Practical Installation Advice

Over the years we've had several folks share installation advice, instructions, gotchas, etc., in Cool Solutions articles. When we find especially good articles, we're marking them to appear as sections of this book collection.

The beauty of a book is that you can click the link called Printer-friendly version (not the green Print icon; the link at the bottom of the book page) and it will print the entire book for you, to save you from having to print each article/chapter individually.

Many of these would make excellent guides for NUI Install Fests. They typically contain screenshots that step you through the process, and are very easy to follow.

AppNote: Configuration of ZENworks Linux Management with Oracle 9i R2 Database

1: Introduction

ZENworks Linux Management (ZLM) requires either a PostgreSQL or Oracle database for storing ZENworks-related data. This Appnote explains how to extend the oracle schema to configure the ZLM server with Oracle database. It also describes how to set up Oracle database on SLES9x server.

2: Installation of ZLM

  1. Refer to this section of the documentation for information about installing ZLM server on any given server.
    Ensure the ZLM installation is successful on the server.
  2. Make sure that the following Oracle drivers are installed on the above ZLM server.
    Download the Oracle drivers from here.

    • oracle-instantclient-basic-10.1.0.3-1.i386.rpm
    • oracle-instantclient-jdbc-10.1.0.3-1.i386.rpm
    • oracle-instantclient-sqlplus-10.1.0.3-1.i386.rpm

3: Oracle 9i R2 (9.2.0.4) Installation Procedure on Linux (SLES9x)

The following procedure helps you to set up Oracle 9i on a SLES9x server.

3.1: Pre-requisites

  1. Download the following gunzip files from here.

    • ship_9204_linux_disk2.cpio.gz
    • ship_9204_linux_disk1.cpio.gz
    • ship_9204_linux_disk3.cpio.gz
  2. Download the latest orarun.rpm from here.
  3. Ensure gcc packages are installed on the server.

3.2: Pre-installation steps

  1. Copy the latest orarun.rpm package to the linux machine and run the rpm as root user.
    rpm ?i /root/orarun.rpm
  2. Edit the file /etc/passwd. For the "oracle" user, change the shell value from /bin/false to /bin/bash
  3. Set new password for the user "oracle" using /usr/bin/passwd oracle.
  4. Run /usr/sbin/rcoracle start to set the kernel parameters.
  5. Get the software downloaded from the web (Prerequisite.1). Copy them to /opt/oracle directory and do the following:
    1. Run the following command to create the cpio files:
      gunzip <file name>
    2. Run the following cpio command command to create three directories - Disk1,Disk2, Disk3.
      cpio ?idmv < <filename>
  6. Login to linux as oracle user and check if the following two environment variables are set. These are set by the orarun.rpm.
    • $ echo $LD_ASSUME_KERNEL
    • $ echo $LD_PRELOAD

    If echo displays the value then the variables are set. Otherwise, export these variables for the "oracle" user.

3.3: Installation steps

  1. Login as "oracle" user.
  2. Run Oracle Installer from Disk1 directory:
    ./runInstaller
  3. Click "Next" and proceed as instructed by the installer in all the screens except for the screens shown below.
    • Enter the Unix group name as "dba" in the following screen

      Click to view.

    • For ZLM, enter "orcl" as value for Global database name and SID. The product expects them to have same value.

      Click to view.

    • Click on "Exit" and exit from the install once it is done.

3.4: Post-Installation

  1. Login as "oracle" user. Run "echo $ORACLE_SID" and check the value returned.
  2. If the value returned is "orcl" move on to next step. Otherwise "vi /etc/profile" and insert the following to the file and save.
    • ORACLE_SID=orcl
    • Export ORACLE_SID

    Log off and login as "oracle" user for the changes to take effect.

  3. Check if the file "initorcl.ora" is present in "/opt/oracle/products/9ir2/dbs". This file is necessary for Oracle to start.
  4. If the file is not present in the above path, copy the file
    "initorcl.ora.<some number>" from "/opt/oracle/admin/orcl/pfile" to the "/opt/oracle/products/9ir2/dbs" and rename it to "initorcl.ora".

3.5: Login as Oracle user

  1. Login as "oracle" user.
  2. Type "sqlplus /nolog"
  3. On sql prompt type the following:
    connect / as sysdba
  4. startup (to start the oracle instance that would mount the orcl db)
  5. shutdown immediate

4: Extending Schema

Use the following steps to extend the schema on the Oracle Server before running zlm-config.

  1. After bringing up the Oracle database, create the following directory structures on the Oracle server:

    • $HOME/schema
    • /opt/oracle/novell/zenworks/database/trace.
  2. Change the group by using the command

    chown -R oracle:root /opt/oracle/novell/zenworks/database

  3. Copy the oracle initialization file from ZLM server
    (/opt/novell/zenworks/share/datamodel/linux-init-oracle.ora) to /opt/oracle/novell/zenworks/database folder
  4. Copy linux-createdb-oracle.sql from ZLM server
    (/opt/novell/zenworks/share/datamodel/linux-createdb-oracle.sql )to $HOME/schema
  5. Launch SQLPLUS and at the prompt, connect as sysdba and shutdown previous instance by typing:
    • connect / as sysdba;
    • shutdown immediate;
  6. Here are modifications to the scripts, if the above assumption/default settings need to be modified.
    1. If you need to modify the default database name and user,
      then please refer in this file, to the section on Default Database Name and modify the same, as well as the db_name parameter in linux-init-oracle.ora
    2. If you need to modify the default user and password, then please refer in this file to the section on Default user and modify the same.
    3. If you need to change the directory structure, then please modify in this file all references to /opt/oracle/novell/zenworks/database in this file and linux-init-oracle.ora. Also, you will need to create the new directory structure and place the linux-init-oracle.ora appropriately.
    4. If you need to bypass the zlm install for creating the schema into the database,
      Copy these sql files from zlm server from /opt/novell/zenworks/share/datamodel
      to a folder $HOME/schema on Oracle server

      • @$HOME/schema/zenworks-oracle.sql;
      • @$HOME/schema/db_function-oracle.sql;
      • @$HOME/schema/enums_ora.sql;
      • @$HOME/schema/Message_en_us_ora.sql;
      • @$HOME/schema/queue-oracle.sql;
      • @$HOME/schema/os_targets-oracle.sql;

      Uncomment the above line in the linux-createdb-oracle.sql and save the file.

  7. Enter the following command to create the database and wait till the database gets created.

    @$HOME/schema/linux-createdb-oracle.sql

  8. Start the database with the following commands whenever the db is shutdown:
    connect / as sysdba;
                 STARTUP PFILE=/opt/oracle/novell/zenworks/database/linux-init-oracle.ora
  9. Login as oracle and start the listener

    lsnrctl start

  10. Run zlm-config on the ZLM server and provide the required information to configuration with Oracle database.

5: Troubleshooting Tips

Following are some of the common problems faced while setting up Oracle on a Linux server.

Conclusion

At this point you have setup Oracle on a Linux server and configured ZENworks Linux Management to store data in an Oracle database.

For additional information, consult the ZENworks Linux Management documentation.

AppNote: Enhancing ZENworks Desktop Management with AutoIt

1.Introduction

If you have been using ZENworks to roll out applications, you will be aware that unless the applications come with "silent install mode" or as a MSI, you will be requiring AOT to install the application. Currently the shortcomings of AOT (in my humble opinion) are as follows:

AutoIt is one way to overcome the above shortcomings. This documentation seeks to introduce AutoIt to the uninitiated and so the examples written can be repetitive and simple. One thing to note is that this documentation is not solely about AutoIt. The purpose of this documentation is to introduce a useful tool that can be integrated with ZENworks so that your life as an administrator can be made easier.

2. What does this document hope to accomplish?

This AppNote is written with the following objectives in mind:

3. What is AutoIt?

AutoIt v3 is a freeware scripting language designed for automating the Windows GUI. It uses a combination of simulated keystrokes, mouse movement and window control manipulation in order to automate tasks. This means that you can automate the installation of any program by allowing AutoIt to simulate the 'Next' and 'Finish' keystrokes so that the program can be installed without user intervention. AutoIt is also very small, self-contained and will run on 95, 98, ME, NT4, 2000, XP, 2003 out of the box with no annoying "runtimes" required!

Download AutoIT here.

During the time this document was written, the version of AutoIt is version 3.2.4.9. So download AutoIt v3 and we can start familiarizing with the software.

I will also highly recommend looking through the AutoIt documentation.

4.Getting familiarized with AutoIt

4.1 Installing AutoIt

After downloading AutoIt v3, run the "autoit-v3.2.4.9-setup.exe" installation file. Accept all options as default.

