Installation of SUSE 10.2 (29-12-2006)#

Table of Contents

Base#

  • use /dev/hda6 as root, use existing /home on /dev/hda8 and existing swap partition
  • extra packages selected on top of "defaults" : lynx, locate, ntop, JDK5, mysql, apache2, kxmleditor and more of them, but I can't remember
  • change runlevels, disable NFS, Samba, and a few more, enable apache2, smartd
  • create users anneke, claudia, esther, tomcat, wim with correct UIDs and empty home
  • download and install NVidia video driver, according to instructions on the openSUSE site
  • hack openSUSE according to http://www.softwareinreview.com/cms/content/view/60/
  • printer configuration (CUPS is now release 1.2) :
    • configure printer with YaST and print testpage => OK
    • the CUPS interface has changed significantly, and now offers the options to view (acces/error/page) logs and properly has authorization (when used with root) to stop/start printers, hold/cancel jobs, and also the following long wished feature: Allow users to cancel any job (not just their own), turned this one on, and also the Allow remote administration
    • change in /etc/cups/cupsd.conf: add group users to Systemgroup so that all users can stop/start printer
  • webmin, download and install version 1.31 (rpm): titanic:/home/metskem # rpm -i /mnt/data/zips/webmin-1.310-1.noarch.rpm Operating system is SuSE Linux Webmin install complete. You can now login to http://titanic:10000/ as root with your root password.
    • changed port to the usual 51981
    • add following to /etc/apache2/backend-connector.conf : ProxyPass /webmin http://localhost:51981 ProxyPassReverse /webmin http://localhost:51981
    • add following to /etc/webmin/config: webprefix=/webmin webprefixnoredir=1 referer=88.211.133.30
  • download and install latest eclipse release (3.2.1) in /usr/local/eclipse
  • change keyboard initial delay and repeat speed
  • check/change firefox adobe acrobat plugin for other users
  • copy /etc/sudoers from old environment
  • webmin firewall config
    • cp /mnt/suse10.1/etc/webmin/firewall/* /etc/webmin/firewall
    • with webmin: "Apply configuration" and "Activate on boot"
    • check with iptables -L and http://www.grc.com
  • install/test/check ntop version 3.2 (ntop -A -u wwwrun) test on http://localhost:3000/
  • K3B support for MP3 oke ?
  • ktorrent, tested => oke ?
  • sysconfig: cleanup tmp and tomcat dirs regularly:
MAX_DAYS_IN_TMP15
MAX_DAYS_IN_LONG_TMP15
TMP_DIRS_TO_CLEARdefault to /tmp
LONG_TMP_DIRS_TO_CLEAR/var/tmp /usr/local/tomcat/logs
  • ftp service
    • diff vsftpd.conf /mnt/suse10.1/etc/vsftpd.conf : 18c18 < #write_enable=YES --- > write_enable=YES 59c59 < #local_enable=YES --- > local_enable=YES 102c102 < #anon_upload_enable=YES --- > anon_upload_enable=YES 144c144 < #xferlog_enable=YES --- > xferlog_enable=YES 149c149 < #vsftpd_log_file=/var/log/vsftpd.log --- > vsftpd_log_file=/var/log/vsftpd.log 159c159 < #xferlog_file=/var/log/xferlog --- > xferlog_file=/var/log/vsftpd.xferlog 214,217c214,217 < listen=YES < < # Set to ssl_enable=YES if you want to enable SSL < ssl_enable=NO --- > # listen=YES > # > pasv_max_port=21002 > pasv_min_port=21000
    • so copy old vsftpd.conf: cp -p /mnt/suse10.1/etc/vsftpd.conf /etc
    • enable ftp service via webmin xinetd configuration
    • mkdir /srv/ftp/public;chmod /srv/ftp/public
    • tested : ok
  • /srv/www/htdocs/robots.txt is by default not there anymore, create one with the following contents: User-agent: * Disallow: /makemyday
  • implement boot.local (backup data during boot)
    • put the following in /etc/init.d/boot.local: /home/metskem/bin/boot.local
    • enable the script with webmin => system => bootup/shutdown => enable boot.local
  • replace symlink /var/jspwiki with real directory with contents (before: stop tomcat / after : start tomcat)
  • copy tomcat and apache logfiles (/var/log/apache2 /usr/local/tomcat/logs/krm)
  • install citrix ICAClient : titanic:/mnt/data/zips # rpm -i ICAClient-9.0-1.i386.rpm error: Failed dependencies: libXm.so.3 is needed by ICAClient-9.0-1.i386 titanic:/mnt/data/zips # rpm -i --nodeps ICAClient-9.0-1.i386.rpm titanic:/mnt/data/zips #
  • download and install javascript eclipse plugin (net.sf.wdte.js_0.0.9b.zip) from sourceforge
  • every 0.5 sec. in /var/log/messages : Dec 30 14:38:59 titanic kernel: pci_set_power_state(): 0000:04:0a.0: state=3, current state=5 => this seems to be a known problem for this kernel http://lists.opensuse.org/opensuse-bugs/2006-12/msg04660.html
    • bypassed by putting/changing the following in /etc/syslog-ng/syslog-ng.conf: filter f_pci_state { match("pci_set_power_state");}; filter f_messages { not facility(news, mail) and not filter(f_iptables) and not filter(f_pci_state); };

