1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>
Image 1

WE Solutions / Our services

  • Previous
  • Next
  • Stop
  • Play

SAMBA/LDAP

Thin Client Server

Postfix Mail Server

Postfix Mail Server

HA Clustering

Configure a DNS Server

PDF Print E-mail

Written by Mr. Sontaya Photibut Saturday, 02 May 2009 16:33

The configuration of each DNS server type is slightly different. In
this objective the following is discussed:
■ Configure a Caching-Only DNS Server
■ Configure a Master Server for Your Domain
■ Configure One or More Slave Servers


Configure a Caching-Only DNS Server
A caching-only DNS server does not manage its own databases but
merely accepts queries and forwards them to other DNS servers.
The replies are saved in the cache.
The DNS server configuration is defined in the file /etc/named.conf.
You can use the example file that is installed with the DNS package
as a configuration file for a caching-only server.
The following example shows the beginning of a simple
configuration:
Lines beginning with a hash sign (“#”) are comments and will be
ignored.
#
# /etc/named.conf: Configuration of the name server (BIND9)
#
# Global options
#
options
{
#
# In which directory are the database files?
#
directory "/var/lib/named";
};

The global options are defined in the options block at the beginning
of the file. The directory option specifies the directory where the
database files (or zone files) are located. Normally, this is
/var/lib/named/.
Using the directory option you can specify filenames for the
database files with a relative path (no absolute path required).
The global options are followed by the definition of the database
files for the domains managed by the DNS server. Several entries
are needed for basic DNS server functions such as those provided
by a caching-only server.
Three entries are needed for every DNS server:
■ The entry for root DNS servers (not needed for BIND 9 because
it has the list of root DNS servers compiled into the software).
■ The forward resolution for localhost
■ The reverse resolution for the network 127.0.0.0 (localhost)

The following are examples of these entries:
The zone entry for the root DNS servers contains a reference to a
file containing the addresses of the root DNS servers. This file
(root.hint) is generated in the directory /var/lib/named/ during the
installation of the package bind.
The two files for the resolution of localhost are also generated
during the installation. The structure of these files is explained later.
Starting each request for name resolution with queries to the root
servers can be quite slow. If these reqests are forwarded to a name
server with a lot of information in its cache (e.g., the name server of
your Internet service provider), the process will be much faster in
most cases.
## entry for root nameservers#
zone "." in {
type hint;
file "root.hint";
};
#
# forward resolution for localhost
#
zone "localhost" in {
type master;
file "localhost.zone";
};
#
# reverse resolution for localhost
#
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";

You can define these DNS servers in the options block in the file
/etc/named.conf, as in the following:
You can enter up to three DNS server addresses. Queries that
cannot be resolved by the local DNS server are forwarded to one of
the specified DNS servers.
If these DNS servers cannot be reached, the queries are sent directly
to the root DNS servers.
Configure a Master Server for Your Domain
The following are the tasks you need to do to configure a master
DNS server for your domain:
■ Adapt the Main Server Configuration File
■ Create the Zone Files
■ Create Additional Resource Records
Adapt the Main Server Configuration File
You can adapt the configuration of the caching-only DNS server to
configure a DNS server containing its own information files.
options
{
directory "/var/lib/named";
forwarders {
10.0.0.254;
};
};

This configuration already contains the global entries for the
directory and the forwarders entries (which can be omitted) in the
options block. There are also some more options marked as
comment. The file also contains the mandatory entries for the root
servers and the resolution of localhost.
The global options are followed by definitions for the database files
(or zone files) for the domains this DNS server serves. At least 2
files are necessary for each domain:
■ A file for forward resolution (allocating an IP address to a
computer name)
■ A file for reverse resolution (allocating a computer name to an
IP address)
If several subnets belong to a domain, then one file for each of these
networks must be created for reverse resolution.
Each definition begins with the instruction zone (this is why the
database files are also known as zone files), followed by the name
of this zone.
For forward resolution, this is always the domain name. For reverse
resolution, the network prefix of the IP address must be given in
reverse order (10.0.0. becomes 0.0.10.) to which the suffix
in-addr.arpa is added (0.0.10.in-addr.arpa).
The zone name is always followed by an “in” for Internet. (DNS
servers can administer information on different name spaces, not
only that of the Internet. Other name spaces are practically never
used.)
The text in curly brackets defines the type of DNS server type (e.g.,
master) for this zone and the name of the zone file.

The entries for a domain digitalairlines.com and a network
10.0.0.0/24 would look like this:
Create the Zone Files
The two files for the domain localhost and the file for the root DNS
servers are always included in the installation. You do not need to
change these files; however, you must create the files required for
the actual domain.
The subdirectory /var/lib/named/master/ is used for the database
files of a master server.
You need to know the following to manually create the zone files:
■ Structure of the Files
■ The File /var/lib/named/master/digitalairlines.com.zone
■ The File /var/lib/named/master/10.0.0.zone
■ The File /var/lib/named/master/localhost.zone
■ The File /var/lib/named/master/127.0.0.zone
#
# forward resolution for the domain digitalairlines.com
#
zone "digitalairlines.com" in {
type master;
file "master/digitalairlines.com.zone";
};
#
# reverse resolution for the network 10.0.0.0
#
zone "0.0.10.in-addr.arpa" in {
type master;
file "master/10.0.0.zone";
};

Structure of the Files
Each of the database files consists of a series of entries, or resource
records. The syntax of these records is always as follows:
reference [TTL] class type value
The following describes each part of a record:
■ reference. The reference to which the record refers. This can be
a domain (or subdomain) or a standalone computer (name or IP
address).
■ TTL. The Time To Live value for the record. If this is not
present, a default TTL value is used. This determines how long
other name servers store this information in their cache.
■ class. The class of the record. For TCP/IP networks, this is
always IN (internet).
■ type. The type of the record. The most important types are
listed in the table below.
■ value. The value of the record. The value depends on the type
of record as listed in the following:
Table 1-1 Record Type Meaning Value
SOA Start of Authority
(term for the
authority)
Parameters for the
domain
NS Name server Name or IP address of
one of the DNS servers
for this domain
MX Mail exchanger Name (or IP address)
and priority of a mail
server for this domain
A Address IP address of a computer
PTR Pointer Name of a computer

The File /var/lib/named/master/digitalairlines.com.zone
Unlike earlier versions of BIND, BIND 9 requires you to specify a
default TTL for all information at the beginning. This value is used
whenever the TTL has not been explicitly given for an entry.
You define the TTL with the following instruction:
x In this file, the semicolon is used as a comment sign.
In this example, the TTL is given in seconds. It can be given in
other units as well, such as 2D for two days. Other units are M
(minutes), H (hours), and W (weeks).
CNAME Canonical name Alias name for a
computer
Table 1-1 (continued) Record Type Meaning Value
;
; definition of a standard time to live, here: two days
;
$TTL 172800

This is followed by the definition of the SOA (Start of Authority)
entry, which specifies which DNS server has the authority for this
domain:
The domain to which this entry refers (in the example,
digitalairlines.com) is listed first. The domain name must end with
a dot. If a name does not have a trailing dot, the name of the domain
is added, which would lead to an error here.
The name of the DNS server is listed after the SOA entry (in this
example, da1.digitalairlines.com with a dot at the end).
Alternatively, you could write da1, and the domain name
digitalairlines.com would be added after the name.
Next comes the email address of the person who is responsible for
the administration of the DNS server. The “@” usually used in
email addresses must be replaced by a dot (so the email address in
this example is hostmaster.digitalairlines.com). This is necessary
because “@” has a special meaning as an abbreviation.
It is advisable to use a generic email address here (e.g.,
hostmaster@digitalairlines.com) instead of an individual email
address.
The next entry is a serial number. Any number can be used, but
normally the date and a version number are used here. After any
change to the data in this file, the serial number has to be increased.
;
; SOA Entry
;
digitalairlines.com. IN SOA da1.digitalairlines.com.
hostmaster.digitalairlines.com. (
2004092601; serial number
1D ; refresh (one day)
2H ; retry (two hours)
1W ; expiry time (one week)
3H ; "negative" validity (three hours)
)

