of Service terminals on a given version of the Linux kernel.
  • Page 149 Name Role Description scKernelMatch Must Rule for matching scKernelVersion with the uname result scKernelExpression Expression used to match the scKernelVersion against uname 10.3.6 scHarddisk An scHarddisk object describes the configuration of the hard disk of a Point of Service terminal. For information on adding this object class, refer to Section 7.4.3, “Adding an scHarddisk Object”...
  • Page 150 Table 10.11 Attributes for scHardware Elements Name Role Description Must Common name an entity is known by scPosImageDn Default image DN of a cash register scRefPcDn DN to PC hardware type, typically under global scRefMonitorDn DN of monitor type scRefServerDn DN of a reference server 10.3.8 scLocation An scLocation object represents a branch office;...
  • Page 151 Name Role Description scDhcpRange Must IP range, separated by commas scDhcpFixedRange Must IP range, separated by commas scDhcpExtern Must Allow an external DHCP server to be used instead of setting up an own on the Branch Server (TRUE or FALSE). scDefaultGw Must IP address of the default gateway...
  • Page 152 Table 10.13 Attributes for scNetworkcard Elements Name Role Description scDevice Must Device name, like eth0 ipHostNumber Must IPv4 addresses as a dotted decimal omit- ting leading zeros or IPv6 addresses as defined in RFC2373 macAddress MAC address in maximal, colon separated hex notation, e.g.
  • Page 153 Name Role Description scDhcpOptionsRemote Must Additional DHCP options for re- mote boot scDhcpOptionsLocal Must Additional DHCP options for local boot scImageFile Must Name of the image file in the image_name.arch format scBsize Must Size in blocks scConfigFile Configuration file 10.3.11 scRamDisk Ramdisk An scRamDisk object represents the configuration of a Point of Service terminal RAM disk.
  • Page 154 10.3.12 scRefObjectContainer Global (scRefObjectContainer, cn=global): All globally valid information for a chain or company—that is server hardware, Point of Service hardware, or client images—is stored in the Global container of class scRefObjectContainer in the form of reference objects. These reference objects are linked to the actual entries for the Point of Service terminals and servers in the branches using unique names.
  • Page 155 Table 10.17 Attributes for scServerContainer Elements Name Role Description Must Common name an entity is known by 10.3.14 scService scService contains the configuration for a Branch Server service like DNS, TFTP, or DHCP. For information on adding this object class to the LDAP directory, see Section 6.4.3, “Adding an scServerContainer and scBranchServer Object”...
  • Page 156 10.3.15 scWorkstation The Workstation object stores information for a specific Point of Service terminal. Using information from the Hardware Reference object (scCashRegister) and Image Reference object (scPosImage), posldap2crconfig.pl automatically creates a Workstation object in the LDAP directory for every Point of Service terminal that registers on the Branch Server.
  • Page 157 Name Role Description scStandardPrinterDn DN of the standard printer for a location or workstation userPassword Password of user scStandardPrinter Name of the standard printer scPosGroupDn DN of a CR group scDiskJournal Turn on disk journaling scConfigUpdate Indicate configuration files that should be updated upon next boot scNotifiedimage...

  • Page 159: 1 Managing Image Source Files

    Managing Image Source Files Before you can create images for Point of Service terminals, you must copy the image source files from the SUSE® Linux Enterprise Point of Service CDs to a central distri- bution directory and create the reference files that KIWI needs to locate the image source files.
  • Page 160 11.1.1 The --copy Option Copies the SUSE Linux Enterprise Point of Service CDs to the distribution directory structure. NOTE The distribution directory structure is referenced in the AdminServer.conf and Distribution.xml files so KIWI can locate the RPMs required to build the image.
  • Page 161 Option Description tion about revision, media, media number, etc. For example, SLES-11-SLEPOS-11-0-CD1, SLES-11-SLEPOS-11-0-CD2. 11.1.2 The --link Option Creates a link between the distribution directory structure required by KIWI and the directories where the CD source media are currently located. This option is required only if the SUSE Linux Enterprise Point of Service CDs are not archived in the distribution directory structure required by KIWI.
  • Page 162 11.1.3 The --mount Option Mounts the SUSE Linux Enterprise Point of Service CDs. This option is required only if the CD source media are on another server. For example, if you require multiple Administration Servers to build images, you can copy the CD source media to one of those servers and mount the other image servers to that source.
  • Page 163 [--dest=output_path] Indicates the destination path for the output file. This parameter is optional. If it is not de- fined, POSCDTool creates the files as fol- lows: • The AdminServer.conf file is cre- ated in /etc/SLEPOS/. • The /var/lib/SLEPOS/ Distribution.xml document is created in .

  • Page 164: Poscopytool Command Line Options

    11.2 POSCopyTool Command Line Options POSCopyTool is a simplified version of POSCDTool that performs only the following tasks: • It copies the SLED and SLES source CDs to the default distribution directory, /var/lib/SLEPOS/dist/. As POSCopyTool copies the source CDs, it prompts you for the CDs it needs to complete the process.
  • Page 165 Option Description --source=cdpath Must be set to the path where the contents exist, for example /data/install. If you use --source=/media, all (first level) subdirectories are scanned, to ensure that the automounted sources are also in- cluded. [--dest=distribution_ Indicates the destination for the copied data.

  • Page 166: Managing The Image Source Files

    To copy sources from a specific custom directory, which must contain a missing source when poscopytool.pl asks for it, specify the custom directory: poscopytool.pl --source=/media/mysource 11.3 Managing the Image Source Files This section reviews tasks required to prepare the Administration Server tasks to build system images with KIWI.
  • Page 167 This task is required for all Administration Servers you want to build images on. You can manually generate the configuration file with POSCDTool. POSCopyTool automatically generates these files after completing the copy procedure. 11.3.1 Copying the SUSE Linux Enterprise Point of Service CDs POSCDTool and POSCopyTool copy the RPM software packages used to build SLE- based system images by default to the following directories: /var/lib/SLEPOS/dist/SLES-11-SP1-DVD-i586-DVD1...
  • Page 168 • Copies the SUSE Linux Enterprise Point of Service CDs from the designated source media to the default distribution directory, /var/lib/SLEPOS/dist/. • Creates AdminServer.conf in /opt/SLES/POS/. • Creates Distribution.xml with both the SLED and SLES image classes in /var/lib/SLEPOS/. • Verifies if the source CDs were correctly copied to the distribution directory. 11.3.2 Linking the SUSE Linux Enterprise Point of Service CDs KIWI cannot access the RPMs on the SUSE Linux Enterprise Point of Service CDs...
  • Page 169 poscdtool.pl --link --source=/nfs/cd This command links the CDs on the NFS server to the default distribution directory, /var/lib/SLEPOS/dist/. 11.3.3 Mounting the SUSE Linux Enterprise Point of Service CDs If you have multiple Point of Services where you want to build images, you can mount a single distribution directory on each server rather than copying the SUSE Linux En- terprise Point of Service CDs to each server.
  • Page 170 For example, the following command generates both AdminServer.conf and Distribution.xml using the default distribution directory. Distribution.xml is defined with both the SLED and SLES image classes and the document is saved to the default output path, /opt/SLES/POS/system/template/. The final AdminServer.conf file is saved to the default output path, /opt/SLES/POS/: poscdtool.pl --generate The following command uses the default distribution directory structure to create only the AdminServer.conf file in the default output path, /etc/opt/SLES/POS/:...

  • Page 171: 2 Building Images With The Image Creator Tool

    Building Images with the Image Creator Tool SUSE Linux Enterprise Point of Service uses KIWI as the main tool for creating Point of Service system images. YaST provides Image Creator, a GUI front-end to KIWI for easy image building. It is recommended to use this graphical front-end to build images. Image Creator can be started from YaST by choosing Miscellaneous >...
  • Page 172 Figure 12.1 The Image Creator Configuration Overview NOTE: Logging In as root User In order to be able to log in as root on the terminal, you need to create the root user and assign a password to it in the Users tab. NOTE: Creating Images from Scratch Only image templates shipped with SUSE Linux Enterprise Point of Service are supported.

