Operating the ULB: SLES 8 on the Ultimate Linux Box
So the Ultimate Linux Box is back in-house after a brief hiatus to be shown off at LinuxWorld. In the last article, I told you that because of a really bad experience with another, safely nameless distribution on the 64-bit platform, we would be going with SuSE Linux Enterprise Server 8, a pay-for-play package. Because it makes up a significant percentage of the cost of the ULB, I thought it deserved its own review.
Instead of the usual box of books and CD cases thing I've seen from every other distribution--including its little brother, SuSE Linux Professional 8.2--SLES 8 comes in a short two-ring binder that reminded me of the old AT&T System V manuals from decades past. The four CDs are inside the binder, behind their own tab, in a set of plastic sleeves held closed by a one-time-open seal that reads "By breaking the seal you accept the exclusion of warranty." This is an interesting shrink-wrap license; instead of accepting some kind of restrictive EULA, you're accepting the No Warranty clause of the GPL. This is SuSE's way of protecting itself under its native German law, the implications of which are beyond the scope of this article. In short, the laws say that someone has to be liable unless you, the customer, explicitly agree to it.
The manuals themselves (Installation and Administration) are detailed almost to an extreme. The installation manual goes so far as to describe how to set up a VNC client on Windows so you can install the SuSE system from a remote console in a heterogenous environment. The administration manual is detailed similarly. Both manuals have plenty of screenshots, footnotes and everything else a serious 500-server wrangler could want. Perhaps this might be a bit overwhelming for a newbie, but SLES 8 is no newbie's distribution.
Personally, I skipped the manuals the first time and went straight to booting. The installer went straight into framebuffer mode before it ever gave me a boot prompt. Pressing Return got me the usual chicken tracks a kernel load generates, then popped me back into framebuffer-based X, successfully finding the USB mini-mouse I keep around for such an occasion. Without further prompting, YaST2 started and we were off.
The coolest thing about YaST2 in installation mode for a busy network administrator is it is menu-based, rather than dialog based. I simply could have selected Next on the first screen, and it would've started asking me for CDs and pulling packages off of them. Instead, I repartitioned the disk array to my liking, a process that was a little clunky but acceptable. The format utility defaults to ReiserFS; I'm usually an ext3 fan, but for the sake of experimentation I took the default. I also fiddled with the package settings, adding kernel-source and its associated dependencies. YaST2 handled the dependency questions in a pop-up box with a somewhat complicated (but complete with respect to choices) dialog. I told it, yes, I wanted the C compiler, and it even gave me a choice as to which version. The package selector allows you to choose by function (like Debian's tasksel) or by package group (something any RPM-based administrator is familiar with), or you simply can search for a package, an option I haven't seen before in a GUI installer. It worked quite well and quickly.
Clicking on Next back at the main menu screen got me a somewhat different looking progress screen. The system showed me which CDs it would need, in what order and how much time it expected to take on each of them. After feeding it the first CD, it began to update those estimates in real-time. Accounting for switching CDs, the install took about 20 minutes.
The CD prompts are a bit confusing. It asked for CD 1, and I fed it the CD with the big 1 on it, which it refused it until I read the fine print. It wanted United Linux CD 1, which has a big 2 on it and United Linux CD 1 in small print. Once I figured that out, the rest was easy. It did want the first two CDs back, briefly, after it finished with the first one; I'm not sure of the logic behind that.
A reboot brought the machine right back up into X for the postinstall. It asked for a root password, forced me to add a non-root user (it's not optional, I tried), asked if I wanted to change the network settings (it had already figured out I have a DHCP server), asked me about my X configuration and went straight to runlevel 5.
You see, the ULB has a brand-new NVIDIA Quadro card in it, a version that is too new for the default X drivers to recognize. Fortunately, SaX (the X configure tool in SuSE) saved a copy of what it knew was working before overwriting things with my configuration. I simply logged in in console mode as root, copied that back into place and ran startx. Presto, KDE was there with a big red background full of bombs and caution icons. I got the hint; no X as root. So I logged in as myself, and KDE came up again. It starts it with a handy greeter tool that has URLs to register your software, to get into the issues database and other SuSE-specific stuff; the SuSE chameleon head icon on the desktop restarts this part.
The KDE 3.0 desktop was spartan but correctly recognized both the CD-RW and the DVD-ROM and created appropriate icons. The DVDs Play selection on the right-click menu didn't do anything, alas, but it did read the UDF filesystem correctly and let me read the README file on my test disk. Double-clicking the CD-RW icon brought up k2b, KDE's answer to xcdroast and Nero. Other than k2b and the Konqueror and Mozilla (1.0.1) web browsers, though, there wasn't a lot of desktop software. No office suite, no PDA tools not even Emacs in the default setup (though Emacs was available off the CD).
On the other hand, as you would expect from something with Enterprise in the name, the desktop was heavy on servers and server tools. Everything from Apache (with Jakarta-Tomcat) to Zebra was present, far too many to list here. The one thing I did not see was anything resembling an enterprise-class backup tool, not even Amanda, which is GPL. (Of course, correcting that problem should be reasonably easy for a large system administrator, but it would be nice to have something ready to go.)
On the positive side of things is SuSE's swiss army knife configuration tool, YaST2 (Yet Another Setup Tool, Version 2). This thing is nice. It's fast for a GUI, at least on the ULB, and I've watched other GUI tools be slow on dual Athlons and Xeons. Like install mode, YaST2 is menu-driven in double-column fashion. The firewall tool is especially nice; I could walk through the dialog and set up a reasonably effective masquerading firewall in about two minutes and not know the first thing about iptables. I was distressed to discover, in the security tool, that the default mode for password encryption is still DES. Both MD5 and Blowfish are available as alternatives, however, so that helps.
The software installer tool not only already knows what is on all four CDs and which CD it's on, it also incorporates the on-line updater. The hardware detector is thorough in typical German fashion, giving you information on almost everything in /proc in a nice, nested GUI. (Not to worry, hardcore console types; simply leave off the 2 when you type yast and a dialog-based curses interface pops up, same base design only no mouse.)
Despite the little niggly problems I mentioned, I am really impressed with the job SuSE did on the new platform. Usually on something other than pure 32-bit x86, packages are out of date, things don't work quite right and other annoyances abound. SELS 8 has XFree86 4.2, kernel 2.4.19, KDE 3, Samba 2.2--not quite bleeding edge but definitely current. And there are 32-bit libraries (glibc-2.2) on the machine so things you don't have 64-bit packages for can run. And, aside from the NVIDIA driver issue, which is really NVIDIA's issue and not SuSE's, it works--exactly what you want in an enterprise-class OS.
Glenn Stone is a Red Hat Certified Engineer, sysadmin, technical writer, cover model and general Linux flunkie. He has been hand-building computers for fun and profit since 1999, and he is a happy denizen of the Pacific Northwest.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide