在金融行業中我所接觸的操作系統主要是AIX
和SLES(SuSE Linux Enterprise Server)
,也許大家平時用得更多是CentOS
,雖然有部分差異但原理都是相通的,SMIT
和YaST
也是灰常實用的功能,推薦大家有機會嘗試體驗下。因為網上關於SuSE自動化部署的參考文章較少,這套自動化部署方案已經被驗證並在生產系統使用了1年半,配置相對成熟和穩定。遵循Don't Repeat Yourself
原則,本文主要介紹基於AutoYaST實現半自動化SuSE定制光盤和PXE網絡全自動化安裝SuSE的實踐過程,如需了解更加詳細的參數說明可以參考擴展閱讀中的SuSE官網。
AutoYaST是自動化部署SuSE的黃金搭檔
SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 2
下載地址 - https://www.suse.com/zh-cn/download-linux/
AutoYast是SuSE Linux的自動安裝工具。通過AutoYast,在DHCP、TFTP、PXE服務的支持下,通過FTP、NFS等網絡安裝源可以實現SuSE Linux的完全無人值守自動安裝。但是,這種方式必須建立獨立的服務器且客戶端支持PXE網絡啟動,在現場沒有網絡或者系統不支持客戶端網卡的場景下不 適合,通過AutoYast制作的SuSE Linux一鍵安裝光盤可以滿足上述場景。本文主要介紹SuSE Linux Enterprise Server 11(簡稱SLES11)一鍵安裝光盤的制作, 其他SuSE Linux僅供參考。
AutoYast配置成功後,生成一個名為autoinst.xml的XML配置文件,SuSE Linux通過這個文件控制操作系統的安裝。AutoYast生成配置文件有3種方式:
偷懶最佳姿勢
)系統安裝時生成配置文件
按照正常步驟安裝SLES11,把必須的軟件全部安裝。運行到最後一步“安裝已完成”,勾選“為AutoYast復制此系統”,系統開始克隆系統生成配置文件,並彈出提示窗口。生成配置文件用時約2分鐘左右,生成的配置文件位於/root目錄下。
運行命令生成或者修改配置文件
如果在系統安裝時沒有生成配置文件,可以運行命令生成。在系統中打開終端,以root用戶運行命令yast2 autoyast
, 打開AutoYast配置窗口,選擇“工具”->“創建參考配置文件”,彈出“創建參考控制文件”窗口。勾選需要配置的項目,如軟件包選擇、語言、 分區、鍵盤布局、防火牆、網絡設置等,AutoYast根據選擇的項目從系統獲取相關配置信息。選擇“文件”->“保存”,彈出“另存為”窗口,輸 入文件名“autoinst.xml”,選擇“保存”,系統提示文件保存到指定目錄下。
有時我們需要對模塊做些調整,比如磁盤分區、軟件包等。以調整磁盤分區為例介紹配置文件的修改。
以root用戶運行yast2 autoyast
,打開AutoYast窗口,選擇“文件”->“打開”,選擇autoinst.xml文件,等系統讀取配置後,在AutoYast窗口顯示配置配件名稱,修改後保存即可。
AutoYast配置文件生成後,可以開始制作一鍵安裝光盤了。制作一鍵安裝光盤需要用到SLES11的原安裝光盤的數據
#首先復制SLES11原安裝光盤的數據到指定目錄 mkdir /tmp/sles11 cp -R /media/S*/* /tmp/sles11 #復制autoinst.xml cp /root/autoinst.xml /tmp/sles11 #編輯isolinux.cfg文件,找到# install所在位置 cd boot/x86_64/loader/ vi isolinux.cfg # install append initrd=initrd autoyast=file:///autoinst.xml splash=silent showopts :x! #運行mkisofs命令生成自動安裝光盤 cd /tmp/sles11 mkisofs -R -o /tmp/SLES11-SP2-64-AUTO.iso -b boot/x86_64/loader/isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table
預設分區
預裝軟件包
KDE Desktop Environment Oracle Server Base C/C++ Compiler and Tools nmap java-1_6_0 libstdc++43-devel-32bit
預設語言
主要:英語 添加:中文
預設用戶名/密碼
root/如果你直接復用我的配置文件請私信我獲取密碼
預設網絡配置
禁用服務:防火牆,IPv6
autoinst.xml
<?xml version="1.0"?> <!DOCTYPE profile> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <bootloader> <device_map config:type="list"> <device_map_entry> <firmware>fd0</firmware> <linux>/dev/fd0</linux> </device_map_entry> <device_map_entry> <firmware>hd0</firmware> <linux>/dev/sda</linux> </device_map_entry> </device_map> <global> <activate>true</activate> <boot_boot>true</boot_boot> <default>SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</default> <generic_mbr>true</generic_mbr> <gfxmenu>/boot/message</gfxmenu> <lines_cache_id>3</lines_cache_id> <timeout config:type="integer">8</timeout> </global> <initrd_modules config:type="list"> <initrd_module> <module>mptspi</module> </initrd_module> <initrd_module> <module>ata_piix</module> </initrd_module> <initrd_module> <module>ata_generic</module> </initrd_module> </initrd_modules> <loader_type>grub</loader_type> <sections config:type="list"> <section> <append>resume=/dev/sda1 splash=silent showopts</append> <image>/boot/vmlinuz-3.0.13-0.27-default</image> <initial>1</initial> <initrd>/boot/initrd-3.0.13-0.27-default</initrd> <lines_cache_id>0</lines_cache_id> <name>SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</name> <original_name>linux</original_name> <root>/dev/system/root</root> <type>image</type> <vgamode>0x317</vgamode> </section> <section> <append>showopts ide=nodma apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe</append> <image>/boot/vmlinuz-3.0.13-0.27-default</image> <initrd>/boot/initrd-3.0.13-0.27-default</initrd> <lines_cache_id>1</lines_cache_id> <name>Failsafe -- SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</name> <original_name>failsafe</original_name> <root>/dev/system/root</root> <type>image</type> <vgamode>0x317</vgamode> </section> <section> <blockoffset>1</blockoffset> <chainloader>/dev/fd0</chainloader> <lines_cache_id>2</lines_cache_id> <name>Floppy</name> <noverifyroot>true</noverifyroot> <original_name>floppy</original_name> <type>other</type> </section> </sections> </bootloader> <ca_mgm> <CAName>YaST_Default_CA</CAName> <ca_commonName>YaST Default CA (site)</ca_commonName> <country>CN</country> <password>ENTER PASSWORD HERE</password> <server_email>postmaster@site</server_email> <takeLocalServerName config:type="boolean">true</takeLocalServerName> </ca_mgm> <deploy_image> <image_installation config:type="boolean">false</image_installation> </deploy_image> <firewall> <FW_ALLOW_FW_BROADCAST_DMZ>no</FW_ALLOW_FW_BROADCAST_DMZ> <FW_ALLOW_FW_BROADCAST_EXT>no</FW_ALLOW_FW_BROADCAST_EXT> <FW_ALLOW_FW_BROADCAST_INT>no</FW_ALLOW_FW_BROADCAST_INT> <FW_CONFIGURATIONS_DMZ></FW_CONFIGURATIONS_DMZ> <FW_CONFIGURATIONS_EXT></FW_CONFIGURATIONS_EXT> <FW_CONFIGURATIONS_INT></FW_CONFIGURATIONS_INT> <FW_DEV_DMZ></FW_DEV_DMZ> <FW_DEV_EXT>any