  • Page 173: Creating An Image Based On Template

    12.1 Creating an Image Based on Template To create a new image configuration from a template shipped with SUSE Linux Enter- prise Point of Service follow these steps: 1 In the YaST Control Center, click Miscellaneous > Image Creator. 2 In the Image Creator Configuration Overview dialog, press Add. The Image preparation dialog appears.

  • Page 174: Building Network Boot Images

    tory according to the SLES Administration Guide and use Add From System in Image Creator. It is also possible to manually add selected packages to the /var/lib/ SLEPOS/system/image_name/repo/ directory. IMPORTANT: Building 32bit Images on 64bit Machines SLEPOS terminals need 32bit images. If you want build 32bit images on a 64bit machine, Subscription Management Tool (SMT) must be used for repository management.

  • Page 175: Building Bootable Cd Images With A System Image

    images and boot clients using PXE/DHCP. Network boot images are built together with any system image, when the Network Boot Image option in Image Creator is selected. If you want to create a system image with a network boot image using Image Creator, follow these steps: NOTE: Only eth0 is Supported In the initrd script in the disknetboot image the network device is hardcoded...

  • Page 176: Building Bootable Cd Images Without A System Image

    12.4 Building Bootable CD Images without a System Image If the terminals are not able to boot from network over the PXE/DHCP but the network is present, CDs without a system image can be used to boot the client system. The system image is downloaded from the network after the boot process.

  • Page 177: Adding Installable Documentation In Rpm Format

    2 Change to the directory containing the created image, for example: cd /var/lib/SLEPOS/system/images/configuration_name 3 Connect an empty USB stick with sufficient capacity to the computer. All data from the USB stick will be erased in the following step. 4 The created files now have to be copied to the USB stick using KIWI. Run the following command from your terminal emulator: kiwi --bootstick path_to_the_initrd --bootstick-system path_to_system_image...

  • Page 178: Image Configuration Settings

    3 In the /var/lib/SLEPOS/system/image_name/config.xml file, remove the line containing <rpm-excludedocs>True</rpm-excludedocs>. 4 Return to the Image Creator, edit the last image, and start building the image. 12.7 Image Configuration Settings In the Image Configuration tab, adjust the configuration of the software in the resulting image.
  • Page 179 In the Scripts tab, you can adjust configuration scripts that are used to build the image. The Directories tab contains two tables. In the Directory with System Configuration table, you can specify directories to copy to the root directory of the resulting system. For example, add a directory with configuration files.

  • Page 181: 3 Building Images With Kiwi

    Building Images with KIWI KIWI is a full-blown imaging suite that allows you to configure, build and deploy your own operating system images. The KIWI workflow is divided into three distinct stages: Preparing the Image Configuration (Physical Extend) Determine which packages are installed on your image and which configuration files are included with the image.

  • Page 182: Understanding The Kiwi Configuration

    TIP: Using SUSE Linux Enterprise Point of Service Image Templates SUSE Linux Enterprise Point of Service provides several templates that may be used to create new images. All the delivered templates are stored below /usr/ share/kiwi/image/SLEPOS/. When using these templates, copy contents of the directory that contains the respective configuration to a new subdirec- tory below /var/lib/SLEPOS/system/.
  • Page 183 config The config directory is an optional directory that may contain shell scripts to be executed after all packages have been installed. You could, for example manipulate a package to remove parts that are not needed for the operating system by adding the relevant script to the config directory.
  • Page 184 Example 13.1 An Example config.xml Image Description <image inherit="/usr/share/kiwi/image/SLEPOS/minimal-3" name="test" schemeversion="1.4"> <description type="system"> <author>Tux Linux</author> <contact>tux@example.com</contact> <specification>some description</specification> </description> <preferences> <type boot="/usr/share/kiwi/image/SLEPOS/usbboot-3" filesystem="ext3">usb</type> <type boot="/usr/share/kiwi/image/SLEPOS/netboot-3" filesystem="ext3" primary="true">pxe</type> <type boot="/usr/share/kiwi/image/SLEPOS/isoboot-3">iso</type> <version>1.0.0</version> <size unit="M">700</size> <packagemanager>zypper</packagemanager> <rpm-check-signatures>False</rpm-check-signatures> <rpm-force>True</rpm-force> <defaultdestination>/var/lib/SLEPOS/system/images/graphical-default</defaultdestination> <defaultroot>/var/lib/SLEPOS/system/chroot/graphical-default</defaultroot> </preferences> <repository type="rpm-dir"> <source path="this://repo"/>...
  • Page 185 The description element is used to provide some basic information on the creator of the image and a basic description of the image's purpose. The author element holds the image author's real name and the contact element a valid email address. specification holds a short description of the image's purpose. The preferences element holds information needed to create the logical extend.

