中国领先的IT技术网站
|
|

基于AutoYaST自动化安装SuSE的最佳运维实践

遵循Don't Repeat Yourself原则,本文主要介绍基于AutoYaST实现半自动化SuSE定制光盘和PXE网络全自动化安装SuSE的实践过程。统一是自动化运维的基础核心,而统一部署又是自动化运维的第一步,其实在研究自动化部署的过程中我们会遇到各种坑,只有踩过的人才能够体会其中的不容易。

作者:HelloDog来源:HelloDog博客|2015-10-20 17:12

Tech Neo技术沙龙 | 11月25号,九州云/ZStack与您一起探讨云时代网络边界管理实践


【引自HelloDog的博客】一、前言

在金融行业中,我所接触的操作系统主要是AIX和SLES(SuSE Linux Enterprise Server),也许大家平时用得更多是CentOS,虽然有部分差异但原理都是相通的,SMIT和YaST也是灰常实用的功能,推荐大家有机会尝试体验 下。因为网上关于SuSE自动化部署的参考文章较少,这套自动化部署方案已经被验证并在生产系统使用了1年半,配置相对成熟和稳定。遵循Don't Repeat Yourself原则,本文主要介绍基于AutoYaST实现半自动化SuSE定制光盘和PXE网络全自动化安装SuSE的实践过程,如需了解更加详细的 参数说明可以参考扩展阅读中的SuSE官网。

AutoYaST是自动化部署SuSE的黄金搭档

二、更新历史

2015年10月20日 - 补充isolinux.cfg完整配置避免歧义

2015年05月28日 - 初稿

阅读原文 - http://wsgzao.github.io/post/autoyast/

扩展阅读:

◆SuSE - https://www.suse.com/zh-cn/

◆AutoYaST - http://doc.opensuse.org/projects/autoyast/

◆Autoinst索引 - http://wsgzao.github.io/index/#Autoinst

三、SuSE自动安装光盘

1.定制版本

SUSE Linux Enterprise Server 11 (x86_64)

VERSION = 11

PATCHLEVEL = 2

下载地址 - https://www.suse.com/zh-cn/download-linux/

2.AutoYast简介

AutoYast是SuSE Linux的自动安装工具。通过AutoYast,在DHCP、TFTP、PXE服务的支持下,通过FTP、NFS等网络安装源可以实现SuSE Linux的完全无人值守自动安装。但是,这种方式必须建立独立的服务器且客户端支持PXE网络启动,在现场没有网络或者系统不支持客户端网卡的场景下不适合,通过AutoYast制作的SuSE Linux一键安装光盘可以满足上述场景。本文主要介绍SuSE Linux Enterprise Server 11(简称SLES11)一键安装光盘的制作, 其他SuSE Linux仅供参考。

3.生成AutoYaST配置文件

AutoYast配置成功后,生成一个名为autoinst.xml的XML配置文件,SuSE Linux通过这个文件控制操作系统的安装。AutoYast生成配置文件有3种方式:

(1)系统安装时自动生成

(2)系统安装后通过运行命令生成

(3)直接编辑生成(偷懒最佳姿势)

系统安装时生成配置文件

按照正常步骤安装SLES11,把必须的软件全部安装。运行到最后一步“安装已完成”,勾选“为AutoYast复制此系统”,系统开始克隆系统生成配置文件,并弹出提示窗口。生成配置文件用时约2分钟左右,生成的配置文件位于/root目录下。

运行命令生成或者修改配置文件

如果在系统安装时没有生成配置文件,可以运行命令生成。在系统中打开终端,以root用户运行命令yast2 autoyast,打开AutoYast配置窗口,选择“工具”->“创建参考配置文件”,弹出“创建参考控制文件”窗口。勾选需要配置的项目,如 软件包选择、语言、分区、键盘布局、防火墙、网络设置等,AutoYast根据选择的项目从系统获取相关配置信息。选择“文件”->“保存”,弹出 “另存为”窗口,输入文件名“autoinst.xml”,选择“保存”,系统提示文件保存到指定目录下。

有时我们需要对模块做些调整,比如磁盘分区、软件包等。以调整磁盘分区为例介绍配置文件的修改。

以root用户运行yast2 autoyast,打开AutoYast窗口,选择“文件”->“打开”,选择autoinst.xml文件,等系统读取配置后,在AutoYast窗口显示配置配件名称,修改后保存即可。

制作安装光盘

AutoYast配置文件生成后,可以开始制作一键安装光盘了。制作一键安装光盘需要用到SLES11的原安装光盘的数据。

  1. #首先复制SLES11原安装光盘的数据到指定目录 
  2. mkdir /tmp/sles11 
  3. cp -R /media/S*/* /tmp/sles11 
  4. #复制autoinst.xml 
  5. cp /root/autoinst.xml /tmp/sles11 
  6. #编辑isolinux.cfg文件,找到# install所在位置 
  7. cd boot/x86_64/loader/ 
  8.  
  9. #修改引导菜单 
  10. vi isolinux.cfg 
  11.  
  12. default harddisk 
  13.  
  14. # hard disk 
  15. label harddisk 
  16. localboot 0x80 
  17.  
  18. # install 
  19. label linux 
  20. kernel linux 
  21. append initrd=initrd autoyast=file:///autoinst.xml splash=silent showopts 
  22.  
  23. # repair 
  24. label repair 
  25. kernel linux 
  26. append initrd=initrd splash=silent repair=1 showopts 
  27.  
  28. # rescue 
  29. label rescue 
  30. kernel linux 
  31. append initrd=initrd splash=silent rescue=1 showopts 
  32.  
  33. # mediacheck 
  34. label mediachk 
  35. kernel linux 
  36. append initrd=initrd splash=silent mediacheck=1 showopts 
  37.  
  38. # bios test 
  39. label firmware 
  40. kernel linux 
  41. append initrd=biostest,initrd splash=silent install=exec:/bin/run_biostest showopts 
  42.  
  43. # memory test 
  44. label memtest 
  45. kernel memtest 
  46.  
  47. ui   gfxboot bootlogo message 
  48. implicit    1 
  49. prompt   1 
  50. timeout  600 
  51.  
  52. #运行mkisofs命令生成自动安装光盘 
  53. cd /tmp/sles11 
  54.  
  55. mkisofs  -R -o /tmp/SLES11-SP2-64-AUTO.iso -b boot/x86_64/loader/isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table . 

我的配置文件

预设分区

预装软件包

  1. KDE Desktop Environment 
  2. Oracle Server Base 
  3. C/C++ Compiler and Tools 
  4. nmap 
  5. java-1_6_0 
  6. libstdc++43-devel-32bit 