Slave servers use this number to determine whether or not they need
to copy this zone file. If the serial number on the master server is
greater than that on the slave server, the file is copied.
The serial number is followed by time information (the first three
entries listed here are only important for slave servers):
■ The first entry causes a slave server to query a master server
after this length of time, to see if there is a new version of the
file (in the example, this is 1D or one day).
■ If the slave server cannot reach the master server, the next time
entry specifies at what intervals new attempts should be made
(in the example, this is 2H or two hours).
■ If the master server is not reached for a longer period of time,
the third time entry specifies when the slave server should
discard its information on this zone (in the example, this is 1W
or a week).
The basic idea here is that it is better not to pass on any
information than to pass on outdated information.
■ The fourth entry defines for how long negative responses from
the DNS server are valid. Each requesting server stores
responses in its cache, even if a computer name could not be
resolved (in the example, this is 3H or 3 hours).
These time definitions are followed by the name or IP address of the
computer that is acting as the DNS server for this domain. In all
cases, the master server must be entered here. If slave servers are
used, they should also be entered, as in the following:
The name of the domain can be omitted at this point. Then the name
from the previous entry (the SOA entry) is taken.
;
; entry for the name server
;
digitalairlines.com. IN NS da1.digitalairlines.com.
IN NS da2.digitalairlines.com.

At the end of this file are the IP addresses that are allocated to
computer names. This is done with A (address) entries, as in the
following:
The File /var/lib/named/master/10.0.0.zone
The file for reverse resolution contains similar entries as the file for
forward resolution. At the beginning of the file there is the
definition of a default TTL and an SOA entry.
;
; Allocation of IP addresses to host names
;
da10 IN A 10.0.0.10
da12 IN A 10.0.0.12
da13 IN A 10.0.0.13
...
da1 IN A 10.0.0.254
da2 IN A 10.0.0.2

In the SOA and NS entries, the IP address of the network is written
in reverse order:
At the end of this file are the host names that are allocated to
computer names, this time with the PTR (Pointer) entry, as in the
following:
; Database file for the domain digitalairlines.com:
; reverse resolution for the network 10.0.0.0
;
; Definition of a default TTL,here: two days
;
$TTL 172800
;
; SOA entry
;
0.0.10.in-addr.arpa. IN SOA da1.digitalairlines.com.
hostmaster.digitalairlines.com. (
2004092601; serial number
1D ; refresh (one day)
2H ; retry (two hours)
1W ; expiry time (one week)
3H ; "negative" validity(three hours)
)
;; Entry for the name server
;
IN NS da1.digitalairlines.com.
IN NS da2.digitalairlines.com.
;
; Allocation of host names to IP addresses
;
10 IN PTR da10.digitalairlines.com.
12 IN PTR da12.digitalairlines.com.
13 IN PTR da13.digitalairlines.com.
14 IN PTR da14.digitalairlines.com.
...
254 IN PTR da1.digitalairlines.com.
2 IN PTR da2.digitalairlines.com.

The following two files must exist for the local computer. These are
created automatically during installation and should not be
modified.
The File /var/lib/named/master/localhost.zone
The following is an example of the file
/var/lib/named/master/localhost.zone:
In this example, the “@” character is used as an abbreviation (for
this reason, it must be replaced by a dot in the email address in the
database files).
Using “@” instead of the domain name causes the file
/etc/named.conf to be read to see for which domain this file is
responsible.
In this case, it is localhost, which is also used for the name of the
DNS server (this is why “@” appears many times in the file).
$TTL 1W
@ IN SOA @ root (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS @
IN A 127.0.0.1

The File /var/lib/named/master/127.0.0.zone
In this file, the abbreviation “@” is also used. But here the computer
name must be given explicitly with localhost (remember the dot at
the end):
Create Additional Resource Records
Apart from the resource records already discussed (SOA, NS, A,
PTR), there are MX and CNAME resource records, which are used
to do the following:
■ Define Mail Servers for the Domain
■ Assign Aliases for Computers
Define Mail Servers for the Domain
To be able to use email addresses in the form
geeko@digitalairlines.com, the email server responsible for the
domain must be defined (the email cannot be sent directly to the
domain, but must be sent to a mail server).
$TTL 1W
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS localhost.
1 IN PTR localhost.

