[opensuse-autoinstall] installation source not at root of DVD?

older
[opensuse-autoinstall] Problems...

Jochen Schaefer

12 Mar 2009 12 Mar '09

12:34

Hi, I have a question regarding installation from CD/DVD. Is it possible to have the installation source at a DVD where the product files do not exist at the root of the DVD? My DVD layout looks like that: /boot, /grub, /inst/media/sles/10/sp2/i586/CD1, /inst/media/oes2/sp1/i586/CD1 I'm using grubs eltorito stage to make the image bootable - that works fine with network installation sources. The content of SLES10-SP2 DVD is on the media below /inst/media/sles/10/sp2/i586/CD1 I tried install=cd:/hdc path=/dev/hdc/inst/media/sles/... install=cd:/dev/hdc patch=/dev/hdc/inst/media/sles/... ... But it didn't work. I'm wondering if it is possible to accomplish this task at all. /dev/hdc as path argument seems wrong for me cause /dev/hdc is a block device which should be mounted. I'm also thinking about mounting the DVD via exec parameter at bootloader prompt and point the installation source to the mountpoint. But at first I would like to hear your advises. Thanks, Jochen -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

Show replies by date

Jochen Schaefer

12 Mar 12 Mar

18:26

New subject: [opensuse-autoinstall] installation source not at root of DVD solved

Hi, solved the problem. Should have read the documentation more carefully. intall=cd:///inst/media/sles/10/sp2/i586/CD1 does it Jochen

...

...
...
On 3/12/2009 at 01:34 PM, in message <49B90F7C0200009700017200@vpn.id2.novell.com>, "Jochen Schaefer" wrote: Hi,

I have a question regarding installation from CD/DVD. Is it possible to have the installation source at a DVD where the product files do not exist at the root of the DVD?

My DVD layout looks like that: /boot, /grub, /inst/media/sles/10/sp2/i586/CD1, /inst/media/oes2/sp1/i586/CD1 I'm using grubs eltorito stage to make the image bootable - that works fine with network installation sources.

The content of SLES10-SP2 DVD is on the media below /inst/media/sles/10/sp2/i586/CD1

I tried install=cd:/hdc path=/dev/hdc/inst/media/sles/... install=cd:/dev/hdc patch=/dev/hdc/inst/media/sles/... ... But it didn't work.

I'm wondering if it is possible to accomplish this task at all. /dev/hdc as path argument seems wrong for me cause /dev/hdc is a block device which should be mounted.

I'm also thinking about mounting the DVD via exec parameter at bootloader prompt and point the installation source to the mountpoint. But at first I would like to hear your advises.

Thanks, Jochen

-- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

-- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

Henrik Schmidt

17 Mar 17 Mar

14:03

New subject: [opensuse-autoinstall] ldap questions

I use something like this in my 11.1 config file for my ldap clients <ldap> ou=ldapconfig,dc=ks,dc=mydomain,dc=uni-kiel,dc=de cn=admin,dc=ks,dc=mydomain,dc=uni-kiel,dc=de false false dc=ks,dc=mydomain,dc=uni-kiel,dc=de XXX.XXX.XXX.XXX true false true member ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de crypt true true </ldap> /etc/ldap.conf is auto generated : # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls ldap_version 3 pam_filter objectClass=posixAccount nss_base_passwd ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_shadow ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_group ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de tls_checkpeer no #ssl on Two questions : 1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default. 2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c. -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

Darin Perusich

16:54

New subject: [opensuse-autoinstall] ldap questions

Henrik Schmidt wrote:

...

/etc/ldap.conf is auto generated :

# OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls ldap_version 3 pam_filter objectClass=posixAccount nss_base_passwd ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_shadow ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_group ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de tls_checkpeer no #ssl on

Some additional values you may also want in /etc/ldap.conf nss_map_attribute uniqueMember member timelimit 15 bind_timelimit 15 bind_policy soft

...

Two questions :

1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.

tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).

...

2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.

Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it. -- Darin Perusich Unix Systems Administrator Cognigen Corporation 395 Youngs Rd. Williamsville, NY 14221 Phone: 716-633-3463 Email: darinper@cognigencorp.com -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

Henrik Schmidt

18:18

New subject: [opensuse-autoinstall] ldap questions

Darin Perusich schrieb:

...

...
Two questions :

1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.

tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).

Wrong. I just want to use the default which is explained in /etc/ldap.conf : # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes I just don't want to use 'no' and some script is forcing this upon me. No need for tls_cacertdir or other tls settings according to the text above.

...

...
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.

Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it.

objectclass is used multiple times in ldap.conf like #pam_filter objectclass=aixAccount, there is just a single case with upper C and i asked myself why. Looked like some anomaly. -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

Darin Perusich

20:02

New subject: [opensuse-autoinstall] ldap questions

Henrik Schmidt wrote:

...

Darin Perusich schrieb:

...
...
Two questions :

1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.

tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).

Wrong. I just want to use the default which is explained in /etc/ldap.conf :

# OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes

I just don't want to use 'no' and some script is forcing this upon me. No need for tls_cacertdir or other tls settings according to the text above.

When specifying either of these options, tls_checkpeer and TLS_REQCERT, the expectation is that the CA certificate is available on the system to verify to server certificate. Since this cannot be guaranteed setting it to 'no' is the safe bet. If you're not happy with this it's easy enough to provide your own ldap.conf or script setting the preferred values for your environment. If you see the configuration section of nss_ldap(5) it explains that while /etc/ldap.conf and /etc/openldap/ldap.conf share many of the same options there is no guarantee they will match in the future. Not relying on /etc/openldap/ldap.conf for nss_ldap functionality will ensure user provisioning if and when things change in the future.

...

...
...
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.

Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it.

objectclass is used multiple times in ldap.conf like #pam_filter objectclass=aixAccount, there is just a single case with upper C and i asked myself why. Looked like some anomaly.

-- Darin Perusich Unix Systems Administrator Cognigen Corporation 395 Youngs Rd. Williamsville, NY 14221 Phone: 716-633-3463 Email: darinper@cognigencorp.com -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org

5525

Age (days ago)

5530

Last active (days ago)

List overview

Download

5 comments

3 participants

participants (3)

Darin Perusich
Henrik Schmidt
Jochen Schaefer