预设语言

  1. 主要:英语 
  2. 添加:中文 

预设用户名/密码

  1. root/如果你直接复用我的配置文件请私信我获取密码 

预设网络配置

  1. 禁用服务:防火墙,IPv6 

autoinst.xml

  1. <?xml version="1.0"?> 
  2. <!DOCTYPE profile> 
  3. <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"
  4.   <bootloader> 
  5.     <device_map config:type="list"
  6.       <device_map_entry> 
  7.         <firmware>fd0</firmware> 
  8.         <linux>/dev/fd0</linux> 
  9.       </device_map_entry> 
  10.       <device_map_entry> 
  11.         <firmware>hd0</firmware> 
  12.         <linux>/dev/sda</linux> 
  13.       </device_map_entry> 
  14.     </device_map> 
  15.     <global
  16.       <activate>true</activate> 
  17.       <boot_boot>true</boot_boot> 
  18.       <default>SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</default
  19.       <generic_mbr>true</generic_mbr> 
  20.       <gfxmenu>/boot/message</gfxmenu> 
  21.       <lines_cache_id>3</lines_cache_id> 
  22.       <timeout config:type="integer">8</timeout> 
  23.     </global
  24.     <initrd_modules config:type="list"
  25.       <initrd_module> 
  26.         <module>mptspi</module> 
  27.       </initrd_module> 
  28.       <initrd_module> 
  29.         <module>ata_piix</module> 
  30.       </initrd_module> 
  31.       <initrd_module> 
  32.         <module>ata_generic</module> 
  33.       </initrd_module> 
  34.     </initrd_modules> 
  35.     <loader_type>grub</loader_type> 
  36.     <sections config:type="list"
  37.       <section
  38.         <append>resume=/dev/sda1 splash=silent showopts</append> 
  39.         <image>/boot/vmlinuz-3.0.13-0.27-default</image> 
  40.         <initial>1</initial> 
  41.         <initrd>/boot/initrd-3.0.13-0.27-default</initrd> 
  42.         <lines_cache_id>0</lines_cache_id> 
  43.         <name>SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</name
  44.         <original_name>linux</original_name> 
  45.         <root>/dev/system/root</root> 
  46.         <type>image</type> 
  47.         <vgamode>0x317</vgamode> 
  48.       </section
  49.       <section
  50.         <append>showopts ide=nodma apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe</append> 
  51.         <image>/boot/vmlinuz-3.0.13-0.27-default</image> 
  52.         <initrd>/boot/initrd-3.0.13-0.27-default</initrd> 
  53.         <lines_cache_id>1</lines_cache_id> 
  54.         <name>Failsafe -- SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27</name> 
  55.         <original_name>failsafe</original_name> 
  56.         <root>/dev/system/root</root> 
  57.         <type>image</type> 
  58.         <vgamode>0x317</vgamode> 
  59.       </section
  60.       <section
  61.         <blockoffset>1</blockoffset> 
  62.         <chainloader>/dev/fd0</chainloader> 
  63.         <lines_cache_id>2</lines_cache_id> 
  64.         <name>Floppy</name
  65.         <noverifyroot>true</noverifyroot> 
  66.         <original_name>floppy</original_name> 
  67.         <type>other</type> 
  68.       </section
  69.     </sections> 
  70.   </bootloader> 
  71.   <ca_mgm> 
  72.     <CAName>YaST_Default_CA</CAName> 
  73.     <ca_commonName>YaST Default CA (site)</ca_commonName> 
  74.     <country>CN</country> 
  75.     <password>ENTER PASSWORD HERE</password
  76.     <server_email>postmaster@site</server_email> 
  77.     <takeLocalServerName config:type="boolean">true</takeLocalServerName> 
  78.   </ca_mgm> 
  79.   <deploy_image> 
  80.     <image_installation config:type="boolean">false</image_installation> 
  81.   </deploy_image> 
  82.   <firewall> 
  83.     <FW_ALLOW_FW_BROADCAST_DMZ>no</FW_ALLOW_FW_BROADCAST_DMZ> 
  84.     <FW_ALLOW_FW_BROADCAST_EXT>no</FW_ALLOW_FW_BROADCAST_EXT> 
  85.     <FW_ALLOW_FW_BROADCAST_INT>no</FW_ALLOW_FW_BROADCAST_INT> 
  86.     <FW_CONFIGURATIONS_DMZ></FW_CONFIGURATIONS_DMZ> 
  87.     <FW_CONFIGURATIONS_EXT></FW_CONFIGURATIONS_EXT> 
  88.     <FW_CONFIGURATIONS_INT></FW_CONFIGURATIONS_INT> 
  89.     <FW_DEV_DMZ></FW_DEV_DMZ> 
  90.     <FW_DEV_EXT>any eth0</FW_DEV_EXT> 
  91.     <FW_DEV_INT></FW_DEV_INT> 
  92.     <FW_FORWARD_ALWAYS_INOUT_DEV></FW_FORWARD_ALWAYS_INOUT_DEV> 
  93.     <FW_FORWARD_MASQ></FW_FORWARD_MASQ> 
  94.     <FW_IGNORE_FW_BROADCAST_DMZ>no</FW_IGNORE_FW_BROADCAST_DMZ> 
  95.     <FW_IGNORE_FW_BROADCAST_EXT>yes</FW_IGNORE_FW_BROADCAST_EXT> 
  96.     <FW_IGNORE_FW_BROADCAST_INT>no</FW_IGNORE_FW_BROADCAST_INT> 
  97.     <FW_IPSEC_TRUST>no</FW_IPSEC_TRUST> 
  98.     <FW_LOAD_MODULES>nf_conntrack_netbios_ns</FW_LOAD_MODULES> 
  99.     <FW_LOG_ACCEPT_ALL>no</FW_LOG_ACCEPT_ALL> 
  100.     <FW_LOG_ACCEPT_CRIT>yes</FW_LOG_ACCEPT_CRIT> 
  101.     <FW_LOG_DROP_ALL>no</FW_LOG_DROP_ALL> 
  102.     <FW_LOG_DROP_CRIT>yes</FW_LOG_DROP_CRIT> 
  103.     <FW_MASQUERADE>no</FW_MASQUERADE> 
  104.     <FW_PROTECT_FROM_INT>no</FW_PROTECT_FROM_INT> 
  105.     <FW_ROUTE>no</FW_ROUTE> 
  106.     <FW_SERVICES_ACCEPT_DMZ></FW_SERVICES_ACCEPT_DMZ> 
  107.     <FW_SERVICES_ACCEPT_EXT></FW_SERVICES_ACCEPT_EXT> 
  108.     <FW_SERVICES_ACCEPT_INT></FW_SERVICES_ACCEPT_INT> 
  109.     <FW_SERVICES_ACCEPT_RELATED_DMZ></FW_SERVICES_ACCEPT_RELATED_DMZ> 
  110.     <FW_SERVICES_ACCEPT_RELATED_EXT></FW_SERVICES_ACCEPT_RELATED_EXT> 
  111.     <FW_SERVICES_ACCEPT_RELATED_INT></FW_SERVICES_ACCEPT_RELATED_INT> 
  112.     <FW_SERVICES_DMZ_IP></FW_SERVICES_DMZ_IP> 
  113.     <FW_SERVICES_DMZ_RPC></FW_SERVICES_DMZ_RPC> 
  114.     <FW_SERVICES_DMZ_TCP></FW_SERVICES_DMZ_TCP> 
  115.     <FW_SERVICES_DMZ_UDP></FW_SERVICES_DMZ_UDP> 
  116.     <FW_SERVICES_EXT_IP></FW_SERVICES_EXT_IP> 
  117.     <FW_SERVICES_EXT_RPC></FW_SERVICES_EXT_RPC> 
  118.     <FW_SERVICES_EXT_TCP></FW_SERVICES_EXT_TCP> 
  119.     <FW_SERVICES_EXT_UDP></FW_SERVICES_EXT_UDP> 
  120.     <FW_SERVICES_INT_IP></FW_SERVICES_INT_IP> 
  121.     <FW_SERVICES_INT_RPC></FW_SERVICES_INT_RPC> 
  122.     <FW_SERVICES_INT_TCP></FW_SERVICES_INT_TCP> 
  123.     <FW_SERVICES_INT_UDP></FW_SERVICES_INT_UDP> 
  124.     <enable_firewall config:type="boolean">false</enable_firewall> 
  125.     <start_firewall config:type="boolean">false</start_firewall> 
  126.   </firewall> 
  127.   <general> 
  128.     <ask-list config:type="list"/> 
  129.     <mode> 
  130.       <confirm config:type="boolean">false</confirm> 
  131.     </mode> 
  132.     <mouse> 
  133.       <id>none</id> 
  134.     </mouse> 
  135.     <proposals config:type="list"/> 
  136.     <signature-handling> 
  137.       <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum> 
  138.       <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key> 
  139.       <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key> 
  140.       <accept_unsigned_file config:type="boolean">true</accept_unsigned_file> 
  141.       <accept_verification_failed config:type="boolean">false</accept_verification_failed> 
  142.       <import_gpg_key config:type="boolean">true</import_gpg_key> 
  143.     </signature-handling> 
  144.     <storage/> 
  145.   </general> 
  146.   <groups config:type="list"
  147.     <group
  148.       <encrypted config:type="boolean">true</encrypted> 
  149.       <gid>100</gid> 
  150.       <group_password>x</group_password> 
  151.       <groupname>users</groupname> 
  152.       <userlist></userlist> 
  153.     </group
  154.     <group
  155.       <encrypted config:type="boolean">true</encrypted> 
  156.       <gid>19</gid> 
  157.       <group_password>x</group_password> 
  158.       <groupname>floppy</groupname> 
  159.       <userlist></userlist> 
  160.     </group
  161.     <group
  162.       <encrypted config:type="boolean">true</encrypted> 
  163.       <gid>1</gid> 
  164.       <group_password>x</group_password> 
  165.       <groupname>bin</groupname> 
  166.       <userlist>daemon</userlist> 
  167.     </group
  168.     <group
  169.       <encrypted config:type="boolean">true</encrypted> 
  170.       <gid>41</gid> 
  171.       <group_password>x</group_password> 
  172.       <groupname>xok</groupname> 
  173.       <userlist></userlist> 
  174.     </group
  175.     <group
  176.       <encrypted config:type="boolean">true</encrypted> 
  177.       <gid>65533</gid> 
  178.       <group_password>x</group_password> 
  179.       <groupname>nobody</groupname> 
  180.       <userlist></userlist> 
  181.     </group
  182.     <group
  183.       <encrypted config:type="boolean">true</encrypted> 
  184.       <gid>43</gid> 
  185.       <group_password>x</group_password> 
  186.       <groupname>modem</groupname> 
  187.       <userlist></userlist> 
  188.     </group
  189.     <group
  190.       <encrypted config:type="boolean">true</encrypted> 