4.2 AutoIt Script Editor

Now that AutoIt has been installed, go to 'Start' > Programs > AutoIt v3 > SciTE Script Editor

This will open the script editor from which you can write your script. We will do this later.

4.3 Au3info tool

AutoIt comes with an Au3info tool that gives you information about Windows. Since AutoIt is about controlling Windows behaviour, we want to know Windows information so that we can send the correct keystrokes or information to manipulate Windows behaviour.

Au3info tool can be activated by running => C:\program Files\AutoIt3\Au3Info.exe

We will talk more about this tool when we are creating an advance AutoIt script.

Get more information on the Au3info tool here

4.4 Running an AutoIt script

AutoIt provides sample scripts so that you can view the script and run it to get a feel of how AutoIt works. The scripts are located in C:\Program Files\AutoIt3\Examples.

Right-click on any one of the scripts provided (e.g. calculator.au3) and choose to 'Run Script'. Impressive, isn't it?

Right-click on any one of the scripts provided (e.g. calculator.au3) and choose to 'Edit Script'. AutoIt Script Editor pops to show you the (easy looking) script that did all those impressive things.

Right-click on any one of the scripts provided (e.g. calculator.au3) and choose to 'Compile Script'. An .exe file is created. You can take this file and run it on any Windows workstation and it will run perfectly fine without any additional "runtimes" required. Wonderful, isn't it?

So now that you are familiarized with AutoIt, we can use AutoIt to install an program.

5. A Simple AutoIt example: Using AutoIt to install VLC player

I am using VLC player as an example because firstly I think this is wonderful (and free) software. But more importantly, it does not have MSI or Silent Install option which means that the only way to get it installed is by clicking a series of 'Next' and 'Finish'. We will be using AutoIt to avoid that.

You can download VLC player from
(As of the time of this documentation, the VLC player version is 0.8.6b). For the sake of simplicity, download the VLC file to the C:\ drive.

(**Note: Please note that for sake of simplicity, all installation files are copied to the C:\. In actual implementation, because the users may not have rights to the root of C:\ drive, you may have to copy the installation files to another location. This is explained in a later section.)

Once you downloaded the VLC installer file (vlc-0.8.6b-win32.exe), simulate the installation of the VLC player without actually installing it, that is, click 'Next' until you reach the 'Install' button then press 'Cancel' . You will observe the following Windows dialog boxes appear:

Based on the above simulation, we know that in order to install VLC, we need to press 'Enter' five times.

(**Note: If you are already familiar with AutoIt or you think that the following AutoIt examples are too simple, you can skip to section 7 and compile the script documented there. The script in the "Customizing VLC install with AutoIt script" section is the final script we will be using with ZENworks but I wanted to take things one step at a time. Hence we will be going through two scripts before getting to the final one.)

5.1 A simple AutoIt script

As a simple example, if we want to install VLC with all the default settings, the following AutoIt Script will do the job.

; Simple AutoIt script 

; Run the install 
Run("C:\vlc-0.8.6b-win32.exe")

; Choose Installer Language
WinWaitActive("Installer Language")
Send("{ENTER}") 

; Welcome Screen
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup")
Send("{ENTER}") 

; License Agreement
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup")
Send("{ENTER}") 

; Choose Components
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup")
Send("{ENTER}") 

; Choose Install Path
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup")
Send("{ENTER}")

Even if you have never done scripting in your life, you can very easily tell that all that the script is doing is to wait for each Windows to become active and then send a {ENTER} keystroke to the window. The script sends 5 {ENTER} keystrokes to start the installation.

Now do the following to create an executable file to automatically install VLC player.

  1. Open ScITE editor and copy the above script into the editor. Save the script as "C:\vlcinstall.au3.
  2. Right-click on C:\vlcinstall.au3 and choose to compile. Vlcinstall.exe is created.
  3. Run vlcinstall.exe. VLC player is installed automatically.

The vlcinstall.exe should install the vlc player for you. However, right at the end of the installation, you will see the 'Install completion' screen. It is not very elegant to expect users to close this window after installation.

We want to close this window and not run VLC player after installation. In order to do this, we need to use the Au3info tool.

6. Au3info tool

The problem with the simple AutoIt script.

Now is time to tell you about a problem in the simple AutoIt script. The simple screen does not identify each window as unique. Each window is identified as "VideoLAN VLC media player 0.8.6b Setup". This isn't a problem until we want to close the last screen. Now you could try including the additional lines in the script and try to run the script again:

WinWaitActive("VideoLAN VLC media player 0.8.6b Setup")
Send("{ENTER}")

But it will not work. The reason is because prior to this "Installation Complete" window, the VLC installation "progress" window was running and that window has the same name "VideoLAN VLC media player 0.8.6b Setup". So the above command will be sending {ENTER} keystroke to the VLC installation "progress" window. The trick is to identify each window to be unique and so that the appropriate command will be send to correct Windows. To do this, we need the Au3info tool.

6.1 Using the Au3Info tool

We have to uninstall the VLC and reinstall it (sorry). This can be easily done by running the C:\vlc-0.8.6b-win32.exe again.

To use Au3Info.exe tool to identify each window as unique, do the following:

  1. When the first installation screen appears, open the C:\program Files\AutoIt3\Au3Info.exe tool
  2. From the Au3Info window, choose the 'Visible Text' tab.
  3. Go back to the first VLC installation window, highlight on the title of the installation window (Installer Language) as shown below:

  4. You will notice a number of key words such as: 'OK' and 'Please select a language".
  5. Do this for every installation window for the VLC installation.

You may have taken note of the following windows and key words:

Now you have enough keywords to make each windows unique. Therefore, you can make modifications to the script as follows:

; AutoIt script that installs VLC with default settings

; Run the install
Run("C:\vlc-0.8.6b-win32.exe")

; Choose Installer Language
WinWaitActive("Installer Language", "Please select a language", "Ok")
Send("{ENTER}") 

; Welcome Screen
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Welcome to the VideoLAN VLC media player 0.8.6b Setup Wizard",  "&Next")
Send("{ENTER}") 

; License Agreement
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "License Agreement", "I &Agree")
Send("{ENTER}") 

; Choose Components
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Choose Components", "&Next")
Send("{ENTER}") 

; Choose Install Path
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Choose Install Location", "&Install")
Send("{ENTER}") 

; Installation Complete
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Click Finish to close this wizard", "&Finish")
Send("!f")

As you can see, this new script identified each windows uniquely as compared to the previous script. Another thing noteworthy is at the final window, an "Alt-F" keystroke was sent to finish the installation. This is done with a 'Send("!f")' command. You can now try to compile the script and do an install of the application.

7. Customizing VLC install with AutoIt script

What we have done so far is to accept the default setting of the VLC installation. We want to modify the VLC installation with the following settings:

Through these simple keystrokes, we have our final script to install VLC player. You can test the script by compiling the new script and installing the VLC player with it. You can take the vlcinstall.exe and vlc-0.8.6b-win32.exe files to any Windows 2000 or XP workstation and it will run. 

; AutoIt script that installs VLC with customized settings

; Run the install 
Run("C:\vlc-0.8.6b-win32.exe")

; Choose Installer Language
WinWaitActive("Installer Language", "Please select a language", "Ok")
Send("{ENTER}") 

; Welcome Screen
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Welcome to the VideoLAN VLC media player 0.8.6b Setup Wizard",  "&Next")
Send("{ENTER}") 

; License Agreement
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "License Agreement", "I &Agree")
Send("{ENTER}") 

; Choose Components
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Choose Components", "&Next")
Send("{TAB}") 
Send("{DOWN}") 
Send("{DOWN}") 
Send("{DOWN}") 
Send("{SPACE}") 
Send("{ENTER}") 

; Choose Install Path
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Choose Install Location", "&Install")
Send("{ENTER}") 

; Installation Complete
WinWaitActive("VideoLAN VLC media player 0.8.6b Setup", "Click Finish to close this wizard", "&Finish")
Send("!r")
Send("!f")

8. Integrating everything together with ZENworks

To integrate with ZENworks, you will need the following two files:

Let's assume that you have an application server with the following configuration:

IP address: 10.1.1.1
Vol: apps
VLC install directory: vlc

Copy the vlc-0.8.6b-win32.exe and the vlcinstall.exe to the application server at the following location: \\10.1.1.1\apps\vlc.

(**Note: Make sure that you assign the appropriate rights to this location so that users can install from this location.)