  • Page 186: Preparing The Image Configuration

    13.2 Preparing the Image Configuration To prepare a new image configuration using one of the customized SUSE Linux Enter- prise Point of Service templates, proceed as follows: 1 Create the directory to hold the image description. To create a system image of a graphical operating system without a desktop en- vironment, use the following command: mkdir /var/lib/SLEPOS/system/graphical-default 2 Copy the template configuration to the image description directory:...
  • Page 187 4d Add any optional configuration or scripts you need for your particular image as described under Section 13.1, “Understanding the KIWI Configuration” (page 174). 5 Check whether config.xml is still well-formed XML to avoid parser problems when running the actual image building commands: xmllint --noout /var/lib/SLEPOS/system/graphical-default/config.xml If this command does not return any messages at all, the XML is well-formed and you can proceed with creating the image.

  • Page 188: Creating The Kiwi Image

    13.3 Creating the KIWI Image After the image preparation has finished successfully, proceed with creating the image: 1 Run the imaging command: kiwi --create ./chroot/graphical-default --destdir ./images/graphical-default KIWI creates the system image as well as any additional files needed to deploy the image.

  • Page 189: Building Customized Suse Linux Enterprise Point Of Service Images

    This is necessary because the file system tools in SUSE Linux Enterprise 11 use a different inode size than in SUSE Linux Enterprise 10. 13.4 Building Customized SUSE Linux Enterprise Point of Service Images SUSE Linux Enterprise Point of Service supports building various different types of images suitable for different deployment scenarios.
  • Page 190 1 Select the isoboot image type in config.xml as described in Section 13.1, “Understanding the KIWI Configuration” (page 174). 2 Run the --prepare and --create commands of KIWI, as described in Section 13.3, “Creating the KIWI Image” (page 180). 3 Change to the directory containing your image data: cd /var/lib/SLEPOS/system/images/image_name 4 Burn the ISO image to CD using a CD burning application of your choice (k3b or Nautilus, for example).

  • Page 191: Deploying Kiwi Images

    13.4.4 Building USB Stick Images with a System Image In environments where no suitable network infrastructure is available to boot SUSE Linux Enterprise Point of Service terminals over the LAN, you can use USB stick images containing system images. To build such images, proceed as follows: 1 Select the usb image type in config.xml, as described in Section 13.1, “Understanding the KIWI Configuration”...

  • Page 193: 4 Remotely Managing Point Of Service Terminals With Admind And Adminc

    Remotely Managing Point of Service Terminals with admind and adminc In a SUSE® Linux Enterprise Point of Service system, admind and adminc allow you to perform tasks like shutdown, configuration reload or application restart on multiple Point of Service terminals from a single location. 14.1 admind admind is a small daemon that allows simple commands to be executed on Point of Service terminals from a remote location.
  • Page 194 14.1.1 Command Line Options admind has the following command syntax: admind [-vIP] [configfile] [options] Table 14.1, “admind Command Line Options” (page 186) summarizes the admind command line options. Table 14.1 admind Command Line Options Option Description -I (uppercase i) Does not require admind to look up identities to authenticate the calling user.

  • Page 195: Adminc

    Option Description Defines a valid server. The names of the connecting servers are compared against this list. Short names can be used and are ex- panded for the local domain. Defines a valid username on the connecting machine. Defines the fixed commands. Each command has a single letter or digit key (X:[0-9a-zA-Z]).

  • Page 196: Posgetip

    Table 14.2 adminc Command Line Options Option Description --port The port number that admind listens on. The default is 8888. --parallel The maximum number of parallel sessions to start. The default is 8. --commands The command keys to be sent to clients. The command keys are specified in the client’s admind.conf file.

  • Page 197: Installing Admind On A Point Of Service Terminal

    posGetIP [--ip|noip] [--mac] Table 14.3, “posGetIP Command Options” (page 189) summarizes the available posGetIP command options. Table 14.3 posGetIP Command Options Option Description --ip Prints the IP addresses of all Point of Service terminals that are managed by the local Branch Server. This option is enabled by default.
  • Page 198 2 To start the xinetd service on the Point of Service terminal, activate the Scripts tab, and in the Image Configuration Script box add after the line suseActivateDefaultServices: suseInsertService xinetd 3 Create the admind.conf file in the /usr/share/kiwi/image/ SLEPOS/image_name-version/root/etc directory. 4 Set the configuration parameters in the admind.conf file.

  • Page 199: Installing The Admind Client On Administration And Branch Servers

    NOTE The setup.admind file is located in the /usr/share/kiwi/SLEPOS/ templates/addons/directory. It references the RPMs required to add the admind utility to a standard client image. 6 Distribute the image to your Point of Service terminals. For information on this procedure, Section 7.5, “Distributing Images to Point of Service Terminals”...

  • Page 201: 5 Backup And Restore

    Backup and Restore All system information (system structure, the configuration and deployment method for each Branch Server and Point of Service terminal, image information, and so forth) is stored in an LDAP directory on the Administration Server. This information must be backed up regularly to protect against data loss in case of storage failure and admin- istration errors.

  • Page 202: Offline Logical Backup

    2 Copy all the files in the /var/lib/ldap/ directory to an archive directory using cp, tar or any other command line tool for archiving or compressing files. 3 After the copy completes, start the LDAP server with rcldap start Restoring an Offline Backup (page 195) describes how to restore a physical backup. 15.2 Offline Logical Backup To perform a logical backup of the LDAP directory (database dump): 1 Stop the LDAP server with...

  • Page 203: Restoring Data

    that has an LDAP client, using an authenticated LDAP bind. Of course, the LDAP communication can also be secured with SSL. 1 To create an LDIF file similar to that created during an offline logical backup, proceed as follows: ldapsearch -x -D adminDN -w adminPassword -H ldap://LDAPServer/ baseDN...
  • Page 204 slapadd -l backupfile where backupfile is the file created by slapcat. 3 Start the LDAP server with rcldap start Procedure 15.2 Restoring an Online Backup To restore an online backup, the LDAP server must be running. 1 In case the LDAP database has been corrupted, remove the database files in /var/lib/ldap/ before restoring the online backup.

  • Page 205: 6 Troubleshooting

    SUSE® Linux Enterprise Point of Service system. 16.1 Server Infrastructure The server setup and operating procedures for Novell Linux Point of Service servers are easy in most circumstances. However, the distributed nature of the Novell Linux Point of Service system might provide some challenges. The following section describes frequently encountered difficulties with name resolution.
  • Page 206 Symptoms If the DHCP server configuration file /etc/dhcpd.conf is not created properly, poscheckip.pl returns the following error code: # poscheckip.pl # echo $? If the dhcpd.conf file is created properly, poscheckip.pl returns the correct hostname, address, netmask and domain as follows: # poscheckip.pl 192.168.150.1 255.255.255.0...

  • Page 207: Operation

    To do this, run posldap2crconfig.pl --dumpall on the Branch Server. The command will create needed files for all the affected terminals. Alternatively, you can run posAdmin.pl --updateconfig on the Administration Server with the terminals specified in a --dList option. Also be aware that in the latter case, the Branch Server must have a public IP address.
  • Page 208 Enough space should be configured to keep at least two generations of image files. This redundancy ensures that there is a valid image available at all times. RSYNC updates existing files, creates new files, and even deletes files that do not exist in the original download directory on the Administration Server.
  • Page 209 file for the active version exists. Make sure that the image has been transferred to the Branch Server and that the version in LDAP has an active flag attached. Hints • Keep at least two generations of image files available and active in LDAP at all times.

  • Page 211: A Changing The Server Language

    Changing the Server Language If you need to change the language that was defined during the initial installation of a SUSE® Linux Enterprise Point of Service Administration Server or Branch Server, you can do so by rerunning YaST and selecting a different system language. A.1 Changing the Language Selection To change the language of your Administration or Branch Server: 1 Start YaST.
  • Page 212 The YaST package manager dialog appears (see Figure A.1, “YaST Package Manager” (page 204)). Figure A.1 YaST Package Manager 2 Use the Filter > Languages option to verify that the required language support for the Administration Server or Branch Server features is installed on your sys- tem.

