!!! Installation of SUSE 10.2 (29-12-2006)
[{TableOfContents}]

!!Base
* use /dev/hda6 as root, use existing /home on /dev/hda8 and existing swap partition
* extra packages selected on top of "defaults" : lynx, locate, ntop, JDK5, mysql, apache2, kxmleditor and more of them, but I can't remember
* change runlevels, disable NFS, Samba, and a few more,     enable apache2, smartd
* create users anneke, claudia, esther, tomcat, wim with correct UIDs and empty home
* download and install NVidia video driver, according to [instructions on the openSUSE site|http://en.opensuse.org/NVIDIA]
* hack openSUSE according to [http://www.softwareinreview.com/cms/content/view/60/]
* printer configuration (__CUPS is now release 1.2__) :
** configure printer with YaST and print testpage => OK
** the [CUPS interface|http://localhost:631] has changed significantly, and now offers the options to view (acces/error/page) logs and properly has authorization (when used with root) to stop/start printers, hold/cancel jobs, and also the following long wished feature: {{{
Allow users to cancel any job (not just their own)}}}, turned this one on, and also the {{{ Allow remote administration}}}
** change in /etc/cups/cupsd.conf: add group users to Systemgroup so that all users can stop/start printer
* webmin, [download|http://prdownloads.sourceforge.net/webadmin/webmin-1.310-1.noarch.rpm] and install version 1.31 (rpm): {{{
titanic:/home/metskem # rpm -i /mnt/data/zips/webmin-1.310-1.noarch.rpm
Operating system is SuSE Linux
Webmin install complete. You can now login to http://titanic:10000/
as root with your root password.
}}}
** changed port to the usual 51981
** add following to /etc/apache2/backend-connector.conf :{{{
ProxyPass /webmin http://localhost:51981
ProxyPassReverse /webmin http://localhost:51981
}}}
** add following to /etc/webmin/config: {{{
webprefix=/webmin
webprefixnoredir=1
referer=88.211.133.30
}}}
* download and install latest eclipse release (3.2.1) in /usr/local/eclipse
* change keyboard initial delay and repeat speed
* check/change firefox adobe acrobat plugin for other users
* copy /etc/sudoers from old environment
* webmin firewall config
** ''cp /mnt/suse10.1/etc/webmin/firewall/* /etc/webmin/firewall'' 
** with webmin: "Apply configuration" and "Activate on boot"
** check with ''iptables -L'' and [http://www.grc.com]
* install/test/check ntop version 3.2 ''(ntop -A -u wwwrun)''  test on [http://localhost:3000/]
* K3B support for MP3 oke ?
* ktorrent, tested => oke ?
* sysconfig: cleanup tmp and tomcat dirs regularly:
|MAX_DAYS_IN_TMP|15
|MAX_DAYS_IN_LONG_TMP|15
|TMP_DIRS_TO_CLEAR|default to /tmp
|LONG_TMP_DIRS_TO_CLEAR|/var/tmp 
* ftp service
** ''diff vsftpd.conf /mnt/suse10.1/etc/vsftpd.conf'' : {{{
18c18
< #write_enable=YES
---
> write_enable=YES
59c59
< #local_enable=YES
---
> local_enable=YES
102c102
< #anon_upload_enable=YES
---
> anon_upload_enable=YES
144c144
< #xferlog_enable=YES
---
> xferlog_enable=YES
149c149
< #vsftpd_log_file=/var/log/vsftpd.log
---
> vsftpd_log_file=/var/log/vsftpd.log
159c159
< #xferlog_file=/var/log/xferlog
---
> xferlog_file=/var/log/vsftpd.xferlog
214,217c214,217
< listen=YES
<
< # Set to ssl_enable=YES if you want to enable SSL
< ssl_enable=NO
---
> # listen=YES
> #
> pasv_max_port=21002
> pasv_min_port=21000
}}}
** so copy old vsftpd.conf: ''cp -p /mnt/suse10.1/etc/vsftpd.conf /etc''
** enable ftp service via webmin xinetd configuration
** ''mkdir /srv/ftp/public;chmod /srv/ftp/public''
** __tested :  ok__
* [/srv/www/htdocs/robots.txt|http://www.robotstxt.org] is by default not there anymore, create one with the following contents: {{{
User-agent: *
Disallow: /makemyday
}}}
* implement boot.local (backup data during boot)
** put the following in /etc/init.d/boot.local: ''/home/metskem/bin/boot.local''
** enable the script with webmin => system => bootup/shutdown => enable boot.local
* replace symlink /var/jspwiki with real directory with contents (before: stop tomcat / after : start tomcat)
* copy tomcat and apache logfiles (''/var/log/apache2 /usr/local/tomcat/logs/krm'')
* install citrix ICAClient : {{{
titanic:/mnt/data/zips # rpm -i ICAClient-9.0-1.i386.rpm
error: Failed dependencies:
        libXm.so.3 is needed by ICAClient-9.0-1.i386
titanic:/mnt/data/zips # rpm -i --nodeps ICAClient-9.0-1.i386.rpm
titanic:/mnt/data/zips # 
}}}
* download and install javascript eclipse plugin (net.sf.wdte.js_0.0.9b.zip) from sourceforge
* every 0.5 sec. in /var/log/messages : {{{Dec 30 14:38:59 titanic kernel: pci_set_power_state(): 0000:04:0a.0: state=3, current state=5}}} => this seems to be a known problem for this kernel [http://lists.opensuse.org/opensuse-bugs/2006-12/msg04660.html]
** bypassed by putting/changing the following in /etc/syslog-ng/syslog-ng.conf: {{{
filter f_pci_state  { match("pci_set_power_state");}; 
filter f_messages   { not facility(news, mail) and not filter(f_iptables)  and not filter(f_pci_state); };
}}}
!!Tomcat
* download and install Tomcat 6.0.2 in /usr/local/tomcat
* cp -pR /mnt/suse10.1/usr/local/tomcat/webapps/JSPWiki /usr/local/tomcat/webapps
* change WEB-INF/jspwiki.properties : baseURL : localhost:8080 instead of 88.211.133.30
* create new startup service with webmin:
** ''export JAVA_HOME=/usr/lib/jvm/java;startproc -u tomcat /usr/local/tomcat/bin/startup.sh >/tmp/tomcat.startup.log''
** ''export JAVA_HOME=/usr/lib/jvm/java;startproc -u tomcat /usr/local/tomcat/bin/shutdown.sh >/tmp/tomcat.shutdown.log''
* cp old /usr/local/tomcat/conf/workers.properties __=> remove again because we now use proxy_ajp__
* enable NTP timing : Enable NTP daemon with webmin