eth0</FW_DEV_EXT> <FW_DEV_INT></FW_DEV_INT> <FW_FORWARD_ALWAYS_INOUT_DEV></FW_FORWARD_ALWAYS_INOUT_DEV> <FW_FORWARD_MASQ></FW_FORWARD_MASQ> <FW_IGNORE_FW_BROADCAST_DMZ>no</FW_IGNORE_FW_BROADCAST_DMZ> <FW_IGNORE_FW_BROADCAST_EXT>yes</FW_IGNORE_FW_BROADCAST_EXT> <FW_IGNORE_FW_BROADCAST_INT>no</FW_IGNORE_FW_BROADCAST_INT> <FW_IPSEC_TRUST>no</FW_IPSEC_TRUST> <FW_LOAD_MODULES>nf_conntrack_netbios_ns</FW_LOAD_MODULES> <FW_LOG_ACCEPT_ALL>no</FW_LOG_ACCEPT_ALL> <FW_LOG_ACCEPT_CRIT>yes</FW_LOG_ACCEPT_CRIT> <FW_LOG_DROP_ALL>no</FW_LOG_DROP_ALL> <FW_LOG_DROP_CRIT>yes</FW_LOG_DROP_CRIT> <FW_MASQUERADE>no</FW_MASQUERADE> <FW_PROTECT_FROM_INT>no</FW_PROTECT_FROM_INT> <FW_ROUTE>no</FW_ROUTE> <FW_SERVICES_ACCEPT_DMZ></FW_SERVICES_ACCEPT_DMZ> <FW_SERVICES_ACCEPT_EXT></FW_SERVICES_ACCEPT_EXT> <FW_SERVICES_ACCEPT_INT></FW_SERVICES_ACCEPT_INT> <FW_SERVICES_ACCEPT_RELATED_DMZ></FW_SERVICES_ACCEPT_RELATED_DMZ> <FW_SERVICES_ACCEPT_RELATED_EXT></FW_SERVICES_ACCEPT_RELATED_EXT> <FW_SERVICES_ACCEPT_RELATED_INT></FW_SERVICES_ACCEPT_RELATED_INT> <FW_SERVICES_DMZ_IP></FW_SERVICES_DMZ_IP> <FW_SERVICES_DMZ_RPC></FW_SERVICES_DMZ_RPC> <FW_SERVICES_DMZ_TCP></FW_SERVICES_DMZ_TCP> <FW_SERVICES_DMZ_UDP></FW_SERVICES_DMZ_UDP> <FW_SERVICES_EXT_IP></FW_SERVICES_EXT_IP> <FW_SERVICES_EXT_RPC></FW_SERVICES_EXT_RPC> <FW_SERVICES_EXT_TCP></FW_SERVICES_EXT_TCP> <FW_SERVICES_EXT_UDP></FW_SERVICES_EXT_UDP> <FW_SERVICES_INT_IP></FW_SERVICES_INT_IP> <FW_SERVICES_INT_RPC></FW_SERVICES_INT_RPC> <FW_SERVICES_INT_TCP></FW_SERVICES_INT_TCP> <FW_SERVICES_INT_UDP></FW_SERVICES_INT_UDP> <enable_firewall config:type="boolean">false</enable_firewall> <start_firewall config:type="boolean">false</start_firewall> </firewall> <general> <ask-list config:type="list"/> <mode> <confirm config:type="boolean">false</confirm> </mode> <mouse> <id>none</id> </mouse> <proposals config:type="list"/> <signature-handling> <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum> <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key> <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key> <accept_unsigned_file config:type="boolean">true</accept_unsigned_file> <accept_verification_failed config:type="boolean">false</accept_verification_failed> <import_gpg_key config:type="boolean">true</import_gpg_key> </signature-handling> <storage/> </general> <groups config:type="list"> <group> <encrypted config:type="boolean">true</encrypted> <gid>100</gid> <group_password>x</group_password> <groupname>users</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>19</gid> <group_password>x</group_password> <groupname>floppy</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>1</gid> <group_password>x</group_password> <groupname>bin</groupname> <userlist>daemon</userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>41</gid> <group_password>x</group_password> <groupname>xok</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>65533</gid> <group_password>x</group_password> <groupname>nobody</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>43</gid> <group_password>x</group_password> <groupname>modem</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>5</gid> <group_password>x</group_password> <groupname>tty</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>7</gid> <group_password>x</group_password> <groupname>lp</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>104</gid> <group_password>!</group_password> <groupname>uuidd</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>51</gid> <group_password>!</group_password> <groupname>postfix</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>115</gid> <group_password>!</group_password> <groupname>gdm</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>65534</gid> <group_password>x</group_password> <groupname>nogroup</groupname> <userlist>nobody</userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>107</gid> <group_password>!</group_password> <groupname>oinstall</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>101</gid> <group_password>!</group_password> <groupname>messagebus</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>59</gid> <group_password>!</group_password> <groupname>maildrop</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>33</gid> <group_password>x</group_password> <groupname>video</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>3</gid> <group_password>x</group_password> <groupname>sys</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>15</gid> <group_password>x</group_password> <groupname>shadow</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>20</gid> <group_password>x</group_password> <groupname>cdrom</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>21</gid> <group_password>x</group_password> <groupname>console</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>42</gid> <group_password>x</group_password> <groupname>trusted</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>102</gid> <group_password>!</group_password> <groupname>haldaemon</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>106</gid> <group_password>!</group_password> <groupname>puppet</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>16</gid> <group_password>x</group_password> <groupname>dialout</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>110</gid> <group_password>!</group_password> <groupname>polkituser</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>10</gid> <group_password>x</group_password> <groupname>wheel</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>112</gid> <group_password>!</group_password> <groupname>pulse</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>8</gid> <group_password>x</group_password> <groupname>www</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>40</gid> <group_password>x</group_password> <groupname>games</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>6</gid> <group_password>x</group_password> <groupname>disk</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>17</gid> <group_password>x</group_password> <groupname>audio</groupname> <userlist>pulse</userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>114</gid> <group_password>!</group_password> <groupname>suse-ncc</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>49</gid> <group_password>x</group_password> <groupname>ftp</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>103</gid> <group_password>!</group_password> <groupname>tape</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>25</gid> <group_password>!</group_password> <groupname>at</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>9</gid> <group_password>x</group_password> <groupname>kmem</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>32</gid> <group_password>x</group_password> <groupname>public</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>0</gid> <group_password>x</group_password> <groupname>root</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>12</gid> <group_password>x</group_password> <groupname>mail</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>2</gid> <group_password>x</group_password> <groupname>daemon</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>105</gid> <group_password>!</group_password> <groupname>sfcb</groupname> <userlist>root</userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>111</gid> <group_password>!</group_password> <groupname>ntp</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>14</gid> <group_password>x</group_password> <groupname>uucp</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>113</gid> <group_password>!</group_password> <groupname>pulse-access</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>108</gid> <group_password>!</group_password> <groupname>dba</groupname> <userlist>oracle</userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>71</gid> <group_password>!</group_password> <groupname>ntadmin</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>62</gid> <group_password>x</group_password> <groupname>man</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>109</gid> <group_password>!</group_password> <groupname>mysql</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>22</gid> <group_password>x</group_password> <groupname>utmp</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>13</gid> <group_password>x</group_password> <groupname>news</groupname> <userlist></userlist> </group> <group> <encrypted config:type="boolean">true</encrypted> <gid>65</gid> <group_password>!</group_password> <groupname>sshd</groupname> <userlist></userlist> </group> </groups> <host> <hosts config:type="list"> <hosts_entry> <host_address>127.0.0.1</host_address> <names config:type="list"> <name>localhost</name> </names> </hosts_entry> <hosts_entry> <host_address>::1</host_address> <names config:type="list"> <name>localhost ipv6-localhost ipv6-loopback</name> </names> </hosts_entry> <hosts_entry> <host_address>addr:127.0.0.1</host_address> <names config:type="list"> <name>n n</name> </names> </hosts_entry> <hosts_entry> <host_address>fe00::0</host_address> <names config:type="list"> <name>ipv6-localnet</name> </names> </hosts_entry> <hosts_entry> <host_address>ff00::0</host_address> <names config:type="list"> <name>ipv6-mcastprefix</name> </names> </hosts_entry> <hosts_entry> <host_address>ff02::1</host_address> <names config:type="list"> <name>ipv6-allnodes</name> </names> </hosts_entry> <hosts_entry> <host_address>ff02::2</host_address> <names config:type="list"> <name>ipv6-allrouters</name> </names> </hosts_entry> <hosts_entry> <host_address>ff02::3</host_address> <names config:type="list"> <name>ipv6-allhosts</name> </names> </hosts_entry> </hosts> </host> <iscsi-client> <version>1.0</version> </iscsi-client> <kdump> <add_crash_kernel config:type="boolean">false</add_crash_kernel> <crash_kernel>128M-:64M</crash_kernel> <general> <KDUMP_CONTINUE_ON_ERROR>false</KDUMP_CONTINUE_ON_ERROR> <KDUMP_COPY_KERNEL>yes</KDUMP_COPY_KERNEL> <KDUMP_DUMPFORMAT>compressed</KDUMP_DUMPFORMAT> <KDUMP_DUMPLEVEL>0</KDUMP_DUMPLEVEL> <KDUMP_FREE_DISK_SIZE>64</KDUMP_FREE_DISK_SIZE> <KDUMP_IMMEDIATE_REBOOT>yes</KDUMP_IMMEDIATE_REBOOT> <KDUMP_KEEP_OLD_DUMPS>5</KDUMP_KEEP_OLD_DUMPS> <KDUMP_NETCONFIG>auto</KDUMP_NETCONFIG> <KDUMP_SAVEDIR>file:///var/crash</KDUMP_SAVEDIR> <KDUMP_VERBOSE>3</KDUMP_VERBOSE> </general> </kdump> <keyboard> <keymap>english-us</keymap> </keyboard> <language> <language>en_US</language> <languages>zh_CN,en_US</languages> </language> <ldap> <base_config_dn></base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <ldap_domain>dc=example,dc=com</ldap_domain> <ldap_server>127.0.0.1</ldap_server> <ldap_tls config:type="boolean">true</ldap_tls> <ldap_v2 config:type="boolean">false</ldap_v2> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <mkhomedir config:type="boolean">false</mkhomedir> <nss_base_group></nss_base_group> <nss_base_passwd></nss_base_passwd> <nss_base_shadow></nss_base_shadow> <pam_password>exop</pam_password> <sssd config:type="boolean">false</sssd> <start_autofs config:type="boolean">false</start_autofs> <start_ldap config:type="boolean">false</start_ldap> </ldap> <login_settings/> <networking> <dhcp_options> <dhclient_client_id></dhclient_client_id> <dhclient_hostname_option>AUTO</dhclient_hostname_option> </dhcp_options> <dns> <dhcp_hostname config:type="boolean">false</dhcp_hostname> <resolv_conf_policy>auto</resolv_conf_policy> </dns> <interfaces config:type="list"> <interface> <bootproto>dhcp</bootproto> <device>eth0</device> <prefixlen>16</prefixlen> <startmode>onboot</startmode> <usercontrol>no</usercontrol> </interface> <interface> <bootproto>dhcp</bootproto> <device>eth1</device> <prefixlen>16</prefixlen> <startmode>onboot</startmode> <usercontrol>no</usercontrol> </interface> </interfaces> <managed config:type="boolean">false</managed> <routing> <ip_forward config:type="boolean">false</ip_forward> </routing> </networking> <nis> <netconfig_policy>auto</netconfig_policy> <nis_broadcast config:type="boolean">false</nis_broadcast> <nis_broken_server