  191.       <gid>5</gid> 
  192.       <group_password>x</group_password> 
  193.       <groupname>tty</groupname> 
  194.       <userlist></userlist> 
  195.     </group
  196.     <group
  197.       <encrypted config:type="boolean">true</encrypted> 
  198.       <gid>7</gid> 
  199.       <group_password>x</group_password> 
  200.       <groupname>lp</groupname> 
  201.       <userlist></userlist> 
  202.     </group
  203.     <group
  204.       <encrypted config:type="boolean">true</encrypted> 
  205.       <gid>104</gid> 
  206.       <group_password>!</group_password> 
  207.       <groupname>uuidd</groupname> 
  208.       <userlist></userlist> 
  209.     </group
  210.     <group
  211.       <encrypted config:type="boolean">true</encrypted> 
  212.       <gid>51</gid> 
  213.       <group_password>!</group_password> 
  214.       <groupname>postfix</groupname> 
  215.       <userlist></userlist> 
  216.     </group
  217.     <group
  218.       <encrypted config:type="boolean">true</encrypted> 
  219.       <gid>115</gid> 
  220.       <group_password>!</group_password> 
  221.       <groupname>gdm</groupname> 
  222.       <userlist></userlist> 
  223.     </group
  224.     <group
  225.       <encrypted config:type="boolean">true</encrypted> 
  226.       <gid>65534</gid> 
  227.       <group_password>x</group_password> 
  228.       <groupname>nogroup</groupname> 
  229.       <userlist>nobody</userlist> 
  230.     </group
  231.     <group
  232.       <encrypted config:type="boolean">true</encrypted> 
  233.       <gid>107</gid> 
  234.       <group_password>!</group_password> 
  235.       <groupname>oinstall</groupname> 
  236.       <userlist></userlist> 
  237.     </group
  238.     <group
  239.       <encrypted config:type="boolean">true</encrypted> 
  240.       <gid>101</gid> 
  241.       <group_password>!</group_password> 
  242.       <groupname>messagebus</groupname> 
  243.       <userlist></userlist> 
  244.     </group
  245.     <group
  246.       <encrypted config:type="boolean">true</encrypted> 
  247.       <gid>59</gid> 
  248.       <group_password>!</group_password> 
  249.       <groupname>maildrop</groupname> 
  250.       <userlist></userlist> 
  251.     </group
  252.     <group
  253.       <encrypted config:type="boolean">true</encrypted> 
  254.       <gid>33</gid> 
  255.       <group_password>x</group_password> 
  256.       <groupname>video</groupname> 
  257.       <userlist></userlist> 
  258.     </group
  259.     <group
  260.       <encrypted config:type="boolean">true</encrypted> 
  261.       <gid>3</gid> 
  262.       <group_password>x</group_password> 
  263.       <groupname>sys</groupname> 
  264.       <userlist></userlist> 
  265.     </group
  266.     <group
  267.       <encrypted config:type="boolean">true</encrypted> 
  268.       <gid>15</gid> 
  269.       <group_password>x</group_password> 
  270.       <groupname>shadow</groupname> 
  271.       <userlist></userlist> 
  272.     </group
  273.     <group
  274.       <encrypted config:type="boolean">true</encrypted> 
  275.       <gid>20</gid> 
  276.       <group_password>x</group_password> 
  277.       <groupname>cdrom</groupname> 
  278.       <userlist></userlist> 
  279.     </group
  280.     <group
  281.       <encrypted config:type="boolean">true</encrypted> 
  282.       <gid>21</gid> 
  283.       <group_password>x</group_password> 
  284.       <groupname>console</groupname> 
  285.       <userlist></userlist> 
  286.     </group
  287.     <group
  288.       <encrypted config:type="boolean">true</encrypted> 
  289.       <gid>42</gid> 
  290.       <group_password>x</group_password> 
  291.       <groupname>trusted</groupname> 
  292.       <userlist></userlist> 
  293.     </group
  294.     <group
  295.       <encrypted config:type="boolean">true</encrypted> 
  296.       <gid>102</gid> 
  297.       <group_password>!</group_password> 
  298.       <groupname>haldaemon</groupname> 
  299.       <userlist></userlist> 
  300.     </group
  301.     <group
  302.       <encrypted config:type="boolean">true</encrypted> 
  303.       <gid>106</gid> 
  304.       <group_password>!</group_password> 
  305.       <groupname>puppet</groupname> 
  306.       <userlist></userlist> 
  307.     </group
  308.     <group
  309.       <encrypted config:type="boolean">true</encrypted> 
  310.       <gid>16</gid> 
  311.       <group_password>x</group_password> 
  312.       <groupname>dialout</groupname> 
  313.       <userlist></userlist> 
  314.     </group
  315.     <group
  316.       <encrypted config:type="boolean">true</encrypted> 
  317.       <gid>110</gid> 
  318.       <group_password>!</group_password> 
  319.       <groupname>polkituser</groupname> 
  320.       <userlist></userlist> 
  321.     </group
  322.     <group
  323.       <encrypted config:type="boolean">true</encrypted> 
  324.       <gid>10</gid> 
  325.       <group_password>x</group_password> 
  326.       <groupname>wheel</groupname> 
  327.       <userlist></userlist> 
  328.     </group
  329.     <group
  330.       <encrypted config:type="boolean">true</encrypted> 
  331.       <gid>112</gid> 
  332.       <group_password>!</group_password> 
  333.       <groupname>pulse</groupname> 
  334.       <userlist></userlist> 
  335.     </group
  336.     <group
  337.       <encrypted config:type="boolean">true</encrypted> 
  338.       <gid>8</gid> 
  339.       <group_password>x</group_password> 
  340.       <groupname>www</groupname> 
  341.       <userlist></userlist> 
  342.     </group
  343.     <group
  344.       <encrypted config:type="boolean">true</encrypted> 
  345.       <gid>40</gid> 
  346.       <group_password>x</group_password> 
  347.       <groupname>games</groupname> 
  348.       <userlist></userlist> 
  349.     </group
  350.     <group
  351.       <encrypted config:type="boolean">true</encrypted> 
  352.       <gid>6</gid> 
  353.       <group_password>x</group_password> 
  354.       <groupname>disk</groupname> 
  355.       <userlist></userlist> 
  356.     </group
  357.     <group
  358.       <encrypted config:type="boolean">true</encrypted> 
  359.       <gid>17</gid> 
  360.       <group_password>x</group_password> 
  361.       <groupname>audio</groupname> 
  362.       <userlist>pulse</userlist> 
  363.     </group
  364.     <group
  365.       <encrypted config:type="boolean">true</encrypted> 
  366.       <gid>114</gid> 
  367.       <group_password>!</group_password> 
  368.       <groupname>suse-ncc</groupname> 
  369.       <userlist></userlist> 
  370.     </group
  371.     <group
  372.       <encrypted config:type="boolean">true</encrypted> 
  373.       <gid>49</gid> 
  374.       <group_password>x</group_password> 
  375.       <groupname>ftp</groupname> 
  376.       <userlist></userlist> 
  377.     </group
  378.     <group
  379.       <encrypted config:type="boolean">true</encrypted> 
  380.       <gid>103</gid> 
  381.       <group_password>!</group_password> 
  382.       <groupname>tape</groupname> 
  383.       <userlist></userlist> 
  384.     </group
  385.     <group
  386.       <encrypted config:type="boolean">true</encrypted> 
  387.       <gid>25</gid> 
  388.       <group_password>!</group_password> 
  389.       <groupname>at</groupname> 
  390.       <userlist></userlist> 
  391.     </group
  392.     <group
  393.       <encrypted config:type="boolean">true</encrypted> 
  394.       <gid>9</gid> 
  395.       <group_password>x</group_password> 
  396.       <groupname>kmem</groupname> 
  397.       <userlist></userlist> 
  398.     </group
  399.     <group
  400.       <encrypted config:type="boolean">true</encrypted> 
  401.       <gid>32</gid> 
  402.       <group_password>x</group_password> 
  403.       <groupname>public</groupname> 
  404.       <userlist></userlist> 
  405.     </group
  406.     <group
  407.       <encrypted config:type="boolean">true</encrypted> 
  408.       <gid>0</gid> 
  409.       <group_password>x</group_password> 
  410.       <groupname>root</groupname> 
  411.       <userlist></userlist> 
  412.     </group
  413.     <group
  414.       <encrypted config:type="boolean">true</encrypted> 
  415.       <gid>12</gid> 
  416.       <group_password>x</group_password> 
  417.       <groupname>mail</groupname> 
  418.       <userlist></userlist> 
  419.     </group
  420.     <group
  421.       <encrypted config:type="boolean">true</encrypted> 
  422.       <gid>2</gid> 
  423.       <group_password>x</group_password> 
  424.       <groupname>daemon</groupname> 