8.1 Create a VLCinstall batch

In the same location, create the following dos-batch file (e.g. vlcinstall.bat) with the following content:

REM copies the content of the vlc executable files to c:\ drive
copy \\10.1.1.1\apps\vlc\vlc*.exe c:\

REM run the VLCinstall file
c:\vlcinstall .exe

REM deletes the installation file after install. 
Del C:\vlc*.exe

The above is a simple batch that does the following:

8.2 Create a NAL application

Create a NAL application with the following settings:

  1. Define the NAL application as a simple application

  2. Define the name of the NAL application (e.g. VLCinstall)

  3. Define the path of the Application file (e.g. \\10.1.1.1\apps\vlc\vlcinstall.bat). The file is pointing to the batch created earlier.

  4. Define the availability of the object. In this example, I configure the availability for WinXP SP2 workstation and if the VLC registry key does not exist (that is, VLC player is not installed on that workstation).

  5. Define the user association. I set the NAL object to force run and appear at the App Launcher.

  6. Click Finish to complete the installation.

8.3 Rolling NAL application to users without administrators rights.

To roll NAL applications to users without administrator rights, you can set the NAL application to run as "Unsecure System User". There are several things to take note of:

9. Conclusion

As with everything else, it may take a little time to get use to AutoIt. But the great thing is that once you are familiarized with AutoIt, it should take you no time to write a script to install an application. Best of all, when you want to upgrade the applications, you can reuse the scripts with minor modifications. Using AutoIt with ZENworks will make rolling out of applications really easy and hopefully, fun.

**My personal thanks to Andy Wu, Senior IT Consultant from Hong Ti Information Consultant LTD. for introducing me to AutoIt.

Automating the Installation or Upgrade of eDirectory 8.8 sp1

Download ZIP files:

Executive Summary

In today's business environment, manually managing servers for periodic updates, installations, and tasks is impractical. It is a well known fact that automating repetitive tasks can significantly lower a system's total cost of ownership.

Typically, when administrators patch or install to a given server, they need to remotely control each server, copy the files, launch the installation and then monitor its completion. The time involved can be anywhere between half an hour to two hours-sometimes even more. Multiply that by hundreds of servers and many patches and the costs to your business can skyrocket.

Not all installations and patches can be slowly rolled out over time, either. Security products need immediate attention, as do those that resolve the downtime that causes revenue loss. Additionally, scheduling each installation based on priority is crucial in reducing administrative costs. For example, giving your virus-update patch a higher priority over an application installation is imperative.

From a physical-networking perspective, things become even more complex. Sending the same patch five times to five servers instead of once and then forwarding it on can cause slow response times for your users. On the other hand, when you don't fully utilize the same WAN bandwidth, it is wasted during off-peak hours. The same arguments can be applied to upgrades, too. You can save much time and effort by automating application upgrades, or even upgrades to the operating systems themselves.

Often, you may need to tailor each patch, upgrade, or installation for every server where it is going to run. You may need to establish set or registry parameters prior to running the upgrade or change a few text files to localize the installation script or upgrade application in order for it to run. Making such changes manually for every server in your organization is cost-prohibitive. However, performing these tasks with ZENworks Server Management Server Software Packages is an easy and efficient process.

This paper addresses all of these concerns by showing how the award-winning Novell ZENworks software can tier, schedule and automate the distribution of Novell patches. With ZENworks 7 Server Management with SP1 Policy and Distribution Services, you can use Novell templates for sending patches out, tailor them to suit a particular environment, or even write and compile your own patches for any third-party software you may run on your servers. Almost any software patch can be programmed into a ZENworks Server Management Server Software Package.

This paper addresses two configurations of Server Software Package from Novell: the uncompiled Server Software Package (SPK),and the Compiled Server Software Package ( CPK). The SPK is a template for modifying to your own environmental needs. In this White Paper we will focus on he compiled Server Software Package, which contains the files and logic for the installation but cannot be modified and comes predefined with only variables for you to configure to localize it for your environment. This solution shows you how to using Server Software Packages to automatically install or update eDirectory 8.8 SP1 in a Microsoft Windows server environment.

At the end of this paper are the tools and information for leveraging this solution with or without an installed and functioning ZENworks 7 Server Management with SP1 server. In other words, the package (CPK) you compile for your network will be installable via the freely available "Standalone Package Processor" or via a fully installed ZENworks 7 Server Management with SP1 agent (called a Subscriber in our documentation). Included in this discussion is the silent installation of iManager 2.7. By running one script you will be up and running in minutes with an installation of eDirectory and its Web-based management program iManager 2.7.

In the appendix of this document you can also find a brief outline of ZENworks 7 Server Management with SP1 that discuses the Tiered Electronic Distribution mechanism and a sample response file (text file input) for silent eDirectory installation and upgrade.

The Two Technologies

Most Novell products today come with the option to silently install. By silent we mean an installation that does not prompt the user for input. With the advent of eDirectory 8.8 SP1, Novell includes a silent installer and upgrade mechanism. In simple terms the installer reads the input from a text file, rather than from input by the user. After this text file is created with the values you need, the installer runs silently.

The Software Packaging engine featured in ZENworks Server Management 7.0 SP1 comes with a text editor that allows for the use of variable input to edit text files. For example one variable we use is Tree-name. This is entered multiple times throughout the text file, but using the Software Packaging engine we can use one variable to enter this multiple times. Of course, each ZENworks Server Management Subscriber can have its own unique values for IP Address and Server Name fields, which, once configured correctly, facilitates the mass installation of eDirectory.

The Silent Installer for eDirectory

eDirectory is an infrastructure component being used in many of the Novell products. eDirectory support the use of predefined text files that facilitate an unattended installation, With some minor pre-installation time spent editing this file you can silently install and/or ugprade eDirectory.

This paper discusses the features and the configuration necessary to perform an unattended Installation of eDirectory in Windows. This feature is supported only in the eDirectory 8.8 SP1 release.

Automating the Installation

Prerequisites

Please be sure that the following two prerequisites are met before starting the installation or upgrading process:

  1. The silent installation of eDirectory 8.8 SP1 in Windows 2000/2003* does not take care of NICI installation or upgrade. We use a separate ZENworks Server Management to install NICI 2.7. In the Software Package Processor section we discuss how we can automate the installation of all three Server Software Packages: NICI, eDirectory 8.8 SP1, and iManager 2.7.
  2. Run the set_server_mode.bat file that is available in the NICI installation location (usually %systemroot%\Windows(or WINNT)\system32\novell\nici) to set NICI in server mode, which is very essential for eDirectory 8.8 SP1 to install successfully.

Response Files

Installing or upgrading to eDirectory8.8 SP1 on a Windows operating system can be made silent and more flexible using a response file. When using a response file, the process provides:

A response file is a text file containing sections and keys, similar to a Windows .ini file. You can create and edit a response file using any this page you can look up ASCII characters and descriptions.">ASCII text editor. If you use a response file, the eDirectory upgrade reads the installation parameters directly from the response file and replaces the default installation values with response file values. The installation program accepts the values from the response file and continues to the following installation screens without prompts.

Response.ni File Sections and Keys

The eDirectory 8.8 SP1 Installation requires changes to the sections in the response file that need information about the new eDirectory tree that needs to be installed, including a new tree name, administrator context, administrator credentials (including user name and passwords), installation locations, and so on. A full list of the keys and their default values are available in the sample response.ni file that is delivered with the Windows installation. A detailed explanation of sections in the response file, each key, its description, and default values are included in APPENDIX B of this document.

Prerequisites for the Silent Installation.

The silent installation requires that NICI 2.7 is installed. In this solution we provide this as CPK. There are two main flavors of CPKS for eDirectory8.8. They are:

An extra requirement for the second option is that the Novell Client be installed prior to running the eDirectory8.8 SP1 silent installation. This is discussed in the next section.

Installation Syntax

Using a Response File

The response file is used or edited during an upgrade in two scenarios:

The eDirectory 8.8 SP1 package that ships with ZENworks 7 Server Management with SP1 bundles a default response file (response.ni) that is available in the nt\386\NDSOnNT\ni\windows\...\DATA\SP.DB directory inside the source. Use this file for editing and later for installing eDirectory on Windows because there are other essential parameters that are set by default in this file that are not explained in this document.

You will be providing the administrator user credentials in the response.ni file for an unattended installation. Therefore, remember to permanently trash the file after the installation to prevent the administrator credentials from being compromised.

Invoking Installation

Launch the eDirectory installation program using install.exe.

