LTSP on SLES 10…

just works…

Follow the excellent document on http://www.novell.com/coolsolutions/feature/1639.html and you’re done!

January 4th, 2008 - Posted in Novell, SLES, linux | | 0 Comments

Groupwise clustering on Linux

While I was cleaning up some (test) virtual machines I stumbled upon my test cluster with groupwise. Before deleting the vms I decided to backup my cluster configuration for possible future use.
It was a 2 node cluster , evms , ssh stonith device and a groupwise system (postoffice + domain)

Contraints
Nodes
Resources

Psst: I’m working on the 2nd article about package mgmt on sles.

December 13th, 2007 - Posted in SLES, groupwise, linux | | 0 Comments

SLES Package management demystified (part 1)

This is the first part of my series about package management on SuSE Linux Enterprise Server. Read more

December 8th, 2007 - Posted in Novell, SLES, linux, rpm | | 0 Comments

SLES10 SP1 xen

When upgrading your SLES10 to SP1 you will notice that if you attach a (virtual) console to your xen machine it will stop showing output after booting. This is due to a switch to paravirtualized framebuffer as of SP1.

You can fix this by adding ‘xencons=tty’ to the extra line of your xen configuration. A restart is needed after changing this file.

Check TID 3029036 from Novell

August 12th, 2007 - Posted in SLES, xen | | 0 Comments

SLES on software raid

Created this ‘ SLES on SOFTWARE RAID ‘ document a while ago for a collegue and saw someone requesting it on a newsgroup last week that’s why I’m posting it again over here.

January 23rd, 2007 - Posted in SLES, linux | | 0 Comments

Novell will lead the dance

I’m really looking forward to the following upcoming releases from Novell:

http://www.novell.com/products/zenworks/systemsmanagement/

The main idea behind this tool is to have 1 interface which can be used to manage and monitor all your systems (virtual and physical).

With the virtual machine management part it will be possible to manage your virtual machines , not only Xen but also VMware or the Microsoft virtualisation solution. Dynamic workload management should also be in it! Virtual Machines will just be a cluster resource and it will no longer matter where (on which physical machine) it is running as well as all the applications in the vm.

(xen vms as a cluster resources in heartbeat2 is already possible with the current sles10)

The second release which will be interesting is the OES2 release. OES stands for Open Enterprise.

http://www.novell.com/news/press/item.jsp?id=1244&locale=en_US

This is actually the Novell product stack which is running on top of a Netware or a Linux kernel. Mainly file and print services. You can compare it to the old Netware servers.
There was already an OES1 in the past but there were still some issues with it which made it not as stable as his Netware brother, so I have high expectations.Main difference between OES1 and OES2 is offcourse that OES2 is built on top of SLES10 while OES1 is built on top of SLES9

December 7th, 2006 - Posted in Novell, SLES | | 0 Comments

Debian guest on sles10 host

Successfully deployed a debian sarge guest on top of a sles10 installation.

It went quite easy , here are the steps (briefly)

• mkdir /var/li/xen/images/vm1
• dd if=/dev/zero of=/var/lib/xen/images/vm1/hda
• mkfs.ext3 /var/lib/xen/images/vm1/hda
• repeat the previous steps to create other partitions like swap (mkswap)
• mkdir /mnt/tmp-root
• mount -o loop /var/lib/xen/images/vm1/hda /mnt/tmp-root
• install debootstrap: rpm -i http://leo.unstable.be/projects/sles10/xen/debootstrap-0.2.45-1.2.i386.rpm
• debootstrap –arch i386 sarge /mnt/tmp-root ftp://ftp.debian.org/debian/ ( minus minus arch)
• chroot /mnt/tmp-root
• make sure you configure networking , hostnames , fstab , apt inside this chroot
• files to check and modify: /etc/hosts , /etc/hostname , /etc/fstab , /etc/network/interfaces , /etc/apt/sources.list
• install module-init-tools
• exit from the chroot
• cp /boot/initrd-xen /mnt/tmp-root/boot
• cp /boot/vmlinuz-xen /mnt/tmp-root/boot
• cp -r /lib/modules/`uname-r` /mnt/tmp-root/lib/modules
• Offcourse your initrd should use the correct root device (can be re-created with mkinitrd)
• create a xen config under /etc/xen/vm
• make sure your configuration uses the right disk file and the correct bootloader line
• launch your vm for the first time with xm create -c /etc/xen/vm/vm1

That’s about it.

November 8th, 2006 - Posted in SLES, xen | | 0 Comments

Xen physical 2 virtual

I just hacked up a shell script which makes it possible to create a virtual machine out of

your running physical machine. After running this script you have the virtual disk and a configuration which can be started

with xm create -c /etc/xen/vm/

This is currently only tested with sles10 but with some small modifications it should also work in other environments.

Following steps are done by the script.

1. Check on which partition your / is mounted

2. Check which partition is your swap partition

3. Check sizes of both partitions and see if there is still enough availble space to create the virtual disk

4. Create a virtual disk image

5. Create partitions+filesystem on the virtual disk image

6. Copy all your data of your physical machine to the virtual disk image

7. Generate a xen configuration for your machine

This is still the first version of the script so there are still some ‘known issues’

- you already need to have the xen-kernel installed on your physical machine

- it only creates a / and a swap partition , no other partitions yet

- it (temp) creates the image file under /tmp before moving it to /var/lib/xen/images

- does not work with lvm (only loop devices)

You can find the script here

November 2nd, 2006 - Posted in SLES, xen | | 0 Comments

Battle of the application firewalls

I’ve hacked up a small C program which i normally use for showing Apparmor and selinux to
people. It is a very simple daemon which reads a configuration file (/etc/foo.conf) , which tries to write a pid file (/var/run/foo)
and also tries to do some setuid magic and reading of /etc/shadow.
A good combination to show an application firewall in a live demo.

The source code is attached, you can download it in a file called foo.c and compile it afterwards with make foo
this should create a foo binary in the current directory.
There are also 2 init scripts available for starting and stopping this small daemon.
One for redhat and one for suse, just put those under /etc/init.d make sure they are executable and try to run your foo daemon with /etc/init.d/foo start

If this already works you can continue with your application firewall configuration

Apparmor (SLES10)

• Launch yast2
• Go to Apparmor -> Add profile wizard
• Fill in the full path to the foo binary (/usr/sbin/foo)
• Apparmor is now in learning mode
• Switch to a console and start and stop the foo daemon with the following command: /etc/init.d/foo stop ; sleep 2 ; /etc/init.d/foo start ; sleep 30
• Return to your yast2 window
• Press the ’scan system log for events’ button
• You will now have a list with all the events and can allow the necessary events
• Click finish and you are done

Selinux (RHES4)

• Install the selinux-policy-targeted-sources package (because we want to modify the default ‘targeted’ policy)
• Go to the /etc/selinux/targeted/src/policy directory
• Create a foo.te file under the domains/program subdirectory
• Put the following text in this file: daemon_domain(foo)
• Create a foo.fc under the /etc/selinux/targeted/src/policy/file_contexts/program directory
• Add the following lines to this file:

/usr/sbin/foo — user_u:object_r:foo_exec_t
/var/run/foo — user_u:object_r:foo_var_run_t

• save this file and return to the /etc/selinux/targeted/src/policy directory
• issue a make reload under this directory
• Now try to start your foo binary with the init script: /etc/init.d/foo start
• Check if the application is running: /etc/init.d/foo status , if it says ‘foo is stopped’ you still need to modify some things on your selinux configuration