  425.       <userlist></userlist> 
  426.     </group
  427.     <group
  428.       <encrypted config:type="boolean">true</encrypted> 
  429.       <gid>105</gid> 
  430.       <group_password>!</group_password> 
  431.       <groupname>sfcb</groupname> 
  432.       <userlist>root</userlist> 
  433.     </group
  434.     <group
  435.       <encrypted config:type="boolean">true</encrypted> 
  436.       <gid>111</gid> 
  437.       <group_password>!</group_password> 
  438.       <groupname>ntp</groupname> 
  439.       <userlist></userlist> 
  440.     </group
  441.     <group
  442.       <encrypted config:type="boolean">true</encrypted> 
  443.       <gid>14</gid> 
  444.       <group_password>x</group_password> 
  445.       <groupname>uucp</groupname> 
  446.       <userlist></userlist> 
  447.     </group
  448.     <group
  449.       <encrypted config:type="boolean">true</encrypted> 
  450.       <gid>113</gid> 
  451.       <group_password>!</group_password> 
  452.       <groupname>pulse-access</groupname> 
  453.       <userlist></userlist> 
  454.     </group
  455.     <group
  456.       <encrypted config:type="boolean">true</encrypted> 
  457.       <gid>108</gid> 
  458.       <group_password>!</group_password> 
  459.       <groupname>dba</groupname> 
  460.       <userlist>oracle</userlist> 
  461.     </group
  462.     <group
  463.       <encrypted config:type="boolean">true</encrypted> 
  464.       <gid>71</gid> 
  465.       <group_password>!</group_password> 
  466.       <groupname>ntadmin</groupname> 
  467.       <userlist></userlist> 
  468.     </group
  469.     <group
  470.       <encrypted config:type="boolean">true</encrypted> 
  471.       <gid>62</gid> 
  472.       <group_password>x</group_password> 
  473.       <groupname>man</groupname> 
  474.       <userlist></userlist> 
  475.     </group
  476.     <group
  477.       <encrypted config:type="boolean">true</encrypted> 
  478.       <gid>109</gid> 
  479.       <group_password>!</group_password> 
  480.       <groupname>mysql</groupname> 
  481.       <userlist></userlist> 
  482.     </group
  483.     <group
  484.       <encrypted config:type="boolean">true</encrypted> 
  485.       <gid>22</gid> 
  486.       <group_password>x</group_password> 
  487.       <groupname>utmp</groupname> 
  488.       <userlist></userlist> 
  489.     </group
  490.     <group
  491.       <encrypted config:type="boolean">true</encrypted> 
  492.       <gid>13</gid> 
  493.       <group_password>x</group_password> 
  494.       <groupname>news</groupname> 
  495.       <userlist></userlist> 
  496.     </group
  497.     <group
  498.       <encrypted config:type="boolean">true</encrypted> 
  499.       <gid>65</gid> 
  500.       <group_password>!</group_password> 
  501.       <groupname>sshd</groupname> 
  502.       <userlist></userlist> 
  503.     </group
  504.   </groups> 
  505.   <host> 
  506.     <hosts config:type="list"
  507.       <hosts_entry> 
  508.         <host_address>127.0.0.1</host_address> 
  509.         <names config:type="list"
  510.           <name>localhost</name
  511.         </names> 
  512.       </hosts_entry> 
  513.       <hosts_entry> 
  514.         <host_address>::1</host_address> 
  515.         <names config:type="list"
  516.           <name>localhost ipv6-localhost ipv6-loopback</name
  517.         </names> 
  518.       </hosts_entry> 
  519.       <hosts_entry> 
  520.         <host_address>addr:127.0.0.1</host_address> 
  521.         <names config:type="list"
  522.           <name>n n</name
  523.         </names> 
  524.       </hosts_entry> 
  525.       <hosts_entry> 
  526.         <host_address>fe00::0</host_address> 
  527.         <names config:type="list"
  528.           <name>ipv6-localnet</name
  529.         </names> 
  530.       </hosts_entry> 
  531.       <hosts_entry> 
  532.         <host_address>ff00::0</host_address> 
  533.         <names config:type="list"
  534.           <name>ipv6-mcastprefix</name
  535.         </names> 
  536.       </hosts_entry> 
  537.       <hosts_entry> 
  538.         <host_address>ff02::1</host_address> 
  539.         <names config:type="list"
  540.           <name>ipv6-allnodes</name
  541.         </names> 
  542.       </hosts_entry> 
  543.       <hosts_entry> 
  544.         <host_address>ff02::2</host_address> 
  545.         <names config:type="list"
  546.           <name>ipv6-allrouters</name
  547.         </names> 
  548.       </hosts_entry> 
  549.       <hosts_entry> 
  550.         <host_address>ff02::3</host_address> 
  551.         <names config:type="list"
  552.           <name>ipv6-allhosts</name
  553.         </names> 
  554.       </hosts_entry> 
  555.     </hosts> 
  556.   </host> 
  557.   <iscsi-client> 
  558.     <version>1.0</version> 
  559.   </iscsi-client> 
  560.   <kdump> 
  561.     <add_crash_kernel config:type="boolean">false</add_crash_kernel> 
  562.     <crash_kernel>128M-:64M</crash_kernel> 
  563.     <general> 
  564.       <KDUMP_CONTINUE_ON_ERROR>false</KDUMP_CONTINUE_ON_ERROR> 
  565.       <KDUMP_COPY_KERNEL>yes</KDUMP_COPY_KERNEL> 
  566.       <KDUMP_DUMPFORMAT>compressed</KDUMP_DUMPFORMAT> 
  567.       <KDUMP_DUMPLEVEL>0</KDUMP_DUMPLEVEL> 
  568.       <KDUMP_FREE_DISK_SIZE>64</KDUMP_FREE_DISK_SIZE> 
  569.       <KDUMP_IMMEDIATE_REBOOT>yes</KDUMP_IMMEDIATE_REBOOT> 
  570.       <KDUMP_KEEP_OLD_DUMPS>5</KDUMP_KEEP_OLD_DUMPS> 
  571.       <KDUMP_NETCONFIG>auto</KDUMP_NETCONFIG> 
  572.       <KDUMP_SAVEDIR>file:///var/crash</KDUMP_SAVEDIR> 
  573.       <KDUMP_VERBOSE>3</KDUMP_VERBOSE> 
  574.     </general> 
  575.   </kdump> 
  576.   <keyboard> 
  577.     <keymap>english-us</keymap> 
  578.   </keyboard> 
  579.   <language> 
  580.     <language>en_US</language> 
  581.     <languages>zh_CN,en_US</languages> 
  582.   </language> 
  583.   <ldap> 
  584.     <base_config_dn></base_config_dn> 
  585.     <bind_dn></bind_dn> 
  586.     <create_ldap config:type="boolean">false</create_ldap> 
  587.     <file_server config:type="boolean">false</file_server> 
  588.     <ldap_domain>dc=example,dc=com</ldap_domain> 
  589.     <ldap_server>127.0.0.1</ldap_server> 
  590.     <ldap_tls config:type="boolean">true</ldap_tls> 
  591.     <ldap_v2 config:type="boolean">false</ldap_v2> 
  592.     <login_enabled config:type="boolean">true</login_enabled> 
  593.     <member_attribute>member</member_attribute> 
  594.     <mkhomedir config:type="boolean">false</mkhomedir> 
  595.     <nss_base_group></nss_base_group> 
  596.     <nss_base_passwd></nss_base_passwd> 
  597.     <nss_base_shadow></nss_base_shadow> 
  598.     <pam_password>exop</pam_password> 
  599.     <sssd config:type="boolean">false</sssd> 
  600.     <start_autofs config:type="boolean">false</start_autofs> 
  601.     <start_ldap config:type="boolean">false</start_ldap> 
  602.   </ldap> 
  603.   <login_settings/> 
  604. <networking> 
  605.     <dhcp_options> 
  606.       <dhclient_client_id></dhclient_client_id> 
  607.       <dhclient_hostname_option>AUTO</dhclient_hostname_option> 
  608.     </dhcp_options> 
  609.     <dns> 
  610.       <dhcp_hostname config:type="boolean">false</dhcp_hostname> 
  611.       <resolv_conf_policy>auto</resolv_conf_policy> 
  612.     </dns> 
  613.     <interfaces config:type="list"
  614.       <interface> 
  615.         <bootproto>dhcp</bootproto> 
  616.         <device>eth0</device> 
  617.         <prefixlen>16</prefixlen> 
  618.         <startmode>onboot</startmode> 
  619.         <usercontrol>no</usercontrol> 
  620.       </interface> 
  621.       <interface> 
  622.         <bootproto>dhcp</bootproto> 
  623.         <device>eth1</device> 
  624.         <prefixlen>16</prefixlen> 
  625.         <startmode>onboot</startmode> 
  626.         <usercontrol>no</usercontrol> 
  627.       </interface> 
  628.     </interfaces> 
  629.     <managed config:type="boolean">false</managed> 
  630.     <routing> 
  631.       <ip_forward config:type="boolean">false</ip_forward> 
  632.     </routing> 
  633.   </networking> 
  634.   <nis> 
  635.     <netconfig_policy>auto</netconfig_policy> 
  636.     <nis_broadcast config:type="boolean">false</nis_broadcast> 
  637.     <nis_broken_server config:type="boolean">false</nis_broken_server> 
  638.     <nis_local_only config:type="boolean">false</nis_local_only> 
  639.     <start_autofs config:type="boolean">false</start_autofs> 
  640.     <start_nis config:type="boolean">false</start_nis> 
  641.   </nis> 
  642.   <ntp-client> 
  643.     <ntp_policy>auto</ntp_policy> 