Assuming the response.ni file is available in C:\, the eDirectory 8.8 SP1 installation is performed by:

install.exe /silent /template=response.ni

This performs the complete unattended installation of eDirectory 8.8 SP1 on the Windows server. Information on the progress of the installation is provided on screen until completion of the installation. There is not any prompt to inform the user on the completion of installation.

eDirectory Installation Sequence

Soon after invoking the installation executable, the installation module gathers information from the system about already available eDirectory instances (if any) and the new instance configuration information from the response file. During this configuration, the installation module provides the status as in Fig.1:





17736-1_0.jpg



Click to enlarge.

Fig.1

After the configuration information is obtained, the installation starts by first copying the installation files to the relevant folder as mentioned in the response.ni response file and later installing the subcomponents. While installing the subcomponents, the installation provides the status as in Fig.2:





17736-2_0.jpg



Click to enlarge.

Fig.2

This might take a long time because it copies and installs all the subcomponents that are part of the eDirectory installation. This also includes other products bundled with the eDirectory installation, such as SecretStore, Certificate Server, SNMP Service, and Authentication Bundle (which contains NMAS objects and NMAS methods).

Because this is a completely silent installation, there is no prompt at the completion of the installation.

The Software Package Processor

When you are aware of what needs to be placed into the text file for the installation to remain silent, you can then prepare and compile your source Server Software Package (.spk file, or SPK) into a Compiled Software Package (.cpk file, or CPK). For the eDirectory 8.8 SP1 installation that we are demonstrating here, we will supply you with both an SPK and a CPK. The SPK will enable you to modify it and compile it yourself. For example, you can add a component in the SPK that we supply to install your own favorite application.

As we mentioned earlier, there are three Software Packages that we need in order to successfully install eDirectory 8.8 SP1 to a Windows 2003 (or 2000) server: NICI 2.7, eDirectory 8.8 SP1, and iManager 2.7. eDirectory requires that we install NICI 2.7 first then eDirectory itself, then iManager 2.7. The Novell Client needs to be installed after NICI 2.7 when you are installing to a existing tree-we have provided a CPK for this. With ZENworks 7 Server Management with SP1 the order of CPK installations cannot be controlled. However, using the Standalone Package Processor you can set their order in the batch file you run and then spawn the same from a ZENworks 7 server Management environment. If you have installed ZENworks 7 Server Management with SP1, we suggest that you call the Standalone Package Processor from the Subscriber server using a system script to preserve this order.

In the tables below we outline first the variables that you need to have defined for your Subscriber, then we explain the components inside of the package and what they do. You can open up a package using ConsoleOne to view its components.

Four Server Software Packages are mentioned. All of them are installation CPKs critical to the successful deployment of eDirectory: NICI 2.7,Novell client, eDirectory 8.8 SP1, and iManager 2.7.

eDirectory 8.8 Server Software Package Details

The eDirectory 8.8 SP1 silent installation feature allows you three scenarios:

Installation Package Details

This Server Software Package uses six customer-defined variables to install eDirectory 8.8 SP1 to a Windows 2003 (or 2000) server. Using the declared variables, we need to edit the silent installation file section [NWI:NDS] of the response.ni file. An example of this file is found in APPENDIX B. We also need to edit two other sections of this file.

We start with a response.ni file that had this section completely removed and use the append feature of the Software package processors text editor to append this complete section in at the end of the file. Because the file uses tabs [text in square brackets] to delineate sections, the installer merely searches for the correct section (in this case, the end of the file) and takes its values from there.

In the following table we show you the sections and variables that we edit. The variables are enclosed in percentage characters. For example, if we have a variable named FRED, we show it as %FRED%.

To load this CPK via the Standalone Package Processor, you need to edit the batch file that comes with it and inject your local values. For example, you need to declare values for each of the variables listed below: 

CN_ADMIN = ADMIN 
TREE_NAME = GOOFY TREE 
SRV_CONTEXT= NOVELL
PASSWD=NOVELL
ADMIN_CONTEXT= Novell
DEST_EDIR88= C:\novell\NDS  ( Default location of NDS files).
ADMIN_CONTEXT= NOVELL ( container contain the ADMIN user name or equivalent)

Below we show the syntax that you use to call your CPK using the Java command inside of the batch file. The batch file is supplied in this paper. The supplied batch file has the word VALUE in place of each replaceable value shown in the syntax below. It is intended that you replace VALUE with your own environmental variables (there are five uses of VALUE in the syntax example).

java -cp %zfspaths% com.novell.application.servman.services.softwarepackage.PackageProcessor
c:\temp\cpk\EDIR88sp1-install.cpk 6 DEST_EDIR88 c:\novell\nds\ CN_ADMIN VALUE TREE_NAME VALUE
SRV_CONTEXT VALUE PASSWD VALUE, ADMIN_CONTEXT VALUE
[Initialization] Section
[NWI:NDS]
Upgrade Mode=false
Installed Version=0
Letter Version=0
New Tree=YES
Tree Name=%TREE_NAME%
Server Name=%COMPUTERNAME%-NDS
Server Context=%COMPUTERNAME%-NDS.%SRV_CONTEXT%
Admin Context=%ADMIN_CONTEXT%
Admin Login Name=Admin
Admin Password=%PASSWD%
Install as Service=YES
Prompt=false
NDS Location=%DEST_EDIR88%
DataDir=%DEST_EDIR88%DIBFiles
Require TLS=no
LDAP TLS Port=389
LDAP SSL Port=636
Miscellaneous sections
[Novell:DST:1.0.0_Location]
Path=file:/%DEST_EDIR88%
User=
[Novell:SYS32_DST:1.0.0_Location]
Path=file:/%SystemRoot%system32
User=
[Initialization]
DisplayLanguage=en_US
Version=Novell:NDSforNT:1.0.0
SPLocation=%systemdrive%\temp\NDSONNT\ni\windows\..\DATA\SP.DBInstallation
Mode=silent
SummaryPrompt=false
prompt=false

eDirectory Package Variables

Variable Description
DN_ADMIN The administrator user you will use to administer eDirectory.
PASSWD The password that the silent installation file needs to be configured for authentication into eDirectory. SECURITY NOTE: After you have successfully installed, delete the silent installation file or change the password.
TREE_NAME The name of the tree you are creating or installing into. NOTE: Use the IP address of a server with a master of root on it if you need to traverse subnets to attach.
SRV_CONTEXT The context where you want this server's object to be installed.
ADMIN_CONTEXT The context where you want the ADMIN user's object created.
DEST_EDIR88 The path you want the installation files to be copied to. This is where you launch the installation from.
NOTE: These values are kept in variables that you define as arguments in the Standalone Package Processor or on each Subscriber where you are running the Server Software Package.

eDirectory Package Components

Component Name Description Tab Name
COPY-FILES This component copies the entire patch out to this location to run the installation from. COPY Files
EDIT-RESPONSE-FILE This component edits the silent installation text file (response.ni) according to the variables you have configured. See APPENDIX B for an example. Text Files
Run install This runs the installer with the right arguments to go silent. Post Installation

NOTES: There are two packages to consider when installing eDirectory via a CPK. Both use the same variables as shown in the previous tables. One installs the Windows server (that you run it on) into an existing tree and the other Installs and creates its own tree. Each CPK can be deployed via Zenworks Server Management or the Standalone Package Processor. The filenames for both the batch file and the CPK are:

In summary, if you already have a tree to install into, only use the second option. However, if you are starting a new tree, use the first option once, then use the second option.

iManager 2.7 Server Software Package Details

This package uses the silent installation file of iManager 2.7 to install it. The batch file does not need you to declare any variables. We use a standard Windows variable (%systemdrive%) to run the file. For example, if the system drive is C:, then the command is c:\temp\imanager\installs\win\iManagerInstall.exe -i silent installer.properties.

iManager2.7 Package Variable

Variable Description
SYSTEMDRIVE This package uses only one variable. This is the windows systemdrive default variable. We copy the installer to the temporary directory of the system driver, run the installation, then delete. No configuration of this variable is needed.

iManager2.7 Package Components

Component Name Description Tab Name
COPY-FILES This component copies the entire iManager 2.7 installer out to this location. COPY Files
Silent Installation This runs the installer with the right arguments to go silent. Post installation

NICI Server Software Package Details

This package needs no variable declaration. It copies the installer up to the server and runs it in silent mode. The command we run is:

<SYSTEMDRIVE>\temp\NICI270\wcniciu0.exe /s /a /s /sms /f1<SYSTEMDRIVE>\temp\NICI270\nici.iss /f2c:\temp\nici2.log

NICI Package Components

Component Name Description Tab Name
COPY-FILES This component copies the entire NICI 2.7 installer out to this location. COPY Files
Run Silent This runs the installer with the right arguments to go silent. Post installation

Novell Client Server Software Package Details

This CPK installs the English language Novell Client 4.91 SP2 . It is only needed in the installation to an existing tree. The client is used merely to find the existing tree to install to. After eDirectory 8.8 SP1 is installed, it is no longer needed and can be uninstalled. This is a known issue only in the silent installation and will be fixed in future Support Packs for eDirectory8.8.