config:type="boolean">false</nis_broken_server> <nis_local_only config:type="boolean">false</nis_local_only> <start_autofs config:type="boolean">false</start_autofs> <start_nis config:type="boolean">false</start_nis> </nis> <ntp-client> <ntp_policy>auto</ntp_policy> <peers config:type="list"> <peer> <address>127.127.1.0</address> <comment>################################################################################ ## /etc/ntp.conf ## ## Sample NTP configuration file. ## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ. ## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. ## ## Author: Michael Andres, <[email protected]> ## Michael Skibbe, <[email protected]> ## ################################################################################ ## ## Radio and modem clocks by convention have addresses in the ## form 127.127.t.u, where t is the clock type and u is a unit ## number in the range 0-3. ## ## Most of these clocks require support in the form of a ## serial port or special bus peripheral. The particular ## device is normally specified by adding a soft link ## /dev/device-u to the particular hardware device involved, ## where u correspond to the unit number above. ## ## Generic DCF77 clock on serial port (Conrad DCF77) ## Address: 127.127.8.u ## Serial Port: /dev/refclock-u ## ## (create soft link /dev/refclock-0 to the particular ttyS?) ## # server 127.127.8.0 mode 5 prefer ## ## Undisciplined Local Clock. This is a fake driver intended for backup ## and when no outside source of synchronized time is available. ## </comment> <fudge_comment># local clock (LCL) </fudge_comment> <fudge_options> stratum 10</fudge_options> <type>__clock</type> </peer> <peer> <address>/var/lib/ntp/drift/ntp.drift </address> <comment># LCL is unsynchronized ## ## Add external Servers using ## # rcntp addserver <yourserver> ## ## ## Miscellaneous stuff ## </comment> <type>driftfile</type> </peer> <peer> <address>/var/log/ntp </address> <comment># path for drift file </comment> <type>logfile</type> </peer> <peer> <address>/etc/ntp.keys </address> <comment># alternate log file # logconfig =syncstatus + sysevents # logconfig =all # statsdir /tmp/ # directory for statistics files # filegen peerstats file peerstats type day enable # filegen loopstats file loopstats type day enable # filegen clockstats file clockstats type day enable # # Authentication stuff # </comment> <type>keys</type> </peer> <peer> <address>1 </address> <comment># path for keys file </comment> <type>trustedkey</type> </peer> <peer> <address>1 </address> <comment># define trusted keys </comment> <type>requestkey</type> </peer> </peers> <start_at_boot config:type="boolean">false</start_at_boot> <start_in_chroot config:type="boolean">true</start_in_chroot> </ntp-client> <partitioning config:type="list"> <drive> <device>/dev/sda</device> <initialize config:type="boolean">true</initialize> <partitions config:type="list"> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">swap</filesystem> <filesystem_id config:type="integer">130</filesystem_id> <format config:type="boolean">true</format> <fstopt>defaults</fstopt> <loop_fs config:type="boolean">false</loop_fs> <mount>swap</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">130</partition_id> <partition_nr config:type="integer">1</partition_nr> <resize config:type="boolean">false</resize> <size>32G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <mount>/boot</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <partition_nr config:type="integer">2</partition_nr> <resize config:type="boolean">false</resize> <size>120M</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">142</filesystem_id> <format config:type="boolean">false</format> <loop_fs config:type="boolean">false</loop_fs> <lvm_group>system</lvm_group> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">142</partition_id> <partition_nr config:type="integer">3</partition_nr> <resize config:type="boolean">false</resize> <size>max</size> </partition> </partitions> <type config:type="symbol">CT_DISK</type> <use>all</use> </drive> <drive> <device>/dev/system</device> <initialize config:type="boolean">true</initialize> <partitions config:type="list"> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>home</lv_name> <mount>/home</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>15G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>opt</lv_name> <mount>/opt</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>10G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>root</lv_name> <mount>/</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>5G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>tmp</lv_name> <mount>/tmp</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>10G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>usr</lv_name> <mount>/usr</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>10G</size> </partition> <partition> <create config:type="boolean">true</create> <crypt_fs config:type="boolean">false</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <filesystem_id config:type="integer">131</filesystem_id> <format config:type="boolean">true</format> <fstopt>acl,user_xattr</fstopt> <loop_fs config:type="boolean">false</loop_fs> <lv_name>var</lv_name> <mount>/var</mount> <mountby config:type="symbol">device</mountby> <partition_id config:type="integer">131</partition_id> <resize config:type="boolean">false</resize> <size>5G</size> </partition> </partitions> <pesize>4M</pesize> <type config:type="symbol">CT_LVM</type> <use>all</use> </drive> </partitioning> <printer> <server_settings> <BrowseAllow