  • Page 213: B Point Of Service Scripts

    Point of Service Scripts In a SUSE® Linux Enterprise Point of Service system, a number of scripts are provided to initialize and maintain Administration and Branch Servers. This section describes these scripts and their usage. B.1 Overview All the programs required to manage the system and to generate configuration files are implemented in Perl and as shell scripts.

  • Page 214: Core Script Process

    B.2 Core Script Process When Point of Service terminals are being set up in a branch or subsidiary, the posleases2ldap.pl script must be started as a daemon on the Branch Server for the relevant branch. All other scripts are controlled by this script. The interplay of scripts on the Branch Server occurs as follows: 1 posleases2ldap.pl is started directly on the Branch Server.
  • Page 215 tinguished names (DN) and the attributes are named scRefPcDn and scPosImageDn. 4b All information is collected to generate the /srv/tftpboot/CR/config .MAC configuration file. It is possible to specify hardware type or image type dependent configuration files, such as xorg.conf, which would be hardware type dependent.

  • Page 216: Script Quick Reference

    B.3 Script Quick Reference The remainder of this section provides a brief explanation of each SUSE Linux Enterprise Point of Service script, its function, and usage. B.3.1 poscheckip.pl poscheckip.pl is a helper script that looks up a server's IP address in LDAP and outputs the netmask and domain name related to that entry.
  • Page 217 Function When running this script, you are prompted to enter the company name, country abbre- viation, IP address, and the LDAP administrator password of the Administration Server. The /etc/SLEPOS/branchserver.conf configuration file is generated by filling in the LDAP base, LDAP administrator password, and the IP address of the Adminis- tration Server.
  • Page 218 Table B.1 posInitBranchserver.sh Options Option Description -r or --reinitialize Reinitializes Branch Server, default values are loaded from an existing Branch Server configura- [=FILE] tion file or from file specified by FILE. -f or --file =FILE Specifies the path to SLEPOS offline installation file.
  • Page 219 NOTE: posInitLdap.sh In the previous SLEPOS versions, posInitAdminserver.sh was called posInitLdap.sh. posInitLdap.sh is now a symbolic link to the posInitAdminserver.sh script. Function posInitAdminserver.sh uses /etc/SLEPOS/template/slapd.conf .template to create the OpenLDAP configuration file, /etc/openldap/slapd .conf. The LDAP base DN and password are replaced from the posInitAdminserver.sh script with the corresponding user entries.
  • Page 220 Option Description -n or --noninteractive Performs unattended installation (-f or -r options are needed). -V or --version Displays the version of the script being used. -h or --help Displays available options and their description. --usage Displays basic usage information. WARNING Running this script destroys any existing data in LDAP.
  • Page 221 the Point of Service terminal is then removed from the /srv/tftpboot/upload directory. posldap2crconfig.pl can optionally be run with the --dumpall parameter. Using this mode, posldap2crconfig.pl regenerates the config.MAC and hardware configuration files for all Point of Service terminals found in LDAP. NOTE When posldap2crconfig generates syslog messages, these messages are displayed in all open shell windows of the Branch Server, if the default setting of the...
  • Page 222 .header by default. The content of the header file is adapted to the installation by posInitBranchserver.sh (see Section B.3.2, “posInitBranchserver.sh” (page 208)). The value of the scDhcpRange attribute in an scLocation object is translated into a range statement in the subnet declaration. In addition, the options for tftpboot are written into each subnet declaration.
  • Page 223 header is adapted to the installation by posInitBranchserver.sh (see Sec- tion B.3.2, “posInitBranchserver.sh” (page 208)). The value of the scDhcpRange attribute in a scLocation object is translated into a \$GENERATE directive. For each scService or scHAService, an A record is created or, if multiple objects of that kind point to the same IP address, a CNAME record.
  • Page 224 Usage In normal operation, posleases2ldap.pl is run as a daemon. It can be started by using the /etc/init.d/posleases2ldap init script, which is also used to start the daemon at boot time. To enable this, use chkconfig posleases2ldap If posleases2ldap.pl is started manually, it immediately runs in the background. To avoid this, use the optional parameter -d.
  • Page 225 B.3.9 possyncimages.pl The possyncimages.pl script must be run on a Branch Server to download or update the images from the Administration Server. It uses RSYNC and requires that the RSYNC service is properly configured and running on the Administration Server. This script can be run manually, but depending on your system requirements, you can create a cron job that runs the script every night to keep the images up to date.