There are no variables for this CPK.

Novell Client Package Components

Component Name Description Tab Name
COPY-FILES This component copies the entire Novell Client out to the temporary directory c:\temp. COPY Files
Run Silent This runs the installer with the right arguments to go silent. Post installation

Putting It All Together

To ensure that each package gets installed in order, we use the "call" command from a master batch file. We use the following command syntax:

CALL c:\temp\cpk\zdm7sp1\windows\NICI270i-install.bat 
CALL c:\temp\cpk\zdm7sp1\windows\INSTALL-NIC-NVClient.bat
( which reboots the server.) 
(Then we run this batch file.)

CALL c:\temp\cpk\zdm7sp1\windows\edir-exist-Install.bat
CALL c:\temp\cpk\zdm7sp1\windows\IMAN-install.bat

Each batch file is created so that it can run from within the Standalone Package Processor. By developing it this way, we find that each CPK can be ordered. To ensure the same order of CPK installation with a currently installed ZENworks 7 Server Management with SP1, you can copy all three CPKS and their corresponding batch files out to each Subscriber, then run the master batch files mentioned above. This gives you the scheduling and automation with your Tiered Electronic Distribution along with the ability to ensure the CPKS install in the correct order.

If you extract the Standalone Package processor CPKS into the c:\temp\CPK directory, then the batch files you find in the c:\temp\cpk\zdm7sp1\windows directorys will work out of the box. You merely need to edit each one with your on specific variables and away you go.

The files used for this paper:

  1. Master ZIP files:

    All ZIP files should be extracted directly to C:\. They create a directory structure under c:\temp where all batch files work properly.

  2. Batch files:
    • edir-exist-Install.bat (Runs the CPK to install into an existing tree.)
    • edir-new-Install.bat (Runs the CPK to install into a new tree.)
    • edir-remove.bat (Runs the CPK to remove the eDirectory files form the server.)
    • IMAN-Install.bat (Runs the CPK to install iManager 2.7 to the server. Should be run last.)
    • INSTALL-NEW-eDir-IM.bat (A simple batch file that calls the eDirectory 8.8 and iManager 2.7 batch files. For installing into a new tree.)
    • INSTALL-exist-eDir-IM.bat (A simple batch file that calls the eDirectory 8.8 and iManager 2.7 batch files. For installing into an existing tree.)
    • INSTALL-NIC-NVClient.bat (A simple batch file the calls the NICI and Novell Client CPKs. This reboots the server after the client is installed.)
    • NICI270i-install.bat (Installs NICI 2.7. Needs a reboot after its installed.)

    All batch files are found in the c:\temp\cpk\zdm7sp1\windows directory. The instructions for which variables need to be defined are inside of each file and again in this paper in the relevant sections.

    NOTE: We expect you will want to directly use only four batch files (the last four listed above), as these bundle all of the CPKs into logical units. For example, to install into an existing tree you would run INSTALL-NIC-NVClient.bat, wait for the reboot, then run INSTALL-exist-eDir-IM.bat. Or, for a new tree you would run NICI270i-install.bat, wait for the reboot, then run INSTALL-NEW-eDir-IM.bat.

  3. CPKs:
    • edir-exist-install.cpk (Installs into an existing tree.)
    • edir-new-install.cpk (Installs a new tree.)
    • edir-remove.cpk (Removes eDirectory files off of the server.)
    • Iman27-I-win.cpk (Installs iManager 2.7.)
    • NICI270-install.cpk (Installs NICI 2.7.)
    • NOV-2000-CL491sp2.cpk (Installs the Novell Client. Needed only for the installation.)

All CPKS are found in the c:\temp\cpks directory. Keeping them there ensures that the batch files run correctly for the Standalone Package processor. However, deploying them through a ZENworks Server Management 7 with Service Pack 1 TED network and NOT spawning the Standalone Package processor means of course they don't need to be found here. In fact they merely need to be placed inside of a Software Package Distribution with no thought as to where they will be placed on the file system.

In Summary: This section "Putting it all together" focused on how combining the two technologies of ZENworks Server Management 7 and eDirectory8.8 with service Pack 1 facilitates the Mass installation and/or upgrade of eDirectory8.8 into your Windows Server environment. By either deploying the CPKS through your existing ZENworks Server Management environment or using the Standalone Package Processor you have a solution that is simple, cost affective, Tiered and scheduled.

Of course our solution still is viable if you do not have Zenworks Server Management deployed. It is even viable to roll this or any CPK solution out by packaging them up using the Standalone Package processor and deploying them byt the custom interface provided in ZENworks Patch Management or any other deployment infrastructure you may have in place.

Appendix A: Introduction to the Software Package Engine

The Server Software Package is one type of distribution that ZENworks Server Management can push out through your network. The file first starts out as an uncompiled package (.spk file). For example, the eDirectory Server Software Package for NetWare is named eDir873x_NetWare_Patch_ZFS.SPK prior to compilation. This file includes the logic for the content and pointers for where to find the files. The compiled file (xxx.CPK) includes the content and the logic ready to apply to the Subscriber-configured server. Files do not have to be part of the package as you will see in the Open Enterprise Server upgrade Server Software Package. You will separate the files into the simple file distribution to be sent out. The Server Software Package is manifest in a logic-only CPK.

The Software Package Processor is available on all server platforms on which ZENworks Server Management runs, namely SUSE LINUX, NetWare 5 through NetWare 6.5, and Windows servers. Please see the Novell documentation on the Web for an exact list of what service packs are required prior to installation.

Each Server Software Package consists of one main component and subordinate components. The main component contains variables and requirements that apply to the entire package. The subordinate components also contain requirements, but they apply only to one subsection of logic. Each component can perform the features outlined in the following table:

Component Features of Software Packages

Feature Description Example
Base component processes on requirements with specific values
  1. Operating system
  2. Memory
  3. Disk space
  4. Set commands
  5. Registry
  6. Files
  7. PRODUCTS.DAT
 This is useful if you want just one Server Software Package to apply to multiple operating system versions. Each component can be set to execute only for that operating system version.
Execute the following items prior to each component processing
  1. Load or unload NetWare loadable module (NLM) commands
  2. Load Java class
  3. Start or stop services
  4. Pre-execute a system, NetBasic, or Perl script
 This is useful when you back up a directory. Before you back up the files, you can unload the NLM, Java process, or services loaded from this directory.
Copy files around the server volumes or up to the server from the package Copy or move files on the local server or copy new files from the Server Software Package to the server. This is useful in copying files you are about to use as upgrade or patch. It is also useful in backing up files before patches and in placing them patch directories so they are ready to patch.
Manipulate strings within existing text files (or those just copied onto the server)
  • Search and replace words in files.
  • Utilize an extensive array of tools.
  • Append or prepend.
  • Add words after or before.
  • Add lines before or after.
  • Nest variables here to add granularity.
See the Open Enterprise Server upgrade section for a good example of how to use this feature. The Open Enterprise Server strings needed a silent installation script written specifically for each server. (Use this feature and rewrite them when they are run.) This is also useful for changing the /etc/hosts setting on all servers.
Apply a common "Set Parameter" configuration to NetWare servers and set, remove or modify registry settings Standardize settings, set and/or remove settings, and install or remove applications (Windows or NetWare registry-setting changes) The upgrade compiled packages for network management agents use these to insert new registry settings.
Add, replace or modify PRODUCTS.DAT entries on a NetWare server Allow the installation of new applications This feature is commonly used in NetWare and eDirectory patches.
Perform post-installation tasks
  1. Load or unload NLM commands
  2. Load Java class
  3. Start or stop services
  4. Run Red Hat Package Manager (RPM), Microsoft Installer (MSI), or IPS scripts

NOTE: To run these, load the post-installation script and add the command line arguments. See the sections on eDirectory patches and the policy and distribution patches for examples of both.

 See the ZENworks Server Management patch compiled package for an example of running RPMs.
The eDirectory patches on NetWare launch IPS scripts with arguments that ensure it runs silent.

A graphical user interface helps you to configure application content. You can set restrictions on each component. They can be as simple as a registry setting, a file, an entry in SYS:SYSTEM\PRODUCTS.DAT, or they can be as general as an operating system version. For example, you could restrict a patch to be applied only to NetWare 6.5, but not to 5.1 or 6.0. If necessary, restrictions can be just as granular with the whole Server Software Package.