config:type="list"> <listentry>all</listentry> </BrowseAllow> <BrowseOrder config:type="list"> <listentry>allow,deny</listentry> </BrowseOrder> <Browsing config:type="list"> <listentry>On</listentry> </Browsing> <DefaultAuthType config:type="list"> <listentry>Basic</listentry> </DefaultAuthType> <DefaultPolicy config:type="list"> <listentry>default</listentry> </DefaultPolicy> <Listen config:type="list"> <listentry>localhost:631</listentry> <listentry>/var/run/cups/cups.sock</listentry> </Listen> <LogLevel config:type="list"> <listentry>info</listentry> </LogLevel> <SystemGroup config:type="list"> <listentry>sys root</listentry> </SystemGroup> <sections config:type="list"> <section> <Allow config:type="list"> <listentry>127.0.0.2</listentry> </Allow> <Key>Location</Key> <Order config:type="list"> <listentry>allow,deny</listentry> </Order> <Value>/</Value> </section> <section> <Encryption config:type="list"> <listentry>Required</listentry> </Encryption> <Key>Location</Key> <Order config:type="list"> <listentry>allow,deny</listentry> </Order> <Value>/admin</Value> </section> <section> <AuthType config:type="list"> <listentry>Default</listentry> </AuthType> <Key>Location</Key> <Order config:type="list"> <listentry>allow,deny</listentry> </Order> <Require config:type="list"> <listentry>user @SYSTEM</listentry> </Require> <Value>/admin/conf</Value> </section> <section> <Key>Policy</Key> <Value>default</Value> <sections config:type="list"> <section> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @OWNER @SYSTEM</listentry> </Require> <Value>Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job</Value> </section> <section> <AuthType config:type="list"> <listentry>Default</listentry> </AuthType> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @SYSTEM</listentry> </Require> <Value>CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default</Value> </section> <section> <AuthType config:type="list"> <listentry>Default</listentry> </AuthType> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @SYSTEM</listentry> </Require> <Value>Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs</Value> </section> <section> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @OWNER @SYSTEM</listentry> </Require> <Value>Cancel-Job CUPS-Authenticate-Job</Value> </section> <section> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Value>All</Value> </section> </sections> </section> <section> <Key>Policy</Key> <Value>easy</Value> <sections config:type="list"> <section> <Key>Limit</Key> <Order config:type="list"> <listentry>allow,deny</listentry> </Order> <Satisfy config:type="list"> <listentry>any</listentry> </Satisfy> <Value>All</Value> </section> </sections> </section> <section> <Key>Policy</Key> <Value>paranoid</Value> <sections config:type="list"> <section> <Allow config:type="list"> <listentry>from 127.0.0.0/8</listentry> </Allow> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @OWNER</listentry> </Require> <Value>Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job</Value> </section> <section> <Allow config:type="list"> <listentry>from 127.0.0.0/8</listentry> </Allow> <AuthType config:type="list"> <listentry>Default</listentry> </AuthType> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @SYSTEM</listentry> </Require> <Value>CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default</Value> </section> <section> <Allow config:type="list"> <listentry>from 127.0.0.0/8</listentry> </Allow> <AuthType config:type="list"> <listentry>Default</listentry> </AuthType> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @SYSTEM</listentry> </Require> <Value>Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs</Value> </section> <section> <Allow config:type="list"> <listentry>from 127.0.0.0/8</listentry> </Allow> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @OWNER</listentry> </Require> <Value>Cancel-Job CUPS-Authenticate-Job</Value> </section> <section> <Allow config:type="list"> <listentry>from 127.0.0.0/8</listentry> </Allow> <Key>Limit</Key> <Order config:type="list"> <listentry>deny,allow</listentry> </Order> <Require config:type="list"> <listentry>user @OWNER @SYSTEM</listentry> </Require> <Value>All</Value> </section> </sections> </section> </sections> </server_settings> </printer> <proxy> <enabled config:type="boolean">false</enabled> <ftp_proxy></ftp_proxy> <http_proxy></http_proxy> <https_proxy></https_proxy> <no_proxy>localhost, 127.0.0.1</no_proxy> <proxy_password></proxy_password> <proxy_user></proxy_user> </proxy> <report> <errors> <log config:type="boolean">true</log> <show config:type="boolean">true</show> <timeout config:type="integer">0</timeout> </errors> <messages> <log config:type="boolean">true</log> <show config:type="boolean">true</show> <timeout config:type="integer">0</timeout> </messages> <warnings> <log config:type="boolean">true</log> <show config:type="boolean">true</show> <timeout config:type="integer">0</timeout> </warnings> <yesno_messages> <log config:type="boolean">true</log> <show config:type="boolean">true</show> <timeout config:type="integer">0</timeout> </yesno_messages> </report> <runlevel> <default>5</default> </runlevel> <software> <packages