Tomcat#

  • download and install Tomcat 6.0.2 in /usr/local/tomcat
  • cp -pR /mnt/suse10.1/usr/local/tomcat/webapps/JSPWiki /usr/local/tomcat/webapps
  • change WEB-INF/jspwiki.properties : baseURL : localhost:8080 instead of 88.211.133.30
  • create new startup service with webmin:
    • export JAVA_HOME=/usr/lib/jvm/java;startproc -u tomcat /usr/local/tomcat/bin/startup.sh >/tmp/tomcat.startup.log
    • export JAVA_HOME=/usr/lib/jvm/java;startproc -u tomcat /usr/local/tomcat/bin/shutdown.sh >/tmp/tomcat.shutdown.log
  • cp old /usr/local/tomcat/conf/workers.properties => remove again because we now use proxy_ajp
  • enable NTP timing : Enable NTP daemon with webmin

Apache2#

    • add the following to httpd.conf : # include all the required stuff for krm (kruimeltje) Include /etc/apache2/krm.conf Include /etc/apache2/backend-connector.conf Include /etc/apache2/user.conf ExtendedStatus On
    • cp /mnt/suse10.1/etc/apache2/{krm.conf backend-connector.conf user.conf} /etc/apache2
    • cp -R /mnt/suse10.1/etc/apache2/krm-ssl /etc/apache2
    • install extra apache mods with YaST sysconfig rewrite proxy proxy_ajp proxy_http status info (check : status info ssl)
    • /srv/www/htdocs: copy "old" index.html (cp /mnt/suse10.1//srv/www/htdocs/index.html /srv/www/htdocs)
    • cp /mnt/suse10.1/srv/www/htdocs/favicon.ico /srv/www/htdocs

mod_jk / proxy_ajp#

Installation of the apache mod_jk gives some problems, after the above configuration, the apache2 says during startup : Module "jk" is not installed, ignoring. Check the APACHE_MODULES setting in /etc/sysconfig/apache2. Syntax OK In the previous linux I used (SUSE 10.1 with apache 2.2.0) I used the "old" AJP13 connector. When you search with YaST, you don't find the apache mod_jk anymore to install. I also cannot find a binary download at http://tomcat.apache.org/connectors-doc/ . Toch maar eens kijken of we het met mod_proxy / mod_proxy_ajp kunnen oplossen. Zie ook de Novell change info : https://secure-support.novell.com/KanisaPlatform/Publishing/585/3744935_f.SAL_Public.html De /etc/apache2/tomcat-connector inhoud volledig vervangen door : ProxyPass /JSPWiki/ ajp://localhost:8009/JSPWiki/ ProxyPass /krm ajp://localhost:8009/krm Restart apache and off we go ! : test with JSPWiki

SSH#

  • customize SSH, change /etc/ssh/sshd_config : Protocol 2 PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

MySQL (version 5.0.26)#

titanic:/tmp # /etc/init.d/mysql start
Creating MySQL privilege database... 
Installing all prepared tables
Fill help tables
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h titanic.computerhok.nl password 'new-password'
See the manual for more instructions.