To achieve this, an MX (Mail Exchange) entry must be made in the
database file for forward resolution, after the DNS server entry:
If an email is now sent to the address geeko@digitalairlines.com,
the computer sending the mail asks the DNS server which computer
is the mail server, and is sent the list of the MX entries in return.
Several mail servers can be given. On the basis of their priorities, it
is then decided to which computer the email is sent. The priority of
mail servers is defined by the number next to MX; the lower this
number, the higher the priority.
In this example the computer mail.digitalairlines.com has the
highest priority (it is, therefore, the primary mail server).
da1.digitalairlines.com and da5.digitalairlines.com both have the
same priority.
If the mail server with the highest priority cannot be reached, the
mail server with the second-highest priority is used. If several mail
servers have the same priority, then one of them is chosen at
random. An address entry must be made for each mail server.
digitalairlines.com. IN MX 0 mail
IN MX 10 da1
IN MX 10 da5

Assign Aliases for Computers
If you want a computer to be reached by more than one name (such
as addressing a computer as da30.digitalairlines.com and
www.digitalairlines.com), then corresponding aliases must be
given.
These are the CNAME (canonical name) entries in the database file
for forward resolution:
x The names of the mail servers for the domain (MX entry) cannot be alias
names, since some mail servers cannot handle this correctly.
Configure One or More Slave Servers
To guarantee reliable operation, at least one more DNS server
besides the master server is required. This can take over part of the
load from the DNS master server. But it is especially important in
case the DNS master server is not available. This additional DNS
server is set up as a DNS slave server.
The essential difference between the two types is that a slave server
receives copies of the zone files from the master server.
Modifications to the zone files are only made on the master server.
As soon as a slave server is started, it connects to the master server
and receives a copy of the zone files from it. This is called a zone
transfer.
Comparison of data between the servers takes place automatically.
On the one hand, the slave server queries the master server at
regular intervals and checks, using the serial number of the zone
files, whether anything has changed.
da30 IN A 10.0.0.30
www IN CNAME da30

By default, the master server sends a message to all listed slave
servers (called notify) as soon as it has been restarted in order to
read in modified zone files.
In the configuration file /etc/named.conf for a slave server, there are
at least two entries that define it as a master server: the two zone
definitions for the loopback network (localhost).
There might also be a zone definition for the root DNS server. But a
zone definition is only necessary if the slave server will forward
requests to other DNS servers.
The definitions for zones for which it should copy data from the
master server look like the following:
The slave server gets data from the master server with the IP
address 10.0.0.254 and stores it in the directory
/var/lib/named/slave/. This directory is created when you install the
BIND package.
A similar configuration must be made for reverse resolution, as in
the following:
zone "digitalairlines.com" in {
type slave;
file "slave/digitalairlines.com.zone";
masters {
10.0.0.254;
};
};
zone "0.0.10.in-addr.arpa" in {
type slave;
file "slave/10.0.0.zone";
masters {
10.0.0.254;
};
};

In the simplest configuration, the slave server gets information from
the master server at regular intervals. This can cause the slave
server to provide outdated information for a certain length of time.
This is why it is reasonable to instruct the master server to inform
the slave servers about modifications in the database files. The slave
servers then immediately carry out a zone transfer, which always
brings them up to date.
In order for the master server to be able to communicate with the
slave servers, it must know about them. By default, the master
server automatically informs its slave servers. This can also be
defined explicitely in the options section of the file /etc/named.conf,
as in the following:
Subsequently, the slave servers must be listed as DNS servers in the
database files (for the forward and reverse resolution):
This informs the slave server, da8.digitalairlines.com, about all
modifications.
options {
...
notify yes;
};
digitalairlines.com. IN NS da1.digitalairlines.com.
IN NS da8.digitalairlines.com.

Ref. Novell Training Services (Course 3074)


Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

security code
Write the displayed characters


busy
 

SUSE Linux Enterprise Cool Solutions

  • ovpnstatd
    license: 
    GNU General Public License

    About:

    How 'ovpnstatd' works.

    ovpnstatd is a status collector daemon for OpenVPN. ovpnstatd can be started either interactively at the console or as a daemon in the background (--daemon).

    Use "--help", to get a brief listing of available options.

    If started interactively, all connected users and their update-events will be shown on the console-display. This start-mode is merely meant for testing/debugging.

    A tcp-port (50505) will be opened, by which a very simple but useful web page can be viewed (http://yourhost:50505). There you get an entry for every OpenVPN-user, whose status-data is available as a result of a connect-event since ovpnstatd's startup. Users who are online, appear as a light-green(ish) entry, disconnected users are shown in grey/white.

    The web page will remain empty, as long as no users have connected since startup of ovpnstatd.

    The web page is intended for internal (administrator) use only - no "mass media", as ovpnstatd is not a multi-threaded program.

    Should ovpnstatd already be running in the background, then you would have to change the port number (--tcp-port <NNNNN>) for your interactive session (if you really want it twice).

    Only if started as daemon, ovpnstatd will serve its main purpose, it will collect data of all connect, disconnect, update events, which are reported by any OpenVPN server-process, and write history in csv-format, that can easily be loaded into a database or viewed in a spread-sheet.

    In the same time, this data is also written to a FIFO-file "/<status_dir>/send_nsca_data" (/var/run/openvpn/send_nsca_data) in a format suitable for nagios's "send_nsca" utility.

    The default location, where collector-data is written, is /srv/www/apps/ovpnstat/datacol - it can be changed with:
    "--collect-dir <path-to-your-collector-directory>".

    The location where event-data of OpenVPN-hooks is expected, is "/var/run/openvpn". This can be changed with the option:
    "--status-dir <path-to-Your-status-directory>".

    NOTE: For this to work, you also have to turn on status-logging in OpenVPN config-file(s): "status <path-to-status-data.status>" AND activate the hooks: "client-connect <your-con-script.sh>" and: "client-disconnect <your-dis-script.sh>"

    Into the hook-script "your-script.sh" simply place/add the following echo command:

    into "client-connect.sh" add the lines
    echo -e "OVPN_PID=$PPID\n`env`" \
    >/var/run/openvpn/${common_name}.con

    into "client-disconnect.sh" add the lines
    echo -e "OVPN_PID=$PPID\n`env`" \
    >/var/run/openvpn/${common_name}.dis

    NOTE: The extension of hook output-files has to be
         .con for client-connect data-files
         .dis for client-disconnect data-files
         .status for status data-files given in OpenVPN config-file
    otherwise those files will not be recognized by ovpnstatd.

    You can display your favoured icon as a header of the web page.

    As default for this, a built-in OpenVPN-icon is displayed.

    If you want to replace the default icon in the source (ovpnstatd.h) look for variable "def_web_img64" and substitute its assignment by the output of "base64 -w0 <your-preferred-image>".
    But only take tiny images for this !!!

    If the TUN/TAP device driver control is not "/dev/net/tun" on your Linux-System, change it with: "--dev-node <Your tun/tap ctrl>"

    In case you want to raise the debug-level, use "--debug <N>"
    Level 0 = off, 1 = default, 2 = all

    Installation:

          # assuming that You've downloaded the tar-file to /usr/local/src
      # proceed als follows:

      cd /usr/local/src
      tar -xjvf ovpnstat.tar.bz2
      cd ovpnstat
      make clean
      make

      # Now for a test start openvpn status collector daemon interactively :
      bash ovpnstatd-test.sh
      
      # If You got an OpenVPN server up and running on the same host
      # then You can already take a look on the web-page

      firefox http://your-host-name:12345/

      # But NOTE: ovpnstatd must run on the SAME HOST, where openvpn-server is on

      # Also note, that collector-data is only written, if the program
      # is started in the background (--daemon ) .

      # So to start it for "normal" usage copy file into place:
      cp init-ovpnstatd /etc/init.d/ovpnstatd
      cp ovpnstatd /usr/sbin/ovpnstatd

      # only if You want to send data to Nagios, otherwise leave this away:
      cp send_nsca.sh

      # You also will have to create the collector directory
      # if this location does not meet Your needs, just modify STARTOPTS
      # in /etc/init.d/ovpnstatd and set --collect-dir to Your favoured 
      mkdir -p /srv/www/apps/ovpnstat/datacol

      # then start openvpn status daemon
      /etc/init.d/ovpnstatd start

    Special hints:

    Regarding Nagios NSCA:

    Before you use the Nagios notification script "send_nsca.sh", you need to edit it - change the ip of the Nagios host therein - have a look if all the path-names are suiting your needs - AND install the "send_nsca" binary. It comes with package nagios-nsca-<version>

    Once you have installed nagios-nsca on the Nagios server, you may just copy send_nsca from there to your openvpn-server (including its config-file) - that's all it needs.