Of course, Novell provides an array of ready-made compiled packages. ZENworks patches, Java update patches and ZENworks agent installations are available for download via the Novell Web site. You merely need to insert the relevant compiled package file into a distribution, schedule it, assign it a channel, then send it out.

Mechanics of Tiered Electronic Distribution

No discussion about ZENworks Server Management is complete without talking to Tiered Electronic Distribution. This is the main conduit for moving content, polices, and patches throughout your server network. The simplest configuration for Tiered Electronic Distribution is where one server operates as the Distributor. The Distributor's role is to maintain, build, and schedule the sending of content polices and patches to all other servers, which are called Subscribers. A Subscriber's role is to receive, extract, and apply content to its server.

The Distributor controls who gets what content, and when. It schedules the building of patches, content ,and polices, including when it sends the data across the physical network. To ensure that Tiered Electronic Distribution does not duplicate bandwidth usage, it employs a mechanism known as "checkpoint" restart. In other words, when necessary, it stops a trans-network delivery at a scheduled time and then later continues where it left off.

Content, policies, and patches are packaged into single units called Distributions. Distributions compress the files and provide a single reference for all of your content. The design allows the Distributor to build delta Distributions. In other words, only the changes are sent across the wire, rather than the whole Distribution.

Tiering and controlling the paths these Distributions take as they move through your network can save CPU resources and WAN utilization. Here, intermediate servers are used as "holding stations." Their job is simply to receive content from and send it to other leaf servers. If the patch is not destined for them, they do not extract and apply it; they simply hold it and forward it on to the appropriate server. These servers are called parent Subscribers.

Today, most patches come as prepackaged units, as in the case of NetWare support packs. They can be downloaded from the Web as a single executable unit. Linux receives its updates in the form of an RPM . Patches and products from Microsoft are prepackaged in the form of an MSI. Both RPMs and MSIs contain files and logic for installation.

While ZENworks 7 Server Management with SP1 provides the ability to leverage all of these package types, Novell also provides customers its own package type-Server Software Package-for delivering the installation logic and files for patching Novell servers through ZENworks Server Management. The entire patch and the logic to install it is compiled into a single file with the extension .cpk, then placed into a Distribution that can be transported through your Tiered Electronic Distribution network.

Appendix B: Sample Response.NI

New Tree Installation

[NWI:NDS]
Upgrade Mode=false - This is a fresh installation.
Installed Version=0 - There is no already installed instance of eDirectory.
Letter Version=0 - There is no already installed instance of eDirectory.
New Tree=YES - This is a new tree installation; for adding a secondary server to an existing tree, set to NO.
Tree Name=SILENT-WIN - Tree name of the server that needs to installed in case of primary server, or the name the 
tree to which this server has to be added to, in case of secondary server installation.
Server Name=NDS-LDAP-P2-NDS - Name of the server that is getting installed.
Server Container=Novell - The container of the server object.
Server Context=NDS-LDAP-P2-NDS.Novell - Complete DN for the server context.
Admin Context=Novell - The container of the administrator object.
Admin Login Name=Admin - RDN of the administrator object.
Admin Password=novell - Initial password that needs to be assigned for the administrator object.
Install as Service=YES - In Windows eDirectory is installed as Service by default, so do not edit this option.
Prompt=false - This has to be false for unattended installation.
NDS Location=E:\Novell\NDS - Location of NDS installation.
DataDir=E:\Novell\NDS\DIBFiles - Folder location for the DIB installation.
Require TLS=No - Where TLS is required for binding using clear text password after installation.
LDAP TLS Port=389 - Port for LDAP operations using clear text.
LDAP SSL Port=636 - Port for LDAP operations on SSL.
Language Settings
[Novell:Languages:1.0.0]
LangID4=true - True for English Locale.
LangID6=false - True for French Locale.
LangID9=false - True for Japanese Locale.
Details of Primary Server Installation
[Novell:ExistingTree:1.0.0]
prompt=false - Set to False by default for unattended installation, so do not edit this option.
ExistingTreeYes=false - Set to False for a new tree installation; in case of adding secondary server to an existing tree, set this to true.
ExistingTreeNo=true - Set to True for a new tree installation; in case of adding secondary server to an existing tree, set this to False.
Silent Installation Parameters
[Initialization]
DisplayLanguage=en_US
Version=Novell:NDSforNT:1.0.0
SPLocation=E:\builds\rosalind-sp1\20060317_1900_Win_88_rosalind_final\nt
\i386\NDSOnNT\ni\windows\..\DATA\SP.DB - Set this to the location of the SP.DB that is provided in the installation. It is available in nt\386\NDSOnNT\ni\windows\..\DATA\SP.DB from the source folder.
InstallationMode=silent
SummaryPrompt=false
prompt=false

Appendix C: Terms Used in This Document

Component: The Server Software Package of ZENworks Server Management organizes its logic into components. The logic flows top to bottom and left to right. The main component contains variables, restrictions and information that relates to the whole, while each individual component contains variables and restrictions that only apply to itself.

Distribution: The entity (read group of files) that contains policies, files, and the compiled package or applications to be sent to each Subscriber.

Distributor: The server that makes and distributes content, software packages, applications, and policies. The server pairs with corresponding object in eDirectory.

IPS SCRIPT: A file extension that designates the installation script for NetWare servers.
Products.dat: A btrieve file that contains applications installed to a NetWare server.

Subscriber: The server that receives, extracts, and applies the content, software package, or application. The server pairs with the corresponding object in eDirectory.

Variables: A word that contains data that can be changed based on the location or administrators preferences. These can be found in the installation scripts and software packages.

NOTE: Any references to Novell Open Enterprise Server discuss only traditional NetWare-never Linux.

Appendix D: Credits and Legal Attribution

Authors

Contributors and Reviewers

*Windows is a registered trademark of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. Palm is a registered trademark of Palm, Inc. RIM and BlackBerry are trademarks of Research in Motion, Ltd. Tivoli is a registered trademark of the IBM corporation. HP OpenView is a registered trademark of Hewlett-Packard Development Company. All other third-party trademarks are the property of their respective owners.

Building Moodle on SUSE Linux Enterprise Server 10

Building Moodle on SLES 10: Step by step directions

Introduction

These directions, combined with a script you will use later, will help you install a Moodle server in about 15 minutes. We make a few assumptions, which I hope we make clear, but I think you find this to be one of the easier setups for Moodle on Linux.

Starting Point

We are starting from the assumption that you have already installed a SUSE Linux Enterprise Server 10 (SLES 10) Server.

We are also assuming that this server has a static IP address and a DNS record on your network. (If you do not have a DNS record but know the IP address, you can still follow these directions to get going but it is recommended that you do this before the installation to avoid a hairy mess later.
Lastly, we assume that this server is dedicated to hosting only Moodle. You can do whatever you want with this server other than easily host other website.

Thus, let's say you named the server moodle and it had an IP address of 10.10.10.100. Then when you are done with these procedures you will be able to locate your server at http://moodle.domainname.com (or .org etc.) OR if you don't have a DNS record for the server you can http://10.10.10.100.

Here we go!