You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:
cd sql-bench ; perl run-all-tests

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
Updating MySQL privilege database... 
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.func                                         OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.host                                         OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.user                                         OK
ERROR 1060 (42S21) at line 22: Duplicate column name 'File_priv'
Starting service MySQL                                                done
  • /usr/bin/mysqladmin -u root password <the pw>
  • /usr/bin/mysqladmin -u root -h titanic.computerhok.nl password <the pw>
  • with YaST => runlevel editor MySQL enablen
  • with webmin change listen address from any to 127.0.0.1

KRM (Kruimeltje Administratie)#

  • dump databases on old SuSE environment with mysqldump -u root -p -c --all-databases > mysqldump.sql
  • restore on new environment with mysql -u root -p <mysqldump.sql
  • cp -R /mnt/suse10.1/usr/local/tomcat/webapps/krm /usr/local/tomcat/webapps
  • chown -R tomcat /usr/local/tomcat/webapps/krm
  • cp krm logdirectory: cp -pR /mnt/suse10.1/usr/local/tomcat/logs/krm /usr/local/tomcat/logs
  • copy mysql jdbc driver : cp /mnt/suse10.1/usr/local/tomcat/common/lib/mysql-connector-java-3.1.8-bin.jar /usr/local/tomcat/lib
  • re-enter the passwords for the mysql userids kruimeluser en kruimeladmin
  • change all variable names enum in all JSP's since this is a reserved in Java 5.
  • change all tomcat library references in the eclipse workspace (the directory names have changed, it's no longer $TOMCAT_HOME/common/lib but $TOMCAT_HOME/lib)
  • YaST install xpdf, but not necessary => change the firefox Download Actions to use the Adobe Acrobat plugin

TO DO (install and/or test)#

  • install gkrellm

Steps for the "final step over"#

  • all done

Authfail#

  • Download authfail from http://www.bmk-it.com/projects/authfail/files/authfail-1.1.4.tgz
  • changes in /etc/ssh/sshd_config:
    • PermitRootLogin no
    • PermitEmptyPasswords no
    • MaxAuthTries 3
  • authfail assumes you run the classical syslogd, but SuSE runs syslog-ng, so the installation is a bit different
  • , I tweaked a long time with syslog-ng.conf: filter f_authfail { facility(auth, authpriv);}; destination authfail { pipe("/dev/authfail" group(tty) perm(0400)); }; log { source(src); filter(f_authfail); destination(authfail); }; But when I reload/restart the syslog daemin, I keep getting Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/xconsole Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/tty10 Jan 21 19:22:22 titanic syslog-ng[7239]: Changing permissions on special file /dev/authfail Jan 21 19:22:22 titanic syslog-ng[7239]: Cannot open file /dev/authfail for writing (Permission denied) Jan 21 19:22:22 titanic su: (to root) metskem on /dev/pts/2

Webalizer#

  • create quick/dirty webalizer.conf (stats come in /srv/www/htdocs/wwwstats)
  • add following to /home/metskem/bin/boot.local: cd /usr/local/webalizer && ./webalizer-2.01-10-static
  • download source code from http://www.webalizer.com
  • install zlib-devel,libpng-devel,gd-devel+ (YaST)
  • ./configure --enable-dns
  • make
  • make install titanic:/tmp/ff/webalizer-2.01-10 # make install /usr/bin/install -c webalizer /usr/local/bin/webalizer /usr/bin/install -c -m 644 webalizer.1 /usr/local/man/man1/webalizer.1 /usr/bin/install -c -m 644 sample.conf /etc/webalizer.conf.sample rm -f /usr/local/bin/webazolver ln -s /usr/local/bin/webalizer /usr/local/bin/webazolver

Miscellaneous#

  • Install free ttf fonts (YaST)
  • install Micro$oft fonts: rpm -i msfonts-1.2.1-1.noarch.rpm

--DirtyHarry, 23-Jan-2007

This particular version was published on 23-Apr-2022 17:06 by DirtyHarry.Top