  644.     <peers config:type="list"
  645.       <peer> 
  646.         <address>127.127.1.0</address> 
  647.         <comment>################################################################################ 
  648. ## /etc/ntp.conf 
  649. ## 
  650. ## Sample NTP configuration file. 
  651. ## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ. 
  652. ## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. 
  653. ## 
  654. ## Author: Michael Andres,  &lt;ma@suse.de&gt; 
  655. ##         Michael Skibbe,  &lt;mskibbe@suse.de&gt; 
  656. ## 
  657. ################################################################################ 
  658.  
  659. ## 
  660. ## Radio and modem clocks by convention have addresses in the  
  661. ## form 127.127.t.u, where t is the clock type and u is a unit  
  662. ## number in the range 0-3.  
  663. ## 
  664. ## Most of these clocks require support in the form of a  
  665. ## serial port or special bus peripheral. The particular   
  666. ## device is normally specified by adding a soft link  
  667. ## /dev/device-u to the particular hardware device involved,  
  668. ## where u correspond to the unit number above.  
  669. ##  
  670. ## Generic DCF77 clock on serial port (Conrad DCF77) 
  671. ## Address:     127.127.8.u 
  672. ## Serial Port: /dev/refclock-u 
  673. ##   
  674. ## (create soft link /dev/refclock-0 to the particular ttyS?) 
  675. ## 
  676. # server 127.127.8.0 mode 5 prefer 
  677.  
  678. ## 
  679. ## Undisciplined Local Clock. This is a fake driver intended for backup 
  680. ## and when no outside source of synchronized time is available. 
  681. ## 
  682. </comment> 
  683.         <fudge_comment># local clock (LCL) 
  684. </fudge_comment> 
  685.         <fudge_options> stratum 10</fudge_options> 
  686.         <type>__clock</type> 
  687.       </peer> 
  688.       <peer> 
  689.         <address>/var/lib/ntp/drift/ntp.drift </address> 
  690.         <comment># LCL is unsynchronized 
  691.  
  692. ## 
  693. ## Add external Servers using 
  694. ## # rcntp addserver &lt;yourserver&gt; 
  695. ##  
  696.  
  697. ## 
  698. ## Miscellaneous stuff 
  699. ## 
  700.  
  701. </comment> 
  702.         <type>driftfile</type> 
  703.       </peer> 
  704.       <peer> 
  705.         <address>/var/log/ntp </address> 
  706.         <comment># path for drift file 
  707.  
  708. </comment> 
  709.         <type>logfile</type> 
  710.       </peer> 
  711.       <peer> 
  712.         <address>/etc/ntp.keys </address> 
  713.         <comment># alternate log file 
  714. # logconfig =syncstatus + sysevents 
  715. # logconfig =all 
  716.  
  717. # statsdir /tmp/ # directory for statistics files 
  718. # filegen peerstats  file peerstats  type day enable 
  719. # filegen loopstats  file loopstats  type day enable 
  720. # filegen clockstats file clockstats type day enable 
  721.  
  722. # Authentication stuff 
  723. </comment> 
  724.         <type>keys</type> 
  725.       </peer> 
  726.       <peer> 
  727.         <address>1 </address> 
  728.         <comment># path for keys file 
  729. </comment> 
  730.         <type>trustedkey</type> 
  731.       </peer> 
  732.       <peer> 
  733.         <address>1 </address> 
  734.         <comment># define trusted keys 
  735. </comment> 
  736.         <type>requestkey</type> 
  737.       </peer> 
  738.     </peers> 
  739.     <start_at_boot config:type="boolean">false</start_at_boot> 
  740.     <start_in_chroot config:type="boolean">true</start_in_chroot> 
  741.   </ntp-client> 
  742.   <partitioning config:type="list"
  743.     <drive> 
  744.       <device>/dev/sda</device> 
  745.       <initialize config:type="boolean">true</initialize> 
  746.       <partitions config:type="list"
  747.         <partition> 
  748.           <create config:type="boolean">true</create
  749.           <crypt_fs config:type="boolean">false</crypt_fs> 
  750.           <filesystem config:type="symbol">swap</filesystem> 
  751.           <filesystem_id config:type="integer">130</filesystem_id> 
  752.           <format config:type="boolean">true</format> 
  753.           <fstopt>defaults</fstopt> 
  754.           <loop_fs config:type="boolean">false</loop_fs> 
  755.           <mount>swap</mount> 
  756.           <mountby config:type="symbol">device</mountby> 
  757.           <partition_id config:type="integer">130</partition_id> 
  758.           <partition_nr config:type="integer">1</partition_nr> 
  759.           <resize config:type="boolean">false</resize> 
  760.           <size>32G</size
  761.         </partition> 
  762.         <partition> 
  763.           <create config:type="boolean">true</create
  764.           <crypt_fs config:type="boolean">false</crypt_fs> 
  765.           <filesystem config:type="symbol">ext3</filesystem> 
  766.           <filesystem_id config:type="integer">131</filesystem_id> 
  767.           <format config:type="boolean">true</format> 
  768.           <fstopt>acl,user_xattr</fstopt> 
  769.           <loop_fs config:type="boolean">false</loop_fs> 
  770.           <mount>/boot</mount> 
  771.           <mountby config:type="symbol">device</mountby> 
  772.           <partition_id config:type="integer">131</partition_id> 
  773.           <partition_nr config:type="integer">2</partition_nr> 
  774.           <resize config:type="boolean">false</resize> 
  775.           <size>120M</size
  776.         </partition> 
  777.         <partition> 
  778.           <create config:type="boolean">true</create
  779.           <crypt_fs config:type="boolean">false</crypt_fs> 
  780.           <filesystem config:type="symbol">ext3</filesystem> 
  781.           <filesystem_id config:type="integer">142</filesystem_id> 
  782.           <format config:type="boolean">false</format> 
  783.           <loop_fs config:type="boolean">false</loop_fs> 
  784.           <lvm_group>system</lvm_group> 
  785.           <mountby config:type="symbol">device</mountby> 
  786.           <partition_id config:type="integer">142</partition_id> 
  787.           <partition_nr config:type="integer">3</partition_nr> 
  788.           <resize config:type="boolean">false</resize> 
  789.           <size>max</size
  790.         </partition> 
  791.       </partitions> 
  792.       <type config:type="symbol">CT_DISK</type> 
  793.       <use>all</use> 
  794.     </drive> 
  795.     <drive> 
  796.       <device>/dev/system</device> 
  797.       <initialize config:type="boolean">true</initialize> 
  798.       <partitions config:type="list"
  799.         <partition> 
  800.           <create config:type="boolean">true</create
  801.           <crypt_fs config:type="boolean">false</crypt_fs> 
  802.           <filesystem config:type="symbol">ext3</filesystem> 
  803.           <filesystem_id config:type="integer">131</filesystem_id> 
  804.           <format config:type="boolean">true</format> 
  805.           <fstopt>acl,user_xattr</fstopt> 
  806.           <loop_fs config:type="boolean">false</loop_fs> 
  807.           <lv_name>home</lv_name> 
  808.           <mount>/home</mount> 
  809.           <mountby config:type="symbol">device</mountby> 
  810.           <partition_id config:type="integer">131</partition_id> 
  811.           <resize config:type="boolean">false</resize> 
  812.           <size>15G</size
  813.         </partition> 
  814.         <partition> 
  815.           <create config:type="boolean">true</create
  816.           <crypt_fs config:type="boolean">false</crypt_fs> 
  817.           <filesystem config:type="symbol">ext3</filesystem> 
  818.           <filesystem_id config:type="integer">131</filesystem_id> 
  819.           <format config:type="boolean">true</format> 
  820.           <fstopt>acl,user_xattr</fstopt> 
  821.           <loop_fs config:type="boolean">false</loop_fs> 
  822.           <lv_name>opt</lv_name> 
  823.           <mount>/opt</mount> 
  824.           <mountby config:type="symbol">device</mountby> 
  825.           <partition_id config:type="integer">131</partition_id> 
  826.           <resize config:type="boolean">false</resize> 
  827.           <size>10G</size
  828.         </partition> 
  829.         <partition> 
  830.           <create config:type="boolean">true</create
  831.           <crypt_fs config:type="boolean">false</crypt_fs> 
  832.           <filesystem config:type="symbol">ext3</filesystem> 
  833.           <filesystem_id config:type="integer">131</filesystem_id> 
  834.           <format config:type="boolean">true</format> 