    Also add a Nagios configuration - a hostname entry for your openvpn-server where ovpnstatd will be running (must match exactly the output of 'hostname' and a service entry for each common-name (service_description must match common-name), that you want to monitor passively.

    An example of a passive service config also is included here.

    Regarding collector data:

    The collector data is in csv format which allows you to easily load it into some database for your own web application.

    Bugs (and the like creepers):

    ovpnstatd is tested valgrind-clean and is running stable since quite a couple of months now on my openvpn-server.

    AttachmentSize
    ovpnstat.tar.bz255.34 KB
  • supportconfig for Linux
    download url: 
    http://download.opensuse.org/repositories/Novell:/NTS/SLE_10/noarch/
    license: 
    GPLv2
    home page url: 
    http://en.opensuse.org/Supportutils

    Description

    The updateSupportutils command compares the current versions of supportutils and its plugins to those installed on your server. Those that are outdated or missing are automatically downloaded and installed. Only those plugins that apply to your server are installed. The command supports creating a weekly or monthly cron entry to automatically check and update the supportutils package and its plugins. Click here to see a list of the current supportutils and plugin packages. The updateSupportutils command help screen follows:

    ################################################################
# Supportutils Auto Update Client
################################################################

Usage: updateSupportutils [OPTION]

Description
  Makes sure the supportutils and supportutils plugin packages are
  installed and current.

Options
  -m  Install a monthly cron for updateSupportutils
  -w  Install a weekly cron for updateSupportutils
  -d  Delete all installed cron entries for updateSupportutils
  -l  List all cron entries for updateSupportutils
  -u  Force RPM update on applicable packages
  -p  Exclude supportutils plugin packages
  -v  Verbose mode
  -h  This screen

    Note: Detailed system information and logs are collected and organized in a manner that helps reduce service request resolution times. Private system information can be disclosed when using this tool. If this is a concern, please prune private data from the log files. Several startup options are available to exclude more sensitive information. Refer to the supportconfig(8) man page to see these options.

    Update Instructions

    Run updateSupportutils as root.

    If you do not already have the supportutils-plugin-updater package installed, refer to the Installation Instructions below. If your server does not have network connectivity to http://download.opensuse.org, then install using the Option B (Manual) method.

    Installation Instructions

    Option A (Automated)

    1. Download the supportutils-plugin-updater
    2. Login as root
    3. Install the updater package
      # rpm -Uvh supportutils-plugin-updater-*.noarch.rpm
    4. Run updateSupportutils as root
      # updateSupportutils

    Option B (Manual)

    1. Download the supportutils and any applicable supportutils plugin packages for your server.
    2. Login as root
    3. Install the supportutils-X.XX-XX.XX.noarch.rpm
      # rpm -Uvh supportutils-X.XX-XX.XX.noarch.rpm
    4. Install the supportutils-plugin-*-X.X-X.X.norarch.rpm packages you want
      # rpm -Uvh supportutils-plugin-*-X.X-X.X.norarch.rpm

    Using Supportconfig

    To upload a supportconfig to Novell, run supportconfig -ur $srnum; where $srnum is your 11 digit service request number. You can also just run supportconfig for local use. By default, supportconfig saves its information in /var/log/nts_hostname_date_time.tbz.

    Consider using the Novell Support Advisor to perform an initial analysis of your servers. It will generate an HTML report that links you to Technical Information Documents that directly relate to any server issues identified.

    Reporting Bugs

    Updates to Supportconfig Version 2.25-320:

    • Fixed HA error when cibadmin -Q doesn't connect
    • Fixed ldapsearch search on non-default port
    • Added systool base output to sysfs.txt
    • Added getappcore tool to gather application core files
    • Added analyzevmcore tool for kernel core analysis
    • Supportconfig includes analyzevmcore files in crash.txt
    • /etc/services included in network.txt

    Updates to Supportconfig Version 2.25-314:

    • Changed to systool for sysfs.txt
    • Added local binary list to rpm.txt
    • Added nlvm to novell-nss.txt for OES11
    • Updated copyright years
    • Added curl check for update registrations to update.txt
    • Fixed conf file execution in plugins directory
    • Added a supportconfig summary in summary.xml
    • Added /etc/init.d/halt.local to boot.txt
    • Added OPTION_UFILES for fs-files-additional.txt. [see supportconfig.conf(5)]
    • Fixed fslist_info order
    • Added kdump rpm check for sles11sp1
    • Added plugin-icommand to scplugin.rc for internal bash commands
    AttachmentSize
    supportutils-plugin-updater-1.0-19.1.noarch.rpm6.99 KB
    supportutils-1.20-59.1.noarch.rpm107.48 KB
  • Deploying Linux images can be fun!