config:type="list"> <package>ConsoleKit-32bit</package> <package>Mesa-32bit</package> <package>PolicyKit-32bit</package> <package>PolicyKit-gnome-libs-32bit</package> <package>aspell-32bit</package> <package>at-spi-32bit</package> <package>audiofile-32bit</package> <package>audit-libs-32bit</package> <package>bind-libs-32bit</package> <package>bison-32bit</package> <package>cpufrequtils-32bit</package> <package>cracklib-32bit</package> <package>cryptconfig-32bit</package> <package>cyrus-sasl-32bit</package> <package>cyrus-sasl-gssapi-32bit</package> <package>cyrus-sasl-plain-32bit</package> <package>dbus-1-32bit</package> <package>dbus-1-glib-32bit</package> <package>device-mapper-32bit</package> <package>evolution-data-server-32bit</package> <package>fam-32bit</package> <package>file-32bit</package> <package>flex-32bit</package> <package>freeglut-32bit</package> <package>freetype-32bit</package> <package>fribidi-32bit</package> <package>gcc-32bit</package> <package>gcc43-32bit</package> <package>gconf2-32bit</package> <package>gdbm-devel-32bit</package> <package>gettext-runtime-32bit</package> <package>giflib-32bit</package> <package>glibc-devel-32bit</package> <package>glibc-locale-32bit</package> <package>gnome-keyring-32bit</package> <package>gnome-panel-32bit</package> <package>gnome-vfs2-32bit</package> <package>gpm-32bit</package> <package>hal-32bit</package> <package>hunspell-32bit</package> <package>java-1_6_0-ibm</package> <package>java-1_6_0-ibm-fonts</package> <package>jpackage-utils</package> <package>libFLAC8-32bit</package> <package>libHX13-32bit</package> <package>libacl-32bit</package> <package>libaio-32bit</package> <package>libaio-devel-32bit</package> <package>libart_lgpl-32bit</package> <package>libattr-32bit</package> <package>libavahi-client3-32bit</package> <package>libavahi-common3-32bit</package> <package>libavahi-glib1-32bit</package> <package>libblkid1-32bit</package> <package>libbonobo-32bit</package> <package>libbonoboui-32bit</package> <package>libbz2-1-32bit</package> <package>libcanberra-gtk-32bit</package> <package>libcanberra-gtk0-32bit</package> <package>libcanberra0-32bit</package> <package>libcap2-32bit</package> <package>libcroco-0_6-3-32bit</package> <package>libcurl4-32bit</package> <package>libdnet1</package> <package>libdrm-32bit</package> <package>libesd0-32bit</package> <package>libfreebl3-32bit</package> <package>libgcrypt11-32bit</package> <package>libglade2-32bit</package> <package>libgnome-32bit</package> <package>libgnome-desktop-2-11-32bit</package> <package>libgnomecanvas-32bit</package> <package>libgnutls26-32bit</package> <package>libgomp46-32bit</package> <package>libgpg-error0-32bit</package> <package>libgsf-1-114-32bit</package> <package>libgstreamer-0_10-0-32bit</package> <package>libgthread-2_0-0-32bit</package> <package>libgweather1-32bit</package> <package>libical0-32bit</package> <package>libidl-32bit</package> <package>libidn-32bit</package> <package>liblcms1-32bit</package> <package>libldap-2_4-2-32bit</package> <package>libltdl7-32bit</package> <package>liblua5_1</package> <package>liblzma5-32bit</package> <package>libmng-32bit</package> <package>libncurses6-32bit</package> <package>libnetpbm10-32bit</package> <package>libnscd-32bit</package> <package>libnsssharedhelper0-32bit</package> <package>libogg0-32bit</package> <package>libopenct1-32bit</package> <package>libopensc2-32bit</package> <package>libpciaccess0-32bit</package> <package>libproxy0-32bit</package> <package>libproxy0-config-gnome</package> <package>libproxy0-config-kde4</package> <package>libpulse0-32bit</package> <package>libpython2_6-1_0-32bit</package> <package>libqt4-32bit</package> <package>libqt4-qt3support-32bit</package> <package>libqt4-sql-32bit</package> <package>libqt4-x11-32bit</package> <package>libreiserfs-32bit</package> <package>librsvg-32bit</package> <package>libsepol1-32bit</package> <package>libsmbclient0-32bit</package> <package>libsmbios2-32bit</package> <package>libsndfile-32bit</package> <package>libsoup-2_4-1-32bit</package> <package>libsqlite3-0-32bit</package> <package>libstdc++33-32bit</package> <package>libstdc++43-devel-32bit</package> <package>libtalloc2-32bit</package> <package>libtasn1-3-32bit</package> <package>libtdb1-32bit</package> <package>libtool-32bit</package> <package>libudev0-32bit</package> <package>libvorbis-32bit</package> <package>libwbclient0-32bit</package> <package>libwnck-1-22-32bit</package> <package>libxcrypt-32bit</package> <package>libxml2-32bit</package> <package>libxslt-32bit</package> <package>mozilla-kde4-integration</package> <package>mozilla-nspr-32bit</package> <package>mozilla-nss-32bit</package> <package>mozilla-xulrunner192-32bit</package> <package>nautilus-32bit</package> <package>nautilus-cd-burner-32bit</package> <package>ncurses-devel-32bit</package> <package>nmap</package> <package>opensc-32bit</package> <package>openslp-32bit</package> <package>opie-32bit</package> <package>orbit2-32bit</package> <package>pam-32bit</package> <package>pam-modules-32bit</package> <package>pam_mount-32bit</package> <package>parted-32bit</package> <package>pciutils-32bit</package> <package>pcsc-lite-32bit</package> <package>popt-32bit</package> <package>qt3-32bit</package> <package>qtcurve-gtk2-32bit</package> <package>rpm-32bit</package> <package>samba-32bit</package> <package>samba-client-32bit</package> <package>startup-notification-32bit</package> <package>strace-32bit</package> <package>sysfsutils-32bit</package> <package>tcl-32bit</package> <package>tcpd-32bit</package> <package>tk-32bit</package> <package>utempter-32bit</package> <package>xaw3d-32bit</package> <package>xorg-x11-driver-video-radeonhd</package> <package>yast2-trans-en_US</package> <package>autoyast2-installation</package> <package>autoyast2-installation</package> </packages> <patterns