  835.           <fstopt>acl,user_xattr</fstopt> 
  836.           <loop_fs config:type="boolean">false</loop_fs> 
  837.           <lv_name>root</lv_name> 
  838.           <mount>/</mount> 
  839.           <mountby config:type="symbol">device</mountby> 
  840.           <partition_id config:type="integer">131</partition_id> 
  841.           <resize config:type="boolean">false</resize> 
  842.           <size>5G</size
  843.         </partition> 
  844.         <partition> 
  845.           <create config:type="boolean">true</create
  846.           <crypt_fs config:type="boolean">false</crypt_fs> 
  847.           <filesystem config:type="symbol">ext3</filesystem> 
  848.           <filesystem_id config:type="integer">131</filesystem_id> 
  849.           <format config:type="boolean">true</format> 
  850.           <fstopt>acl,user_xattr</fstopt> 
  851.           <loop_fs config:type="boolean">false</loop_fs> 
  852.           <lv_name>tmp</lv_name> 
  853.           <mount>/tmp</mount> 
  854.           <mountby config:type="symbol">device</mountby> 
  855.           <partition_id config:type="integer">131</partition_id> 
  856.           <resize config:type="boolean">false</resize> 
  857.           <size>10G</size
  858.         </partition> 
  859.         <partition> 
  860.           <create config:type="boolean">true</create
  861.           <crypt_fs config:type="boolean">false</crypt_fs> 
  862.           <filesystem config:type="symbol">ext3</filesystem> 
  863.           <filesystem_id config:type="integer">131</filesystem_id> 
  864.           <format config:type="boolean">true</format> 
  865.           <fstopt>acl,user_xattr</fstopt> 
  866.           <loop_fs config:type="boolean">false</loop_fs> 
  867.           <lv_name>usr</lv_name> 
  868.           <mount>/usr</mount> 
  869.           <mountby config:type="symbol">device</mountby> 
  870.           <partition_id config:type="integer">131</partition_id> 
  871.           <resize config:type="boolean">false</resize> 
  872.           <size>10G</size
  873.         </partition> 
  874.         <partition> 
  875.           <create config:type="boolean">true</create
  876.           <crypt_fs config:type="boolean">false</crypt_fs> 
  877.           <filesystem config:type="symbol">ext3</filesystem> 
  878.           <filesystem_id config:type="integer">131</filesystem_id> 
  879.           <format config:type="boolean">true</format> 
  880.           <fstopt>acl,user_xattr</fstopt> 
  881.           <loop_fs config:type="boolean">false</loop_fs> 
  882.           <lv_name>var</lv_name> 
  883.           <mount>/var</mount> 
  884.           <mountby config:type="symbol">device</mountby> 
  885.           <partition_id config:type="integer">131</partition_id> 
  886.           <resize config:type="boolean">false</resize> 
  887.           <size>5G</size
  888.         </partition> 
  889.       </partitions> 
  890.       <pesize>4M</pesize> 
  891.       <type config:type="symbol">CT_LVM</type> 
  892.       <use>all</use> 
  893.     </drive> 
  894.   </partitioning> 
  895.   <printer> 
  896.     <server_settings> 
  897.       <BrowseAllow config:type="list"
  898.         <listentry>all</listentry> 
  899.       </BrowseAllow> 
  900.       <BrowseOrder config:type="list"
  901.         <listentry>allow,deny</listentry> 
  902.       </BrowseOrder> 
  903.       <Browsing config:type="list"
  904.         <listentry>On</listentry> 
  905.       </Browsing> 
  906.       <DefaultAuthType config:type="list"
  907.         <listentry>Basic</listentry> 
  908.       </DefaultAuthType> 
  909.       <DefaultPolicy config:type="list"
  910.         <listentry>default</listentry> 
  911.       </DefaultPolicy> 
  912.       <Listen config:type="list"
  913.         <listentry>localhost:631</listentry> 
  914.         <listentry>/var/run/cups/cups.sock</listentry> 
  915.       </Listen> 
  916.       <LogLevel config:type="list"
  917.         <listentry>info</listentry> 
  918.       </LogLevel> 
  919.       <SystemGroup config:type="list"
  920.         <listentry>sys root</listentry> 
  921.       </SystemGroup> 
  922.       <sections config:type="list"
  923.         <section
  924.           <Allow config:type="list"
  925.             <listentry>127.0.0.2</listentry> 
  926.           </Allow> 
  927.           <Key>Location</Key
  928.           <Order config:type="list"
  929.             <listentry>allow,deny</listentry> 
  930.           </Order
  931.           <Value>/</Value> 
  932.         </section
  933.         <section
  934.           <Encryption config:type="list"
  935.             <listentry>Required</listentry> 
  936.           </Encryption> 
  937.           <Key>Location</Key
  938.           <Order config:type="list"
  939.             <listentry>allow,deny</listentry> 
  940.           </Order
  941.           <Value>/admin</Value> 
  942.         </section
  943.         <section
  944.           <AuthType config:type="list"
  945.             <listentry>Default</listentry> 
  946.           </AuthType> 
  947.           <Key>Location</Key
  948.           <Order config:type="list"
  949.             <listentry>allow,deny</listentry> 
  950.           </Order
  951.           <Require config:type="list"
  952.             <listentry>user @SYSTEM</listentry> 
  953.           </Require> 
  954.           <Value>/admin/conf</Value> 
  955.         </section
  956.         <section
  957.           <Key>Policy</Key
  958.           <Value>default</Value> 
  959.           <sections config:type="list"
  960.             <section
  961.               <Key>Limit</Key
  962.               <Order config:type="list"
  963.                 <listentry>deny,allow</listentry> 
  964.               </Order
  965.               <Require config:type="list"
  966.                 <listentry>user @OWNER @SYSTEM</listentry> 
  967.               </Require> 
  968.               <Value>Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job</Value> 
  969.             </section
  970.             <section
  971.               <AuthType config:type="list"
  972.                 <listentry>Default</listentry> 
  973.               </AuthType> 
  974.               <Key>Limit</Key
  975.               <Order config:type="list"
  976.                 <listentry>deny,allow</listentry> 
  977.               </Order
  978.               <Require config:type="list"
  979.                 <listentry>user @SYSTEM</listentry> 
  980.               </Require> 
  981.               <Value>CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default</Value> 
  982.             </section
  983.             <section
  984.               <AuthType config:type="list"
  985.                 <listentry>Default</listentry> 
  986.               </AuthType> 
  987.               <Key>Limit</Key
  988.               <Order config:type="list"
  989.                 <listentry>deny,allow</listentry> 
  990.               </Order
  991.               <Require config:type="list"
  992.                 <listentry>user @SYSTEM</listentry> 
  993.               </Require> 
  994.               <Value>Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs</Value> 
  995.             </section
  996.             <section
  997.               <Key>Limit</Key
  998.               <Order config:type="list"
  999.                 <listentry>deny,allow</listentry> 
  1000.               </Order
  1001.               <Require config:type="list"
  1002.                 <listentry>user @OWNER @SYSTEM</listentry> 
  1003.               </Require> 
  1004.               <Value>Cancel-Job CUPS-Authenticate-Job</Value> 
  1005.             </section
  1006.             <section
  1007.               <Key>Limit</Key
  1008.               <Order config:type="list"
  1009.                 <listentry>deny,allow</listentry> 
  1010.               </Order
  1011.               <Value>All</Value> 
  1012.             </section
  1013.           </sections> 
  1014.         </section
  1015.         <section
  1016.           <Key>Policy</Key
  1017.           <Value>easy</Value> 
  1018.           <sections config:type="list"
  1019.             <section
  1020.               <Key>Limit</Key
  1021.               <Order config:type="list"
  1022.                 <listentry>allow,deny</listentry> 
  1023.               </Order
  1024.               <Satisfy config:type="list"
  1025.                 <listentry>any</listentry> 
  1026.               </Satisfy> 
  1027.               <Value>All</Value> 
  1028.             </section
  1029.           </sections> 