    Johannes Renner, one of the developers in our SUSE Manager team, recently posted a very useful blog post about using SUSE Studio to create Linux images. The latest update for SUSE Manager makes this a lot simpler.

    He wrote:

    You already know that it’s possible to use SUSE Studio for creating Linux images that will automatically register with SUSE Manager once deployed to a virtual host and booted for the first time.

    From now on you can make use of this feature in a much more convenient way. The final piece of the integration between the two SUSE products is now included with the latest update for SUSE Manager.

    Starting up a new virtual system using SUSE Manager can now be simplified to the following steps:

    1. Choose the image from a list.
    2. Specify deployment parameters.
    3. Go for it.

    For the details, read this post.

  • ATT Live - Last Call

    As the event owner for ATT Live, I want to reach out and extend one last invite to this year's ATT Live conference in Las Vegas Nevada - May 15th-18th. For as long as I can remember, this has been a December conference, with an occasional repeat in the early spring based on demand. However, this year... the sunshine and warm weather of May are awaiting us in Vegas, and it could not be more welcomed!

    If you have not attended ATT Live in the past 10 years, I encourage you to check it out. You can link to the live landing page at www.novell.com/attlive. Over the years, we have made this the premier technical conference and each year we listen to our attendee's feedback making each year an improvement on the previous. This year is no exception!

    I wanted to share some highlights of this year's conference for your consideration, and if you are looking for that last attempt to get approval these things might just help.

    • Additional hands-on sessions - We have extended our tracks from 10 to 12, offering a good mix of sessions across the three Business Units. You will find 6 tracks focused on Novell ZENworks, Open Enterprise Server and GroupWise. Three tracks on NetIQ, both legacy Novell Identity and Security products and legacy NetIQ products, giving you a great opportunity to explore some new products in this space, and last, but not least, three full tracks on Suse Linux. Check out the full schedule here - http://www.novell.com/training/attlive/sessions.html
    • We have invited more product experts - In order to extend our tracks, we have invited more services employees to help deliver these sessions, adding their product knowledge and real world experience to the sessions. Product managers will also be coming to explore product roadmaps and take your feedback back to the office.
    • Certification and Practicum - Whether you are seeking certifications to validate your knowledge, seek a career advancement or just test your knowledge, certification has been included in the price of the event. We ran out of seats last year, so we opened up more sessions this year to make sure all those wanting a chance to test, have the chance. The Linux practicum will also be available in limited slots to help you get that professional Linux certification. Of course we would want you to pass, but because there is no additional charge, no one has to know if you fail.... nothing is harder than submitting a failed exam on your expense report.
    • More food, more afternoon sleeping - The M resort is known for its excellent food, buffets, and restaurants, so we are taking what worked well for us last year and have extended our buffet vouchers for lunch, giving you your choice and quantity of food, not ours. If you have any complaints on the food, you can only blame yourself for filling up your plate with the wrong things.
    • First ever Alumni event, a thanks to those who always support us - If you are an ATT Live Alumni we want to welcome you to our first Alumni event on Tuesday night. We are excited to have the M Resort open up the Winery for our use. Make sure if you are registered that you plan to join us on Tuesday night. Check out the venue here - http://www.themresort.com/dining/hostilegrape.html
    • Low travel costs. Vegas always offers the most affordable travel costs of anywhere I know. Seems you get more for your money when you keep it in your pocket and off the tables. However, I thank those that put the money down, seems to keep the expenses for the rest of us to a minimum (as if... I keep my money in my wallet). We have worked hard to keep the costs of the hotel down, with a low rate, and travel to and from the airport included.

    There are plenty of reasons for coming, and we look forward to "filling" the hotel during the week. We will have one of the highest attendances yet, and look forward to seeing you there. If you have considered attending, don't wait, it will be well worth your time and investment.