!! Apache2
** add the following to httpd.conf : {{{
# include all the required stuff for krm (kruimeltje)
Include /etc/apache2/krm.conf
Include /etc/apache2/backend-connector.conf
Include /etc/apache2/user.conf
ExtendedStatus On
}}}
** cp /mnt/suse10.1/etc/apache2/{krm.conf backend-connector.conf user.conf} /etc/apache2
** cp -R /mnt/suse10.1/etc/apache2/krm-ssl /etc/apache2
** install extra apache mods with YaST sysconfig __rewrite proxy proxy_ajp proxy_http status info__  (check : [status|http://localhost/server-status]  [info|http://localhost/server-info]  [ssl|https://88.211.133.30/manual/])
** /srv/www/htdocs: copy "old" index.html (''cp /mnt/suse10.1//srv/www/htdocs/index.html /srv/www/htdocs'')
** cp /mnt/suse10.1/srv/www/htdocs/favicon.ico /srv/www/htdocs

!! mod_jk / proxy_ajp
Installation of the apache mod_jk gives some problems, after the above configuration, the apache2 says during startup : {{{
Module "jk" is not installed, ignoring.
Check the APACHE_MODULES setting in /etc/sysconfig/apache2.
Syntax OK
}}}
In the previous linux I used (SUSE 10.1 with apache 2.2.0) I used the "old" AJP13 connector.
When you search with YaST, you don't find the apache mod_jk anymore to install. I also cannot find a binary download at [http://tomcat.apache.org/connectors-doc/] .  Toch maar eens kijken of we het met mod_proxy / mod_proxy_ajp kunnen oplossen.
Zie ook de Novell change info : [https://secure-support.novell.com/KanisaPlatform/Publishing/585/3744935_f.SAL_Public.html]
De /etc/apache2/tomcat-connector inhoud volledig vervangen door : {{{
ProxyPass /JSPWiki/ ajp://localhost:8009/JSPWiki/
ProxyPass /krm ajp://localhost:8009/krm
}}}
Restart apache and __''off we go !''__ : [test with JSPWiki|http://localhost/JSPWiki]

!! SSH
* customize SSH, change /etc/ssh/sshd_config : {{{
Protocol 2
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
}}}

!! MySQL (version 5.0.26)


{{{
titanic:/tmp # /etc/init.d/mysql start
Creating MySQL privilege database... 
Installing all prepared tables
Fill help tables
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h titanic.computerhok.nl password 'new-password'
See the manual for more instructions.