  1. Log into the SLES server you created as root.
  2. Put the SLES10 DVD into the CD/DVD drive.
  3. Press the Computer button in the lower left corner of the screen and choose YaST
  4. Select "Software" from the left side of the YaST window and click on Software Management
  5. Choose "Patterns" from the "filter" pull-down menu located beneath the menu items in the upper-left corner of the window.
  6. Under the heading Primary Functions, select "Web and LAMP Server." (Do not press accept yet)
  7. Now choose "Search" from the "filter" pull-down menu you just used.
  8. Type php in the search field and click "Search."
  9. Check the box next to the following items from the list on the right side of the window: php5-gd, php5-iconv, php5-mbstring, and php5-mysql (leave any checks that may already exist)
  10. Click the Accept button located in the bottom right corner of the window.
  11. You will see a window pop-up indicating other automatic changes. Simply click "Continue"
    • The server will then install your selections. This may take a few minutes.
  12. When prompted to "install or remove more packages" click no.
  13. Close the YaST Control Center.
  14. From the Computer button in the bottom left corner of the screen, click Firefox which opens the web browser.
  15. Download Moodle 1.7 for Linux at http://download.moodle.org/download.php/stable17/m... and , when prompted, select "save to disk" to place it on the desktop.
  16. Place your mouse over the corner of the Firefox window to resize it to be on one half of your screen.
  17. Now point the Firefox browser to http://www.whitfieldschool.org/LinuxLaptops/setup-moodle.sh and, when prompted, select "save to disk" to place it on the desktop.
  18. Close Firefox. (You really need to do this.)
  19. Drag the file "setup-moodle.sh" to the "root's home" folder located in the upper left corner of the desktop.
  20. Double-click the moodle package you downloaded. It will Open in a program called File Roller. Click the "Extract" button.
  21. Click the arrows to the right of Desktop on the "Extract in folder" bar and choose "other" from the pull down menu
  22. Double-Click "File System" on the left side of the window that popped up and browse to /srv/www/htdocs and click "Open"
  23. Click "Extract" and close the window when it completes.
  24. Right click on the desktop and choose "Open Terminal" and type sh setup-moodle.sh and hit the Enter key.
  25. A program which sets up some of the prerequisites of Moodle will run. Please read the screen and follow the prompts accordingly.
    • The script will ask you to enter a username and password for the database which runs your Moodle server. It will also launch the Firefox browser to help you begin the installation of Moodle.
  26. After entering a username and password for the database, you are prompted to press enter and Firefox will open. Resize Firefox so you can see the script running as well as Firefox.
  27. In Firefox, click the Language and click next
  28. You should see "Pass" for all of the PHP settings. Click "Next."
  29. On the next screen, keep all of the default addresses and directories EXCEPT change the web address from //localhost/moodle to http://YOUR SERVER NAME.YOUR DOMAIN NAME/moodle (example http://moodle.whitfieldschool.org/moodle) and click "Next"
    • NOTE: If you have not created a DNS record for the server on your network, this is where you would place the IP address of ther server (example: http://10.10.10.100/moodle) If you want to change this later, you will need to modify this setting in the file /srv/www/htdocs/moodle/config.php. See why I suggest you have the DNS record first?! :-)
  30. On the next screen, (My SQL) keep all of the defaults and in the "User" field, type the username you typed into the setup-moodle.sh script (exp: moodleuser)
  31. In the password field, type the password you entered twice into the setup-moodle.sh script
  32. Press Next
  33. On the next screen (Checking Environment), you should have OK next to all variables. If you have "Check" next to unicode, you are still OK so long as all users in your Moodle environment speak the same language. Click Next.
  34. On the next screen (Download Language Pack page), simply click Next. This download only included English but you can add other languages later.
  35. When you reach the configuration complete page, click "Continue."
  36. On the next screen, read over the user agreement and choose "Yes" to accept.
  37. You will now see a series of pages where Moodle automates various configurations. Scroll to the bottom of each page and click "Continue." You will have to do this a number of times.
  38. Once all configuration changes have been made, you will be brought to a web form to create the Moodle Admin account. Fill out the form accorting to your environment and click to update profile.
  39. Fill out the form to configure your Front Page and click "Save Changes" at the bottom of the page.
  40. You will be logged into the Moodle environment as the admin user you just created. I know you are excited to get started but you aren't done yet!
  41. Close Firefox. (Yes, you need to do this. You will come back to your moodle server later.)
  42. Click on the "terminal" window to get back into the script. As directed, click Return or Enter.
  43. Once you see "Moodle installation complete," close the terminal window and log off the server.
  44. Go to another computer and open a web browser. Point it to your server (example: http://moodle.whitfieldschool.org ) NOTE: we removed the /moodle from the address to make it easier for your users.

Have fun with Moodle!

For more information visit: http://linuxlaptops.blogspot.com/

Complete NetWare to OES Linux Migration Guide

There are many migration tips and helpful HowTo's available, but lack most of the steps necessary to perform a complete migration. Here I have included everything I did to migrate a remote location from NetWare to OES Linux.

Please make modifications to the data, where noted, to reflect your own organization's structure.

The services to be migrated include:

The steps to perform the migration are listed here:

  1. OES Linux Installation and Configuration
  2. Securing the New OES Linux Server
  3. LDAP Authentication for Local User Access
  4. Printer and Data Migration
  5. DNS/DHCP Migration
  6. ZENWorks Desktop Management v7 - Optional
  7. RSYNC Modification - Optional
  8. NetWare Server Decommission
  9. Workstations
  10. Conclusion

1. OES Linux Installation and Configuration

This portion does NOT walk all the way through an OES Installation. It is intended to specify critical changes that must be made to the default installation of OES Linux to ensure the migration is transparent to the user.

Partitioning

  1. When the installation reaches the Installations Settings screen, delete the recommended partitions and the partition table on the system disk so that the device can be marked to use EVMS as the volume manager instead of LVM.
    1. In the list of Installation Settings, select Partitioning.
    2. In the Partitioning menu, select Create Custom Partition Setup, then click Next.
    3. Select Custom Partition - for Experts, then click Next to open the Expert Partitioner options.
    4. Select Expert > Delete Partition Table and Disk Label, then click Yes twice to continue through the Warning advisories.
      This deletes the recommended partitions and the partition table on the system disk.
  2. Create a primary partition on the system disk to use as the boot partition.
    1. Click Create.
    2. From the list of devices, select the device you want to use for the boot partition, ex: /dev/sda, then click OK.
    3. Select Primary Partition, then click OK.
    4. Select Format, then select the native Linux file system you want to use, such as Ext3.
    5. In Size (End Value) field, specify 300 MB.
    6. Set the mount point to /boot.
    7. Click OK.
      The partition appears as a logical device in the devices list, ex: /dev/sda1.
  3. Create a second primary partition on the system disk to use for your swap and system volumes as follows:
    1. Click Create.
    2. From the list of devices, select the device you want to use for the second primary partition, ex: /dev/sda, then click OK.
    3. Select Primary Partition, then click OK.
    4. Select Do Not Format, then select Linux LVM (0x8E) from the list of file system IDs.
    5. In Size (End Value field), set the cylinder End value to the size of your disk minus what you want to use for swap., ex: 12GB
  4. Leave unpartitioned space available.
  5. Click OK.
    The partition appears as a logical device in the devices list, ex: /dev/sda2.
  6. Modify the volume management type from LVM to EVMS for the second primary partition you created in Step 3 as follows:
    1. At the bottom of the page, click EVMS.
    2. Available partitions for EVMS appear as devices under /dev/evms, such as /dev/evms/sda2.
    3. In the EVMS Configurator, select the LVM partition created in Step 3, then click Create Container.
    4. In the Create EVMS Container dialog box, select the partition, specify the container name (such as system), then click Add Volume to create the lvm/system container, where system is the container name.
    5. Click OK.
      The EVMS Configurator displays the lvm/system container you just created, its size, and free space.
  7. Create the swap volume in the lvm/system container as follows:
    1. Select lvm/system, then click Add.
    2. In the Create Logical Volume dialog box, select Format, then select Swap from the File System drop-down menu.
    3. Specify swap as the volume name.
    4. Specify the size of the swap volume as 2 GB.
    5. Specify the mount point as swap.
    6. Click OK.
  8. Create the system volume in the lvm/system container as follows:
    1. Select lvm/system, then click Add.
    2. In the Create Logical Volume dialog box, select Format, then select the file system to use from the File System drop-down menu, such as Ext3.
    3. In the Volume Name field, specify a volume name, such as sysx.
    4. Specify the Size of the system volume as the remaining space available in the lvm/system partition by clicking Max.
    5. Specify the mount point as / (root volume).
    6. Click OK.
  9. Click Next to return to the list of devices.

    10. Below is an example of the physical and logical devices you should see.

    Device Size F Type Mount Start End Used By
    /dev/sda 149 GB ST34001A 0 19456
    /dev/sda1 300 MB F Linux native /boot 0 38
    /dev/sda2 20.0 GB Linux LVM 39 2649 EVMSlvm/system
    /dev/evms/lvm/system/sysx 14.9 GB F EVMS / - -
    /dev/evms/lvm
    /system/swap    		 2.0 GB F EVMS swap - -
  10. Click Next to return to the Installation Settings page.
    You can dismiss the message warning that you should not mix EVMS and non-EVMS partitions on the same device.
  11. From the Installations Settings screen, click Software > Details, then select the following software options - These are the basic options I chose for my use. You can modify this depending on your needs.
    Basic Runtime System
YaST
Graphical Base System
Linux Tools
Authentication Server (NIS, LDAP, Kerberos)
Basic Sound Libraries and Tools
Gnome System
Novell eDirectory
Novell iManager
Novell Linux User Management
Novell iPrint
Novell NetStorage
Novell NSS
Novell NCP Server
Novell Backup Services (SMS)
Novell Health Monitoring

    Select Search and in the search field, type Locate and then search. On the right side, "findutils-locate" will appear. Also add DHCP Server and RSYNC, if desired. Click Accept.