  1030.         </section
  1031.         <section
  1032.           <Key>Policy</Key
  1033.           <Value>paranoid</Value> 
  1034.           <sections config:type="list"
  1035.             <section
  1036.               <Allow config:type="list"
  1037.                 <listentry>from 127.0.0.0/8</listentry> 
  1038.               </Allow> 
  1039.               <Key>Limit</Key
  1040.               <Order config:type="list"
  1041.                 <listentry>deny,allow</listentry> 
  1042.               </Order
  1043.               <Require config:type="list"
  1044.                 <listentry>user @OWNER</listentry> 
  1045.               </Require> 
  1046.               <Value>Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job</Value> 
  1047.             </section
  1048.             <section
  1049.               <Allow config:type="list"
  1050.                 <listentry>from 127.0.0.0/8</listentry> 
  1051.               </Allow> 
  1052.               <AuthType config:type="list"
  1053.                 <listentry>Default</listentry> 
  1054.               </AuthType> 
  1055.               <Key>Limit</Key
  1056.               <Order config:type="list"
  1057.                 <listentry>deny,allow</listentry> 
  1058.               </Order
  1059.               <Require config:type="list"
  1060.                 <listentry>user @SYSTEM</listentry> 
  1061.               </Require> 
  1062.               <Value>CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default</Value> 
  1063.             </section
  1064.             <section
  1065.               <Allow config:type="list"
  1066.                 <listentry>from 127.0.0.0/8</listentry> 
  1067.               </Allow> 
  1068.               <AuthType config:type="list"
  1069.                 <listentry>Default</listentry> 
  1070.               </AuthType> 
  1071.               <Key>Limit</Key
  1072.               <Order config:type="list"
  1073.                 <listentry>deny,allow</listentry> 
  1074.               </Order
  1075.               <Require config:type="list"
  1076.                 <listentry>user @SYSTEM</listentry> 
  1077.               </Require> 
  1078.               <Value>Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs</Value> 
  1079.             </section
  1080.             <section
  1081.               <Allow config:type="list"
  1082.                 <listentry>from 127.0.0.0/8</listentry> 
  1083.               </Allow> 
  1084.               <Key>Limit</Key
  1085.               <Order config:type="list"
  1086.                 <listentry>deny,allow</listentry> 
  1087.               </Order
  1088.               <Require config:type="list"
  1089.                 <listentry>user @OWNER</listentry> 
  1090.               </Require> 
  1091.               <Value>Cancel-Job CUPS-Authenticate-Job</Value> 
  1092.             </section
  1093.             <section
  1094.               <Allow config:type="list"
  1095.                 <listentry>from 127.0.0.0/8</listentry> 
  1096.               </Allow> 
  1097.               <Key>Limit</Key
  1098.               <Order config:type="list"
  1099.                 <listentry>deny,allow</listentry> 
  1100.               </Order
  1101.               <Require config:type="list"
  1102.                 <listentry>user @OWNER @SYSTEM</listentry> 
  1103.               </Require> 
  1104.               <Value>All</Value> 
  1105.             </section
  1106.           </sections> 
  1107.         </section
  1108.       </sections> 
  1109.     </server_settings> 
  1110.   </printer> 
  1111.   <proxy> 
  1112.     <enabled config:type="boolean">false</enabled> 
  1113.     <ftp_proxy></ftp_proxy> 
  1114.     <http_proxy></http_proxy> 
  1115.     <https_proxy></https_proxy> 
  1116.     <no_proxy>localhost, 127.0.0.1</no_proxy> 
  1117.     <proxy_password></proxy_password> 
  1118.     <proxy_user></proxy_user> 
  1119.   </proxy> 
  1120.   <report> 
  1121.     <errors> 
  1122.       <log config:type="boolean">true</log> 
  1123.       <show config:type="boolean">true</show> 
  1124.       <timeout config:type="integer">0</timeout> 
  1125.     </errors> 
  1126.     <messages> 
  1127.       <log config:type="boolean">true</log> 
  1128.       <show config:type="boolean">true</show> 
  1129.       <timeout config:type="integer">0</timeout> 
  1130.     </messages> 
  1131.     <warnings> 
  1132.       <log config:type="boolean">true</log> 
  1133.       <show config:type="boolean">true</show> 
  1134.       <timeout config:type="integer">0</timeout> 
  1135.     </warnings> 
  1136.     <yesno_messages> 
  1137.       <log config:type="boolean">true</log> 
  1138.       <show config:type="boolean">true</show> 
  1139.       <timeout config:type="integer">0</timeout> 
  1140.     </yesno_messages> 
  1141.   </report> 
  1142.   <runlevel> 
  1143.     <default>5</default
  1144.   </runlevel>   
  1145.    <software> 
  1146.     <packages config:type="list"
  1147.       <package>ConsoleKit-32bit</package> 
  1148.       <package>Mesa-32bit</package> 
  1149.       <package>PolicyKit-32bit</package> 
  1150.       <package>PolicyKit-gnome-libs-32bit</package> 
  1151.       <package>aspell-32bit</package> 
  1152.       <package>at-spi-32bit</package> 
  1153.       <package>audiofile-32bit</package> 
  1154.       <package>audit-libs-32bit</package> 
  1155.       <package>bind-libs-32bit</package> 
  1156.       <package>bison-32bit</package> 
  1157.       <package>cpufrequtils-32bit</package> 
  1158.       <package>cracklib-32bit</package> 
  1159.       <package>cryptconfig-32bit</package> 
  1160.       <package>cyrus-sasl-32bit</package> 
  1161.       <package>cyrus-sasl-gssapi-32bit</package> 
  1162.       <package>cyrus-sasl-plain-32bit</package> 
  1163.       <package>dbus-1-32bit</package> 
  1164.       <package>dbus-1-glib-32bit</package> 
  1165.       <package>device-mapper-32bit</package> 
  1166.       <package>evolution-data-server-32bit</package> 
  1167.       <package>fam-32bit</package> 
  1168.       <package>file-32bit</package> 
  1169.       <package>flex-32bit</package> 
  1170.       <package>freeglut-32bit</package> 
  1171.       <package>freetype-32bit</package> 
  1172.       <package>fribidi-32bit</package> 
  1173.       <package>gcc-32bit</package> 
  1174.       <package>gcc43-32bit</package> 
  1175.       <package>gconf2-32bit</package> 
  1176.       <package>gdbm-devel-32bit</package> 
  1177.       <package>gettext-runtime-32bit</package> 
  1178.       <package>giflib-32bit</package> 
  1179.       <package>glibc-devel-32bit</package> 
  1180.       <package>glibc-locale-32bit</package> 
  1181.       <package>gnome-keyring-32bit</package> 
  1182.       <package>gnome-panel-32bit</package> 
  1183.       <package>gnome-vfs2-32bit</package> 
  1184.       <package>gpm-32bit</package> 
  1185.       <package>hal-32bit</package> 
  1186.       <package>hunspell-32bit</package> 
  1187.       <package>java-1_6_0-ibm</package> 
  1188.       <package>java-1_6_0-ibm-fonts</package> 
  1189.       <package>jpackage-utils</package> 
  1190.       <package>libFLAC8-32bit</package> 
  1191.       <package>libHX13-32bit</package> 
  1192.       <package>libacl-32bit</package> 
  1193.       <package>libaio-32bit</package> 
  1194.       <package>libaio-devel-32bit</package> 
  1195.       <package>libart_lgpl-32bit</package> 
  1196.       <package>libattr-32bit</package> 
  1197.       <package>libavahi-client3-32bit</package> 
  1198.       <package>libavahi-common3-32bit</package> 
  1199.       <package>libavahi-glib1-32bit</package> 
  1200.       <package>libblkid1-32bit</package> 
  1201.       <package>libbonobo-32bit</package> 
  1202.       <package>libbonoboui-32bit</package> 
  1203.       <package>libbz2-1-32bit</package> 
  1204.       <package>libcanberra-gtk-32bit</package> 
  1205.       <package>libcanberra-gtk0-32bit</package> 
  1206.       <package>libcanberra0-32bit</package> 
  1207.       <package>libcap2-32bit</package> 
  1208.       <package>libcroco-0_6-3-32bit</package> 
  1209.       <package>libcurl4-32bit</package> 
  1210.       <package>libdnet1</package> 
  1211.       <package>libdrm-32bit</package> 
  1212.       <package>libesd0-32bit</package> 
  1213.       <package>libfreebl3-32bit</package> 
  1214.       <package>libgcrypt11-32bit</package> 
  1215.       <package>libglade2-32bit</package> 
  1216.       <package>libgnome-32bit</package> 
  1217.       <package>libgnome-desktop-2-11-32bit</package> 