You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:
cd sql-bench ; perl run-all-tests

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
Updating MySQL privilege database... 
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.func                                         OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.host                                         OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.user                                         OK
ERROR 1060 (42S21) at line 22: Duplicate column name 'File_priv'
Starting service MySQL                                                done
}}}
* /usr/bin/mysqladmin -u root password <the pw>
* /usr/bin/mysqladmin -u root -h titanic.computerhok.nl password <the pw>
* with YaST => runlevel editor MySQL enablen
* with webmin change listen address from any to 127.0.0.1

!! KRM (Kruimeltje Administratie)
* dump databases on old SuSE environment with ''mysqldump -u root -p -c --all-databases > mysqldump.sql'' 
* restore on new environment with ''mysql -u root -p <mysqldump.sql''
* ''cp -R /mnt/suse10.1/usr/local/tomcat/webapps/krm /usr/local/tomcat/webapps''
* ''chown -R tomcat /usr/local/tomcat/webapps/krm''
* cp krm logdirectory: ''cp -pR /mnt/suse10.1/usr/local/tomcat/logs/krm /usr/local/tomcat/logs''
* copy mysql jdbc driver : ''cp /mnt/suse10.1/usr/local/tomcat/common/lib/mysql-connector-java-3.1.8-bin.jar /usr/local/tomcat/lib''
* re-enter the passwords for the mysql userids kruimeluser en kruimeladmin
* change all variable names __enum__ in all JSP's since this is a reserved in Java 5.
* change all tomcat library references in the eclipse workspace (the directory names have changed, it's no longer $TOMCAT_HOME/common/lib but $TOMCAT_HOME/lib)
* YaST install xpdf, but not necessary => change the firefox Download Actions to use the Adobe Acrobat __plugin__

!! Gallery
* [Gallery 2 installatie|InstallatieVerslag Gallery]


!!!TO DO (install and/or test)
* install gkrellm



!!! Steps for the "final step over"

* all done

!!! Authfail

* Download authfail from [http://www.bmk-it.com/projects/authfail/files/authfail-1.1.4.tgz]
* changes in /etc/ssh/sshd_config:
** PermitRootLogin no
** PermitEmptyPasswords no
** MaxAuthTries 3
* %%warning authfail assumes you run the classical syslogd, but SuSE runs syslog-ng, so the installation is a bit different%% 
* , I tweaked a long time with syslog-ng.conf: {{{
filter f_authfail   { facility(auth, authpriv);};
destination authfail { pipe("/dev/authfail"  group(tty) perm(0400)); };
log { source(src); filter(f_authfail); destination(authfail); };
}}} But when I reload/restart the syslog daemin, I keep getting {{{
Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/xconsole
Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/tty10
Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/authfail
Jan 21 19:22:22 titanic syslog-ng[7239]: Cannot open file /dev/authfail for writing (Permission denied)
Jan 21 19:22:22 titanic su: (to root) metskem on /dev/pts/2
}}}

!!! Webalizer

* create quick/dirty webalizer.conf (stats come in [/srv/www/htdocs/wwwstats|http://88.211.133.30/wwwstats])
* add following to /home/metskem/bin/boot.local: ''cd /usr/local/webalizer && ./webalizer-2.01-10-static''
* download source code from  [http://www.webalizer.com]
* install zlib-devel,libpng-devel,gd-devel+ (YaST) 
* ./configure --enable-dns
* make
* make install   {{{
titanic:/tmp/ff/webalizer-2.01-10 # make install
/usr/bin/install -c webalizer /usr/local/bin/webalizer
/usr/bin/install -c -m 644 webalizer.1 /usr/local/man/man1/webalizer.1
/usr/bin/install -c -m 644 sample.conf /etc/webalizer.conf.sample
rm -f /usr/local/bin/webazolver
ln -s /usr/local/bin/webalizer /usr/local/bin/webazolver
}}}
!!!Miscellaneous
----

* Install free ttf fonts (YaST)
* install Micro$oft fonts: rpm -i msfonts-1.2.1-1.noarch.rpm

--[DirtyHarry|mailto:harry.metske@gmail.com], 23-Jan-2007


----

Enabled Xgl instead of Xorg, played around with the nice desktop cube, real funny.

--[DirtyHarry|mailto:harry.metske@gmail.com], 10-Feb-2007


----

removed domain name ''computerhok.nl'' from /etc/resolv.conf (because of failing name queries found with wireshark)

--DirtyHarry, 17-Feb-2007


----

Installed (YaST) : vpnc kvpnc openvpn pptpd NetworkManager-openvpn NetworkManager-vpnc


--[DirtyHarry|http://null], 17-Feb-2007


----

Installed etherape (rpm download from suse)

--DirtyHarry, 20-Feb-2007


----

Delete liferea xen evolution spamassassin apparmor gnome-games.
Install opera pan FreeNX totem-plugin hercules.


--[DirtyHarry|http://null], 23-Feb-2007


----

Installed KDE and switched back from using gnome to kde again.

--DirtyHarry, 10-Mar-2007


----

Installed gmail notify (sourceforge) in /usr/local/gmail-notify .

--DirtyHarry, 11-Mar-2007


----

Install Boinc client version 5.8.15 (and also the expat package with YaST).


--DirtyHarry, 17-Mar-2007