  12. Scroll down the list and select the TimeZone for this server's location and then click Runlevel. Select Runlevel 3 - No GUI on console.
  13. Continue with the OES installation.

IMPORTANT: After the install is complete, make sure to perform the mandatory post-install configuration of the related system settings to ensure that the system device functions properly under EVMS. Otherwise, the system fails to boot properly.

After the Install

After the OES installation is complete, you must perform the following tasks to ensure that the system device functions properly under EVMS:

Edit the /etc/fstab File

When you boot the system, the kernel reads the /etc/fstab file to identify which file systems should be mounted and then mounts them. This file contains a table of file system information about the root (/), /boot, and swap partitions plus other partitions and file systems you want to mount.

The /boot partition is separate from the EVMS container where you placed the root (/) and swap partitions and is not managed by EVMS at this time. However, in the following steps, you disable boot.lvm and boot.md, then enable boot.evms. In effect, this forces EVMS to scan all the partitions at boot time, including the /boot partition, and it activates /boot under the /dev/evms directory. Therefore, this makes /boot a partition that is discovered by EVMS at startup, and requires that the device be listed under /dev/evms in the fstab file so it can be found when booting with boot.evms.

After the install, you must edit the /etc/fstab file to modify the location of the /boot partition so it is under the /dev/evms directory. For example, change /dev/sda1 to /dev/evms/hda1. Replace sda1 with the device name you used for your /boot partition.

IMPORTANT: When working in the /etc/fstab file, do not leave any stray characters or spaces in the file. This is a configuration file, and it is highly sensitive to such mistakes.

  1. Open the /etc/fstab file in a text editor.
  2. Locate the line that contains the /boot partition. Look for a line similar to this: /dev/sda1 /boot ext3 defaults 1 1
  3. In the Device Name column, modify the location of the /boot partition from /dev to /dev/evms so it can be managed by EVMS. Modify only the device name by adding /evms to the path: /dev/evms/sda1 /boot ext3 defaults 1 1
  4. Save the file.
    Do not reboot the server yet!

Disable boot.lvm and boot.md

Disable boot.lvm and boot.md so they do not run at boot time. EVMS now handles the boot.

  1. In YaST, click System > Runlevel Editor > Expert Mode.
  2. Select boot.lvm.
  3. Click Set/Reset > Disable the Service.
  4. Select boot.md.
  5. Click Set/Reset > Disable the Service.
  6. Click Finish, then click Yes.
    Do not reboot the server yet!

Enable the boot.evms Service

The boot.evms service should be enabled automatically after the install, but you should verify that it is enabled.

  1. In YaST, click System > Runlevel Editor > Expert Mode.
  2. Select boot.evms.
  3. Click Set/Reset > Enable the Service.
    The B runlevel option is automatically selected.
  4. Click Finish, then click Yes.
    Do not reboot the server yet!.

Edit the /etc/init.d/boot.evms Script

  1. Open the /etc/init.d/boot.evms script in a text editor.
  2. Add the following lines to the Stop section:
    mount -n -o remount,rw /
echo -en "\nDeleting devices nodes"
rm -rf /dev/evms
mount -n -o remount,ro /

    The Stop section looks like this after the edit:

    stop)
        echo -n "Stopping EVMS"
        mount -n -o remount,rw /
        echo -en "\nDeleting devices nodes"
        rm -rf /dev/evms
        mount -n -o remount,ro /
        rc_status -v
        ;;
  3. Save the file.

Finally! Reboot the Server

  1. Now reboot the server to activate post-install configuration settings.

Verify the System Services

After the post-install configuration is complete and you have rebooted the server, make sure the server is operating as expected.

Create NSS Volume

From the command prompt, type nssmu to start the NSS Management Utility.

Select Pools, press Insert and create a new Pool. Call it VOL or whatever your standard dictates. Designate all the free space to it.

Select Apply and the Escape back to the main menu.

Select Volumes, press Insert and create a new volume. Name it VOL1 (for example) and place it in the pool you created earlier. Designate all the space to this volume and select apply.

Select the volume and press F4 to update eDirectory, otherwise you won't see the new volume in the tree. Press Esc to exit the utility.

2. Securing the New OES Linux Server

These recommendations are optional and should be used as, at least, a guide to securing your server. Refer to your organization's security policies regarding hardening your servers.

GRUB Boot Loader

Password protect the boot loader to prevent editing of the boot environment or passing kernel level commands to the system at boot time. Use the md5crypt command within GRUB to encrypt a password. Then use this hash to edit the menu.lst file and insert the password line as shown below.

Be sure NOT to use the same password as root or any other user password on the system. If you "fat finger" the password without testing it first you will not be able to make changes to the boot process upon boot up!

# grub

  GRUB version 0.97 (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported. For the first word,
 TAB lists possible command completions. Anywhere else TAB lists 
 the possible completions of a device/filename. ]

grub> md5crypt

Password: *******
Encrypted: $1$vUYoM$OAxm9NVNUBsCeP1dl50

grub>quit


vi /boot/grub/menu.lst

color white/blue black/light-gray
default 0
timeout 8

password --md5 $1$vUYoM$OAxm9NVNUBsCeP1dl50
title linux
  kernel (hd0,0)/boot/vmlinuz root=/dev/sda1 vga=795

BIOS

Password protect changes to the BIOS to prevent changing the boot order of the device. In production booting from CD or floppy should be disabled.

Tuning Network Kernel Parameters

There are a few parameters that can be applied to the kernel through the proc file system to improve protection of the server.

Modify /etc/sysconfig/sysctl to add these options along with the default configuration options. 

net.ipv4.ip_forward = 0 -- Disables IP forwarding.
net.ipv4.conf.all.accept_source_route = 0 -- Disables source routing.
net.ipv4.tcp_syncookies = 1 -- TCP syn flood protection parameter.
net.ipv4.tcp_max_syn_backlog = 4096 Additional TCP syn flood protection.
net.ipv4.conf.all.rp_filter = 1 Enables anti-spoofing protection.
net.ipv4.conf.all.send_redirects = 0 Disables the sending of ICMP redirects.
net.ipv4.conf.all.accept_redirects = 0 Disables receipt of ICMP redirects.
net.ipv4.conf.default.accept_redirects = 0 Disables ICMP redirects for newly activated.

Warning Banners

Include this warning message for all direct methods of connection to the server.

/etc/motd Add this banner to this file

/etc/issue Add this banner to this file also. Below is an example that you can use. Change My Company to your Organization - It's lengthy, but you know the legal guys..

My Company owns this computer system and restricts access and use to authorized persons only. Use of and/or access to this system and/or any information obtained via this system is subject to My Company policies and procedures governing such use and access. Unauthorized or improper use of or access to this system, or any portion of it, either directly or indirectly, or any attempt to deny service to authorized users or to alter, damage, or destroy information, or otherwise to interfere with the system or its operation, is strictly prohibited. Any party using or accessing, or attempting to use or access, this system without express authority from My Company may be subject to severe disciplinary action and/or civil and criminal penalties in accordance with applicable state and federal law (including, but not limited to, the Computer Fraud and Abuse Act of 1986 and the Electronic Communications Privacy Act). My Company representatives may monitor and record use and access for quality assurance, security, privacy compliance, regulatory compliance i.e. HIPAA, Sarbanes Oxley, and performance, except as prohibited by law. Any person who uses or accesses this system expressly consents to such monitoring and recording. My Company or its representatives may furnish information obtained by its monitoring and recording activity to law enforcement officials if such monitoring and recording reveals possible evidence of unlawful activity.

Copy the /etc/issue file to /etc/issue.net

For SSH connections edit the /etc/ssh/sshd_config file. Below is the what needs to be changed to point the banner at the /etc/issue.net file.

# vi /etc/ssh/sshd_config

??.
# no default banner path
Banner /etc/issue.net
#VerifyReverseMapping no

# override default of no subsystems

SSH configuration

In addition to setting a banner as above, it should be restricted to version 2 of the protocol only. SSH version 1 has some inherent weaknesses and so should be avoided. Edit this file and make the changes listed in Bold. Most settings are fairly self explanatory. No hosts should be automatically trusted through the rhosts types of authentication or even with a machine based certificate as with the RSA variants. Root should not be allowed direct access. For administration, you should connect to the machine as a regular user and then SU to root for additional needed rights.

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
SyslogFacility AUTH
#
#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in 
        /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
PermitEmptyPasswords no

Further Securing Remote Lo