    If you have any questions or comments, you can reach my team at training@novell.com. We will be watching the inbox for your interest and will do what we can to get you there, and home happy that you came.

    Thanks -
    Jeff McMurdie

  • ATT Live 2012 Session Spotlight--Dr L's CLP 11 Pain Points Sessions

    (Note: To see a list of all the sessions planned for ATT Live 2012, go to http://bit.ly/Asgjo4.)

    At ATT Live 2012, Dr Bjoern Lotz, the designer and creator of the CLP 11 exam scenarios and evaluation scripts, will be presenting 3 sessions on the various common issues and mistakes that most often make the difference between passing and failing the SUSE Certified Linux Professional (CLP) 11 Practicum Exam. These sessions are:

    • Dr. L's Treatment for the CLP Pain Points #1: Scripting in the CLP
    • Dr. L's Treatment for the CLP Pain Points #2: NFSv4 and Syslog-ng
    • Dr. L's Treatment for the CLP Pain Points #3: Apache and Samba

    These sessions will be especially helpful for SLES 11 server administrators who want to achieve the SUSE CLP 11 certification. And ATT Live 2012 is a prime opportunity to get this certification because the CLP 11 practicum exam will be offered for free on days 3 and 4 of the event.

    I asked Bjoern to provide a bit of useful information from each session that would give you an idea of what to expect if you're interested in taking advantage of this opportunity to prepare for and take the CLP 11 exam. The following information is just a taste of what you'll learn in these sessions. You'll really need to come to ATT Live if you want the full learning experience--demonstrations, hands-on labs, interaction with the instructor, etc.

    Scripting in the CLP

    One of the common issues that comes up when performing scripting tasks in the CLP exam is that the script does not execute without errors. Among the steps you can take to make sure the script executes properly is to use the following script troubleshooting techniques:

    If you do not immediately see why a script is returning errors, you can

    • Add set -x at the top of your script - when executing the script you see additional information that can help you find the error
    • Put echo in front of commands – that way they are not executed but displayed in the output
    • Put read into your script to pause it – hit enter to continue it
    • If you don't want to run the whole script, put exit at the point where you want it to end
    • Don't forget to remove (or change into a comment with #) the above when you are done

    NFSv4 and Syslog-ng

    The common mistakes made when performing Syslog-ng tasks in the CLP exam arise from not knowing how to create filters or modify existing ones. Filtering rules that will help you in performing these tasks successfully include the several criteria that can be used for filtering:

    • Facility:
      filter f_news { facility(news); };
    • Priority
      filter f_alert { level(alert); };
    • Program (regular expression)
      filter f_dhcpd { program(“dhcpd”); };
    • String (regular expression)
      filter f_firewall { match(“IN=”): };
    • Hostname (regular expression)
      filter f_gateway { host(gateway); };
    • Elements can be combined:
      filter f_errcrit { level(err, crit); };
      filter f_mailnews { facility(mail, news); };
      filter f_iptables { match(“IN=”) and match(“OUT=”) ; };

    Apache and Samba

    A common mistake seen in the exam related to the CLP 11 Practicum Apache tasks is there are missing elements in the virtual host configuration. Some tips to keep in mind to perform these tasks successfully are:

    • The configuration is distributed across several files in /etc/apache2/, including
      • httpd.conf
      • default-server.conf
      • vhost.d
      • listen.conf
      • error.conf
      • Some configuration options are contained in /etc/sysconfig/apache2, which are used to create configuration files in /etc/apache2/sysconfig.d/
    • Virtual hosts are used to provide the Web pages of several domains on one IP address
    • To create a virtual host, you need to create a configuration file in the /etc/apache2/vhsots.d/ directory
    • The file name has to end in .conf
    • The /etc/apache2/vhosts.d/vhost.template file lists the needed parameters with comments explaining their use. You can copy that file and edit it for your virtual host

    Register today for the event and for Dr L's CLP 11 Pain Point sessions before they fill up at: www.novell.com/attlive!

    ATT Live 2012
    May 15-18, 2012
    Henderson (Las Vegas), NV
    4 days of instructor-led, hands-on advanced technical training for only $1,750

    Please follow Novell, SUSE, and NetIQ Training on:
    http://twitter.com/novell_training
    http://www.facebook.com/NovellTraining