Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Google   

SUSE 10 SP1 on Dell 1950/2950 Installation Checklist

Dr. Nikolai Bezroukov

(version 1.03,  Created May 18, 2007; Last modified Dec 07, 2007)

Server: ______________________________

  1. Create Dell partition
  2. Boot the Suse 10 DVD
  3. Partition the Harddrives 
  4. Select set of packages to be installed from Suse DVD
  5. Additional YAST Installation steps

  6. Configuration steps after the system reboot

  7. Install additional packages
  8. Verify and enable standard daemons
  9. Configure passwd, groups and user directories
  10. Register server with Novell and install patches
  11. Create application specific users and home directories
  12. Perform initial hardening to satisfy audit req (should be automatic or semiautomatic)
  13. Installation of additional utilities and packages
  14. Create baseline
  15. Additional items that were missed

Before You Begin

Before you install a SUSE Linux Enterprise Server 10 verify the following:

  1. You have Dell Installation and Server management disk

  2. You have a registration number from Novell

  3. DRAC card is configured and you can access it from your PC. 

  4. You are using Suse 10 installation the DVD with SP1 not the original GA release.

  5. Server IP addresses corresponds to those in DNS.

  6. Network masks and gateway information that you have are correct.

Step 1. Create Dell Service partition

  1. Install Dell Installation CD in DVD drive and reboot the server with Ctrl-Alt-Del.
  2. Configure the drives into RAID as prompts suggest (if you have just 4 drives and want two separate logical drives you can use Raid 1 or 10 depending on the capabilities of the controller and the level of your love for RAID 10 ;-)

    Note: If you changed RAID configuration using controller BIOS you need go to the creation of a service partition as it looks like Dell startup disk write signatures on the disks and reboot the system. You can delete it later if you do not want it (it is actually very small).

  3. Usually enterprise class PE1950/2950 servers have a 4 drives configuration if there is no NAS and 2 drive with NAS:
     
  4. Create Dell utility partition.  Run Dell utility for creation of service partition until it will do 10% and then stop it by power recycling (you need to keep power key on PowerEdge server until power will switch off). If it runs to 20% it will ask for Suse DVD but will not accept it so you can reboot the server at this time but it is unclear it it makes sense to wait.
     

Step 2: Boot Suse SP1 Installation DVD or Other Repository

  1. Replace Dell installation CD with the Suse 10 SP 1 DVD and wait until the server boots (do not leave the console).
  2. Immediately after the server boots select Installation from the console menu (otherwise it will boot from the hard drive on expiration of "pass-through" timer -- that means that you can leave DVD in the drive even if you boot order has DVD-ROM before harddrive).
  3. Notes

Step 3. Partition the Harddrives 

Notes: 

Some examples of partitioning

Example 1: 

mirrored pair of 36 drives (no LVM)
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda5              4128320    338524   3580032   9% /
/dev/sda2               298471     16210    266850   6% /boot
/dev/sda10             5207780    737020   4206212  15% /home
/dev/sda8              4128320    735412   3183144  19% /opt
/dev/sda9              4128320    240456   3678100   7% /tmp
/dev/sda6              4128320   1851872   2066684  48% /usr
/dev/sda7              8256696    342928   7494288   5% /var
Example 2:  mirrowed pair of 73G drives (with LVM)
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/vg01-root
                       4128448    304384   3614352   8% /
/dev/sda2               297485     16507    265618   6% /boot
/dev/mapper/vg01-home
                       1032088     77000    902660   8% /home
/dev/mapper/vg01-opt   2064208    633432   1325920  33% /opt
/dev/mapper/vg01-tmp   4128448    136468   3782268   4% /tmp
/dev/mapper/vg01-usr   4128448   1404892   2513844  36% /usr
/dev/mapper/vg01-var  10321208    917848   8879072  10% /var
/dev/mapper/vg02-backup
                      17546044   6162448  10492308  38% /backup

Partitioning of hard drives using LVM

We will assume two 135 disk mirrowed via controller (sda 135GB). First you need to switch to the advanced mode in YAST2 Partitioner. You will see that one partition is already created.

If there are extra partitions on the boot drive you need to delete them.

  1. Create primary partition for /boot by entering +200M. Set the type of partition to Ext3 and check "format"

    sda2     /boot                200MB            4-29            (format ext3)

  2. Create swap partition by using swap partition code from the menu For example for 32G of RAM enter +32G:

    sda3     swap                32GB               30-4207
     

  3. Create extended partition for the rest of the drive

    sda4            Extended        103GB            (rest of disk)
     

  4. Enroll this partition into LVM by clicking on LVM button

    sda5     LVM                103GB (do not format, Linux LVM, rest of disk)
     

  5. Switch LVM view and create logical volume lv00
     
  6. Within LVM create additional partitions. Use name of partitions for labels ( root for / partition). For example:

    vg00                            103GB

    vg00    lv01            /            4GB

    vg00    lv02            /usr            4GB

    vg00    lv03            /var            4GB

    vg00    lv04            /opt            4GB

    vg00    lv05            /tmp            4GB

    vg00    lv06            /home            4GB

  7. Recheck that all partitions you created are Ext3 based.
     
  8. If you have the second pair of drives you can create logical volume lv01 for the second pair of drives

  9.      

Note: In Suse 10 default filesystem for some reason is still Reisner so please recheck that all slices are Ext3 based.
 

Notes

Step 4.  Select set of packages to be installed from Suse DVD

Important:

  1. In  “Base Technology” 
  2. In “Graphical Environment”
  3. In Primary Functions
  4. Notes

     

Step 5:  Additional YAST Installation steps

  1. ____ Select root password
  2. ____ Specify hostname and domain
     
  3. ___  In Network configuration (Important: Do not forget to disable IPv6)
  4. ___Configure the first non-root user (just yourself, at this time do not worry about replication of other accounts).

Step 6: Reboot_the system and perform configuration steps after the system reboot

Open Yast2 and make the following configuration changes:

  1.  ___  Modify default local security policies
     
  2. ___ Configure  NTP
  3. ___ Verify if telnet is installed. 
  4. ____ Verify if pure-ftpd is installled.

    Note: if you have a lot of Red Hat servers you can install  vsftpd  FTP daemon instead for consistency...

     

  5. ___   Modify /etc/hosts           
  6. ___  Modify /etc/services
     

  7. ___ Verify that you can access internet using FireFox.  Set proxy.
     

  8. ___ Verify NIC speed
     
  9. Notes

Step 7:   Install additional packages (generic post-install staff)

  1. ___ Install additional utilities
     
  2. ___ Install ksh93 RPM package (to be used as standard Korn shell for users that prefer ksh)
  3. ___ Install mc  RPM package (from DVD)
     
  4. ___ Modify crontab as necessary  
     
  5. Notes

Step 8: Verify and enable standard daemons

  1. ___ Verify is xinetd is running and if necessary enable it.



    service --status-all

    Checking for service xinetd: unused

    chkconfig xinetd.on
     

  2. Enable telent and ftp if nessesary
     
  3. Notes

Step 9:  Configure accounts and groups

Note: The best way is to use Red Hat style of primary group assignments: each user has GID identical to UID and all enrollment into groups is done in /etc/group

  1. ___ Install standard accounts via script
    • Note: Use bash as the default shell for all human users
  2. ___ Group staff should contain software application owners who use the servers
     
  3. ___ Group operators should contain operators
     
  4. ___  Enroll yourself into the group wheel.
     
  5. ___  Edit /etc/sudoers to make group wheel root equivalent.
     
  6. Notes

Step 10: Register server with Novell and install patches

  1. ___ Check if ZMD package is missing and install it, if necessary
     
  2. ___ Verify that proxy server is correctly configured by accessing Novell.com via FireFox
     
  3. ___ Register the server using registration code for the server provided by Novell. 
     
  4. ___ Install all the patches:
     
  5. Notes
     

Step 11: Create application specific users and home directories

  1. ___  Create application specific users and directories
     
  2. ___  Enable NSF Create NFS mounts, if nessessary
     
  3. Notes

Step 12: Perform initial hardening to satisfy audit req (should be automatic or semiautomatic):

  1. ___ Delete redundant accounts:
  2. ___ Delete redundant groups
     
  3. ___  Modify /etc/issue & motd
     
  4. Configure syslog and change in /etc/syslog.conf to point to log server
    1. All linux servers should forward syslog to SYSLOG server
    2. Verify log rotation (/etc/logrotate.conf)
       
  5. Install writable file check script into cron 
     
  6. Configure SSH for applications, if necessary (SSH is enabled out of the box in Suse)
    1. Disable SSH1
       
  7. Verify correctness of home directories permissions
     
  8. Populate all home directories and /root directory with .profile  and .kshrc files  (for bash users this is .bash_profile and .bashrc) and verify they are properly own and have permissions 700 or 701
     
  9. ___  Important Check and if necessary disable test, guest and any other unused accounts if any were created during the installation.
     
  10. Notes

 

Step 13: Installation of additional utilities and packages

  1. ____ Install Tivoli endpoint (check ssh connectivity from TMR server before the installation)
     
  2. ___  Install SecurID client
     
  3. ___  Install Sarcheck
     
  4. ___ Install Data Protector client
     
  5. Notes

 

Step 14:  Create baseline

  1. ___ Creation of the baseline of key config files for the server and possibly burning it to CD.
     
    1. Adopt one of the scripts used in troubleshooting and run it after the installation just before giving the server to application people.
       
    2. Copy all the critical config file to /root/baseline/date directory the way JASS does this on Solaris.
       
  2. ___ Verify the /boot/grub/menu.lst is configured correctly.
     
  3. ___ Check is all online updates are installed:
     
  4. Notes

 

Step 15.  Additional installation steps that were missed

  1. Notes
     

Copyright © 1996-2008 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: August 19, 2008