config:type="list"> <pattern>Basis-Devel</pattern> <pattern>Minimal</pattern> <pattern>WBEM</pattern> <pattern>apparmor</pattern> <pattern>base</pattern> <pattern>documentation</pattern> <pattern>gnome</pattern> <pattern>kde</pattern> <pattern>oracle_server</pattern> <pattern>print_server</pattern> <pattern>x11</pattern> </patterns> <remove-packages config:type="list"> <package>apache2</package> <package>apache2-prefork</package> <package>apache2-utils</package> <package>apache2-worker</package> <package>emacs-nox</package> <package>libapr-util1</package> <package>libapr1</package> <package>libqt4-sql-sqlite</package> <package>lprng</package> <package>pcmciautils</package> <package>portmap</package> <package>rsyslog</package> <package>sendmail</package> <package>susehelp_de</package> <package>open-iscsi</package> </remove-packages> </software> <timezone> <hwclock>localtime</hwclock> <timezone>Asia/Shanghai</timezone> </timezone> <user_defaults> <group>100</group> <groups>video,dialout</groups> <home>/home</home> <inactive>-1</inactive> <shell>/bin/bash</shell> <skel>/etc/skel</skel> <umask>022</umask> </user_defaults> <users config:type="list"> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Games account</fullname> <gid>100</gid> <home>/var/games</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>12</uid> <user_password>*</user_password> <username>games</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>bin</fullname> <gid>1</gid> <home>/bin</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>1</uid> <user_password>*</user_password> <username>bin</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>nobody</fullname> <gid>65533</gid> <home>/var/lib/nobody</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>65534</uid> <user_password>*</user_password> <username>nobody</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Printing daemon</fullname> <gid>7</gid> <home>/var/spool/lpd</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>4</uid> <user_password>*</user_password> <username>lp</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>User for uuidd</fullname> <gid>104</gid> <home>/var/run/uuidd</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>102</uid> <user_password>*</user_password> <username>uuidd</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Postfix Daemon</fullname> <gid>51</gid> <home>/var/spool/postfix</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>51</uid> <user_password>*</user_password> <username>postfix</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Novell Customer Center User</fullname> <gid>114</gid> <home>/var/lib/YaST2/suse-ncc-fakehome</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>107</uid> <user_password>*</user_password> <username>suse-ncc</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>FTP account</fullname> <gid>49</gid> <home>/srv/ftp</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>40</uid> <user_password>*</user_password> <username>ftp</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Gnome Display Manager daemon</fullname> <gid>115</gid> <home>/var/lib/gdm</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>108</uid> <user_password>*</user_password> <username>gdm</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Batch jobs daemon</fullname> <gid>25</gid> <home>/var/spool/atjobs</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>25</uid> <user_password>*</user_password> <username>at</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>root</fullname> <gid>0</gid> <home>/root</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>0</uid> <user_password>$2y$05$PgHRKTw9p..KhpR4r3bhF.8yFRP30eBTO6bQSfDspTz8J5/8yw.qW</user_password> <username>root</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Mailer daemon</fullname> <gid>12</gid> <home>/var/spool/clientmqueue</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>8</uid> <user_password>*</user_password> <username>mail</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Daemon</fullname> <gid>2</gid> <home>/sbin</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>2</uid> <user_password>*</user_password> <username>daemon</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>NTP daemon</fullname> <gid>111</gid> <home>/var/lib/ntp</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>74</uid> <user_password>*</user_password> <username>ntp</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Unix-to-Unix CoPy system</fullname> <gid>14</gid> <home>/etc/uucp</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>10</uid> <user_password>*</user_password> <username>uucp</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>User for D-Bus</fullname> <gid>101</gid> <home>/var/run/dbus</home> <password_settings> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>100</uid> <user_password>*</user_password> <username>messagebus</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>User for haldaemon</fullname> <gid>102</gid> <home>/var/run/hald</home> <password_settings> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>101</uid> <user_password>*</user_password> <username>haldaemon</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Oracle user</fullname> <gid>107</gid> <home>/opt/oracle</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>104</uid> <user_password>*</user_password> <username>oracle</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>WWW daemon apache</fullname> <gid>8</gid> <home>/var/lib/wwwrun</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>30</uid> <user_password>*</user_password> <username>wwwrun</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Puppet