Mailinglist Archive: opensuse-autoinstall (49 mails)

[Anas Nashif <nashif@xxxxxxx>]

David Carter wrote:
> Hi everyone,
>
> I'm currently playing with AutoYaST on a scratch system, with a view to
> using SuSE 9.0+AutoYAST in place of Redhat 9+Kickstart on some of our
> servers. AutoYaST works rather nicely, but I'm having a couple of teething
> problems which is probably down to ignorance on my part.
>
> My test install environment is based on the GRUB boot floppy found at:
>
>   ftp://ftp.suse.com/pub/people/nashif/autoinstall/
And in 9.0 documentation there is a section describing how to create 
such a boot floppy using the latest GRUB from 9.0...


> I'm looking at an install environment which uses TFTP for boot images and
> autoyast files but which uses manually configured IP addresses supplied by
> the grub and autoyast configurations. I don't trust DHCP on our network,
> simply because of the large numbers of different groups who run servers.
>
> Problem #1: Spurious DHCP requests
> ==================================
>
> Unless I switch off forceboot and reboot in the autoyast.xml file:
>
>       <mode>
>         <confirm config:type="boolean">true</confirm>
>         <forceboot config:type="boolean">false</forceboot>
>         <reboot config:type="boolean">false</reboot>
>       </mode>
>
> the system reboots and attempts a DHCP lookup on eth0 before setting up
> the static IP address which I have specified in the autoyast.xml file:
>
>     <networking>
>       ...
>       <interfaces config:type="list">
>         <interface>
>           <bootproto>static</bootproto>
>           <broadcast>131.111.255.255</broadcast>
>           <device>eth0</device>
>           <ipaddr>131.111.11.209</ipaddr>
>           <netmask>255.255.0.0</netmask>
>           <network>131.111.0.0</network>
>           <startmode>onboot</startmode>
>         </interface>
>       </interfaces>
>       ...
>     </networking>
>
> Is there another way of stopping the redundant DHCP request? At best this
> leads to a delay until the request times out. At worse the machine could
> end up with an invalid configuration.
Hmm, this should not happen. Can you check the file
/var/lib/YaST2/install.inf
and see if the network values you have supplied are present there!

> Problem #2: Firewall configuration
> ==================================
>
> /sbin/yast2 autoyast provides a screen for configurating a firewall
> which generates the following in autoyast.xml:
>
>     <firewall>
>       <fw_allow_fw_traceroute>yes</fw_allow_fw_traceroute>
>       <fw_autoprotect_services>yes</fw_autoprotect_services>
>       <fw_dev_ext>eth0</fw_dev_ext>
>       <fw_dev_int></fw_dev_int>
>       <fw_log_accept_all>no</fw_log_accept_all>
>       <fw_log_accept_crit>yes</fw_log_accept_crit>
>       <fw_log_drop_all>no</fw_log_drop_all>
>       <fw_log_drop_crit>yes</fw_log_drop_crit>
>       <fw_masq_nets></fw_masq_nets>
>       <fw_masquerade>no</fw_masquerade>
>       <fw_protect_from_internal>yes</fw_protect_from_internal>
>       <fw_route>no</fw_route>
>       <fw_services_ext_tcp>ssh</fw_services_ext_tcp>
>       <start_firewall config:type="boolean">true</start_firewall>
>     </firewall>
>
>
> The yast postinstall script which runs says "Setting up firewall", and
> there is various output in y2log which includes:
>
>   2003-12-08 12:38:45 <1> magenta-4(2667) [YCP]
>     clients/autoinst_configure.ycp:105
>        Writing configuration for firewall
>
> However, /etc/sysconfig/SuSEfirewall2 doesn't appear to get updated:
>
>   -rw-r--r--  1 root  root   26770 Dec  8 12:35 SuSEfirewall2
>
> and iptables doesn't acquire any rules. Does autoyast support SuSEfirewall
> yet? It is conspicuous by its absence in the documentation provided at:
>
>   http://www.suse.de/~nashif/autoinstall/9.0/html/index.html

Ok, I might need to run a test install and see what exactly happens there..


Anas

> Thanks in advance for any answers.