  • Page 227: C Suse Linux Enterprise Point Of Service Files And Directory Structure

    SUSE Linux Enterprise Point of Service Files and Directory Structure This section provides a quick reference of directory structure. C.1 Administration Server Directory Structure /etc/openldap/slapd.conf The LDAP directory contains the LDAP server configuration file. To restrict access to the LDAP directory, access control lists (ACLs) can be implemented in the slapd.conf file.
  • Page 228 During installation of the Administration Server, SUSE Linux Enterprise Point of Service automatically installs a CA and generates self-signed certificates to secure communication between Administration and Branch Servers. The public key for the CA is distributed to the Branch Servers only if you enable LDAP SSL during installation.
  • Page 229 /etc/SLEPOS/named/ The name directory contains a sample configuration file (named.conf) for the DNS service provided by Branch Servers for Point of Service terminals. /etc/SLEPOS/rsync/ The rsync directory contains the configuration files for the rsync service. /etc/SLEPOS/rsync/rsyncd.conf This file contains the rsync configuration data for the Administration Server’. /etc/SLEPOS/rsync/rsyncdbranch.conf This file contains the Branch Server’s rsync configuration data.
  • Page 230 Branch Server. They indicate which kernel and RAM disk to load for the Point of Service terminal. These files enable the Branch Server to distribute SLRS 8 and Novell Linux Point of Service 9 images. SUSE Linux Enterprise Point of Service automatically creates the pxelinux.cfg files based on the distribution container configurations in the LDAP directory.

  • Page 231: Branch Server Directory Structure

    /usr/share/kiwi/images/SLEPOS This directory is the staging area for client images. The information used to build client images is stored in this directory and its sub-directories. /srv/SLEPOS/image/image_filename This directory is the staging area for the client images. The information used to build client images is stored in this directory and its sub-directories.
  • Page 232 /srv/tftpboot/CR/ The CR directory contains config.MAC image configuration files for every reg- istered Point of Service terminal on the current Branch Server. /srv/tftpboot/CR/MAC/ The MAC directory contains system configuration files for individual Point of Service terminals, such as xorg.conf. /srv/tftpboot/boot/ The boot directory contains the boot images and configuration files required to boot Point of Service terminals.
  • Page 233 /srv/tftpboot/boot/pxelinux.config/ This directory contains the configuration files required to PXE boot the Point of Service terminals. The file pxelinux.cfg indicate which kernel and RAM disk to load for the Point of Service terminal. These files enable Branch Servers to dis- tribute SLRS 8 and SUSE Linux Enterprise Point of Service 9 images.

  • Page 234: Kiwi Files And Directory Structure

    formation in the bootversion.MAC file to the scNotifiedimage attribute in the scWorkstation object in LDAP. C.3 KIWI Files and Directory Structure /usr/share/kiwi/image/SLEPOS/imagetype/config.xml This file is the main configuration file. It is used to define base names, image types, profiles, options, and the package/pattern list. /usr/share/kiwi/image/SLEPOS/imagetype/config/ The configdirectory contains optional shell skripts.
  • Page 235 /usr/share/kiwi/image/SLEPOS/imagetype/repo/ The repo directory contains your RPM packages. These are accessible in Image Creator. /usr/share/kiwi/image/SLEPOS/IMAGETYPErepo This directory is the repository that contains RPM packages directly accessible in Image Creator. Replace IMAGETYPE with either minimal-VERSION or graphical-VERSION. /var/lib/SLEPOS/system/distribution/repo/ This directory holds image RPM packages selectable in Image Creator. SUSE Linux Enterprise Point of Service Files and Directory Structure...

This manual is also suitable for:

Suse linux enterprise 11 point of service

Table of Contents