daemon</fullname> <gid>106</gid> <home>/var/lib/puppet</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>103</uid> <user_password>*</user_password> <username>puppet</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>Manual pages viewer</fullname> <gid>62</gid> <home>/var/cache/man</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>13</uid> <user_password>*</user_password> <username>man</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>MySQL database admin</fullname> <gid>109</gid> <home>/var/lib/mysql</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>60</uid> <user_password>*</user_password> <username>mysql</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>PolicyKit</fullname> <gid>110</gid> <home>/var/run/PolicyKit</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>105</uid> <user_password>*</user_password> <username>polkituser</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>News system</fullname> <gid>13</gid> <home>/etc/news</home> <password_settings> <flag></flag> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/bash</shell> <uid>9</uid> <user_password>*</user_password> <username>news</username> </user> <user> <fullname>SSH daemon</fullname> <gid>65</gid> <home>/var/lib/sshd</home> <password_settings> <inact>-1</inact> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>71</uid> <username>sshd</username> </user> <user> <encrypted config:type="boolean">true</encrypted> <fullname>PulseAudio daemon</fullname> <gid>112</gid> <home>/var/lib/pulseaudio</home> <password_settings> <max>99999</max> <min>0</min> <warn>7</warn> </password_settings> <shell>/bin/false</shell> <uid>106</uid> <user_password>*</user_password> <username>pulse</username> </user> </users> <x11> <color_depth config:type="integer">24</color_depth> <display_manager>gdm</display_manager> <enable_3d config:type="boolean">true</enable_3d> <monitor> <display> <max_hsync config:type="integer">48</max_hsync> <max_vsync config:type="integer">60</max_vsync> <min_hsync config:type="integer">31</min_hsync> <min_vsync config:type="integer">50</min_vsync> </display> <monitor_device>1024X768@60HZ</monitor_device> <monitor_vendor>--> VESA</monitor_vendor> </monitor> <resolution>1024x768 (XGA)</resolution> <window_manager>gnome</window_manager> </x11> </profile>
什麼是PXE
PXE(Pre-boot Execution Environment)是由Intel設計的協議,它可以使計算機通過網絡啟動。協議分為client和server兩端,PXE client在網卡的ROM中,當計算機引導時,BIOS把PXE client調入內存執行,並顯示出命令菜單,經用戶選擇後,PXE client將放置在遠端的操作系統通過網絡下載到本地運行。
PXE協議的成功運行需要解決以下兩個問題:
對於第一個問題,可以通過DHCP Server解決,由DHCP server來給PXE client分配一個IP地址,DHCP Server是用來給DHCP Client動態分配IP地址的協議,不過由於這裡是給PXE Client分配IP地址,所以在配置DHCP Server時,需要增加相應的PXE特有配置。
至於第二個問題,在PXE client所在的ROM中,已經存在了TFTP Client。PXE Client使用TFTP Client,通過TFTP協議到TFTP Server上下載所需的文件。
這樣,PXE協議運行的條件就具備了,下面我們就來看看PXE協議的工作過程。
工作過程
在下圖中,PXE client是需要安裝Linux的計算機,TFTP Server和DHCP Server運行在另外一台Linux Server上。Bootstrap文件、配置文件、Linux內核以及Linux根文件系統都放置在Linux Server上TFTP服務器的根目錄下。
PXE client在工作過程中,需要三個二進制文件:bootstrap、Linux 內核和Linux根文件系統。Bootstrap文件是可執行程序,它向用戶提供簡單的控制界面,並根據用戶的選擇,下載合適的Linux內核以及Linux根文件系統。
方案介紹
這種方案需要首先設置一個啟動服務器和一個安裝服務器(可以配置在同一台物理機上),然後通過網絡啟動存放在啟動服務器上的安裝程序。安裝程序會自動訪問存放在安裝服務器上的安裝配置文件和安裝介質來完成安裝。
涉及到的技術
該方案主要應用了三種技術:
軟硬件需求
要按本文介紹的方法完成自動化安裝,你需要如下軟硬件資源:
為了簡化步驟,我們在XP虛擬機下搭建DHCP和TFTP服務端,用tftpd工具來整合實現PXE網絡引導,注意服務端與客戶端要在同一局域網內。在Linux下配置服務的原理類似,具體方法可參考互聯網。
(1)下載tftpd
http://tftpd32.jounin.net/
(2)啟動tftpd32程序,選擇【Settings】
(3)按需勾選,這裡我們僅選擇【TFTP】和【DHCP】
(4)TFTP設置如下
Base Directory:對應存放Linux的引導文件
PXE Compatibility:增強對不同型號網卡的網絡啟動支持
Show Progress bar:在網絡引導過程中顯示進度
Translate Unix file names:轉化Unix文件名
Allow “\” As virtual root:允許虛擬路徑
其它高級選項:設置包括兼容性以及一些細節
(5)DHCP配置
重點注意Boot File引導文件的設置和DHCP綁定地址
(6)tftpboot目錄結構
file://D:\tftpboot (2 folders, 3 files, 35.86 MB, 36.46 MB in total.) │ INITRD 32.20 MB │ LINUX 3.64 MB │ pxelinux.0 16.04 KB ├─pxelinux.cfg (0 folders, 1 files, 193 bytes, 193 bytes in total.) │ default 193 bytes └─tftpd32 (0 folders, 4 files, 620.33 KB, 620.33 KB in total.) EUPL-EN.pdf 33.51 KB tftpd32.chm 346.96 KB tftpd32.exe 200.50 KB tftpd32.ini 39.36 KB
INITRD和LINUX提取自Linux啟動引導鏡像
pxelinux.0是pxe啟動引導鏡像
pxelinux.cfg文件夾下的default文件為啟動菜單配置項
編輯tftpboot\pxelinux.cfg
,可以自定義autoinst.xml文件的訪問方式和路徑
default linux # Install Linux label linux kernel linux append initrd=initrd autoyast=ftp://198.15.0.106/suse/autoinst.xml install=ftp://198.15.0.106/suse splash=silent showopts
(1)下載Filezilla Server
http://filezilla-project.org/
(2)設置ftp
允許匿名訪問帳戶即可,配置好ftp路徑
提取SLES鏡像內的安裝目錄至ftp目錄下
使用SuSE中的AutoYaST工具生成autoinst.xml,復制到ftp任意目錄下,注意文件路徑與default配置相吻合
網絡啟動機器
前面的配置工作完成後,下面我們就在待安裝機器上通過網絡以無人值守的方式來安裝
(1)啟動待安裝機器,選擇從網卡啟動。具體方法因BIOS版本不同而異。下圖是從VMWare虛擬機上得到的選擇網絡啟動的屏幕截圖。
(2)網卡中的PXE代碼會聯系DHCP服務器來獲取IP地址以及啟動鏡像,然後啟動鏡像被載入並運行。
(3)開始全自動安裝
我這裡以添加Kernel內核補丁為例
<scripts> <init-scripts config:type="list"> <script> <filename>instkernel.sh</filename> <debug config:type="boolean">true</debug> <location></location> <interpreter>shell</interpreter> <source><![CDATA[ #!/bin/bash # # After installation, the logfile from this script can be found in # /var/adm/autoinstall/logs # echo "=========================================" echo "... Starting AutoYAST included script ..." echo "=========================================" rpm -ivh --root=/ ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-base-3.0.74-0.6.8.1.x86_64.rpm rpm -ivh --root=/ ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-3.0.74-0.6.8.1.x86_64.rpm rpm -ivh --root=/ ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-source-3.0.74-0.6.8.1.x86_64.rpm rpm -ivh --root=/ ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-devel-3.0.74-0.6.8.1.x86_64.rpm ]]> </source> </script> </init-scripts> </scripts>
統一是自動化運維的基礎核心,而統一部署又是自動化運維的第一步,其實在研究自動化部署的過程中我們會遇到各種坑,只有踩過的人才能夠體會其中的不容易