  1218.       <package>libgnomecanvas-32bit</package> 
  1219.       <package>libgnutls26-32bit</package> 
  1220.       <package>libgomp46-32bit</package> 
  1221.       <package>libgpg-error0-32bit</package> 
  1222.       <package>libgsf-1-114-32bit</package> 
  1223.       <package>libgstreamer-0_10-0-32bit</package> 
  1224.       <package>libgthread-2_0-0-32bit</package> 
  1225.       <package>libgweather1-32bit</package> 
  1226.       <package>libical0-32bit</package> 
  1227.       <package>libidl-32bit</package> 
  1228.       <package>libidn-32bit</package> 
  1229.       <package>liblcms1-32bit</package> 
  1230.       <package>libldap-2_4-2-32bit</package> 
  1231.       <package>libltdl7-32bit</package> 
  1232.       <package>liblua5_1</package> 
  1233.       <package>liblzma5-32bit</package> 
  1234.       <package>libmng-32bit</package> 
  1235.       <package>libncurses6-32bit</package> 
  1236.       <package>libnetpbm10-32bit</package> 
  1237.       <package>libnscd-32bit</package> 
  1238.       <package>libnsssharedhelper0-32bit</package> 
  1239.       <package>libogg0-32bit</package> 
  1240.       <package>libopenct1-32bit</package> 
  1241.       <package>libopensc2-32bit</package> 
  1242.       <package>libpciaccess0-32bit</package> 
  1243.       <package>libproxy0-32bit</package> 
  1244.       <package>libproxy0-config-gnome</package> 
  1245.       <package>libproxy0-config-kde4</package> 
  1246.       <package>libpulse0-32bit</package> 
  1247.       <package>libpython2_6-1_0-32bit</package> 
  1248.       <package>libqt4-32bit</package> 
  1249.       <package>libqt4-qt3support-32bit</package> 
  1250.       <package>libqt4-sql-32bit</package> 
  1251.       <package>libqt4-x11-32bit</package> 
  1252.       <package>libreiserfs-32bit</package> 
  1253.       <package>librsvg-32bit</package> 
  1254.       <package>libsepol1-32bit</package> 
  1255.       <package>libsmbclient0-32bit</package> 
  1256.       <package>libsmbios2-32bit</package> 
  1257.       <package>libsndfile-32bit</package> 
  1258.       <package>libsoup-2_4-1-32bit</package> 
  1259.       <package>libsqlite3-0-32bit</package> 
  1260.       <package>libstdc++33-32bit</package> 
  1261.       <package>libstdc++43-devel-32bit</package> 
  1262.       <package>libtalloc2-32bit</package> 
  1263.       <package>libtasn1-3-32bit</package> 
  1264.       <package>libtdb1-32bit</package> 
  1265.       <package>libtool-32bit</package> 
  1266.       <package>libudev0-32bit</package> 
  1267.       <package>libvorbis-32bit</package> 
  1268.       <package>libwbclient0-32bit</package> 
  1269.       <package>libwnck-1-22-32bit</package> 
  1270.       <package>libxcrypt-32bit</package> 
  1271.       <package>libxml2-32bit</package> 
  1272.       <package>libxslt-32bit</package> 
  1273.       <package>mozilla-kde4-integration</package> 
  1274.       <package>mozilla-nspr-32bit</package> 
  1275.       <package>mozilla-nss-32bit</package> 
  1276.       <package>mozilla-xulrunner192-32bit</package> 
  1277.       <package>nautilus-32bit</package> 
  1278.       <package>nautilus-cd-burner-32bit</package> 
  1279.       <package>ncurses-devel-32bit</package> 
  1280.       <package>nmap</package> 
  1281.       <package>opensc-32bit</package> 
  1282.       <package>openslp-32bit</package> 
  1283.       <package>opie-32bit</package> 
  1284.       <package>orbit2-32bit</package> 
  1285.       <package>pam-32bit</package> 
  1286.       <package>pam-modules-32bit</package> 
  1287.       <package>pam_mount-32bit</package> 
  1288.       <package>parted-32bit</package> 
  1289.       <package>pciutils-32bit</package> 
  1290.       <package>pcsc-lite-32bit</package> 
  1291.       <package>popt-32bit</package> 
  1292.       <package>qt3-32bit</package> 
  1293.       <package>qtcurve-gtk2-32bit</package> 
  1294.       <package>rpm-32bit</package> 
  1295.       <package>samba-32bit</package> 
  1296.       <package>samba-client-32bit</package> 
  1297.       <package>startup-notification-32bit</package> 
  1298.       <package>strace-32bit</package> 
  1299.       <package>sysfsutils-32bit</package> 
  1300.       <package>tcl-32bit</package> 
  1301.       <package>tcpd-32bit</package> 
  1302.       <package>tk-32bit</package> 
  1303.       <package>utempter-32bit</package> 
  1304.       <package>xaw3d-32bit</package> 
  1305.       <package>xorg-x11-driver-video-radeonhd</package> 
  1306.       <package>yast2-trans-en_US</package> 
  1307.       <package>autoyast2-installation</package> 
  1308.       <package>autoyast2-installation</package> 
  1309.     </packages> 
  1310.     <patterns config:type="list"
  1311.       <pattern>Basis-Devel</pattern> 
  1312.       <pattern>Minimal</pattern> 
  1313.       <pattern>WBEM</pattern> 
  1314.       <pattern>apparmor</pattern> 
  1315.       <pattern>base</pattern> 
  1316.       <pattern>documentation</pattern> 
  1317.       <pattern>gnome</pattern> 
  1318.       <pattern>kde</pattern> 
  1319.       <pattern>oracle_server</pattern> 
  1320.       <pattern>print_server</pattern> 
  1321.       <pattern>x11</pattern> 
  1322.     </patterns> 
  1323.     <remove-packages config:type="list"
  1324.       <package>apache2</package> 
  1325.       <package>apache2-prefork</package> 
  1326.       <package>apache2-utils</package> 
  1327.       <package>apache2-worker</package> 
  1328.       <package>emacs-nox</package> 
  1329.       <package>libapr-util1</package> 
  1330.       <package>libapr1</package> 
  1331.       <package>libqt4-sql-sqlite</package> 
  1332.       <package>lprng</package> 
  1333.       <package>pcmciautils</package> 
  1334.       <package>portmap</package> 
  1335.       <package>rsyslog</package> 
  1336.       <package>sendmail</package> 
  1337.       <package>susehelp_de</package> 
  1338.       <package>open-iscsi</package> 
  1339.     </remove-packages> 
  1340.   </software> 
  1341.   <timezone> 
  1342.     <hwclock>localtime</hwclock> 
  1343.     <timezone>Asia/Shanghai</timezone> 
  1344.   </timezone> 
  1345.   <user_defaults> 
  1346.     <group>100</group
  1347.     <groups>video,dialout</groups> 
  1348.     <home>/home</home> 
  1349.     <inactive>-1</inactive> 
  1350.     <shell>/bin/bash</shell> 
  1351.     <skel>/etc/skel</skel> 
  1352.     <umask>022</umask> 
  1353.   </user_defaults> 
  1354.   <users config:type="list"
  1355.     <user
  1356.       <encrypted config:type="boolean">true</encrypted> 
  1357.       <fullname>Games account</fullname> 
  1358.       <gid>100</gid> 
  1359.       <home>/var/games</home> 
  1360.       <password_settings> 
  1361.         <flag></flag> 
  1362.         <inact>-1</inact> 
  1363.         <max>99999</max
  1364.         <min>0</min
  1365.         <warn>7</warn> 
  1366.       </password_settings> 
  1367.       <shell>/bin/bash</shell> 
  1368.       <uid>12</uid> 
  1369.       <user_password>*</user_password> 
  1370.       <username>games</username> 
  1371.     </user
  1372.     <user
  1373.       <encrypted config:type="boolean">true</encrypted> 
  1374.       <fullname>bin</fullname> 
  1375.       <gid>1</gid> 
  1376.       <home>/bin</home> 
  1377.       <password_settings> 
  1378.         <flag></flag> 
  1379.         <inact>-1</inact> 
  1380.         <max>99999</max
  1381.         <min>0</min
  1382.         <warn>7</warn> 
  1383.       </password_settings> 
  1384.       <shell>/bin/bash</shell> 
  1385.       <uid>1</uid> 
  1386.       <user_password>*</user_password> 
  1387.       <username>bin</username> 
  1388.     </user
  1389.     <user
  1390.       <encrypted config:type="boolean">true</encrypted> 
  1391.       <fullname>nobody</fullname> 
  1392.       <gid>65533</gid> 
  1393.       <home>/var/lib/nobody</home> 
  1394.       <password_settings> 
  1395.         <flag></flag> 
  1396.         <inact>-1</inact> 
  1397.         <max>99999</max
  1398.         <min>0</min
  1399.         <warn>7</warn> 
  1400.       </password_settings> 
  1401.       <shell>/bin/bash</shell> 
  1402.       <uid>65534</uid> 
  1403.       <user_password>*</user_password> 
  1404.       <username>nobody</username> 
  1405.     </user
  1406.     <user
  1407.       <encrypted config:type="boolean">true</encrypted> 
  1408.       <fullname>Printing daemon</fullname> 
  1409.       <gid>7</gid> 
  1410.       <home>/var/spool/lpd</home> 
  1411.       <password_settings> 
  1412.         <flag></flag> 
  1413.         <inact>-1</inact> 
  1414.         <max>99999</max
  1415.         <min>0</min
  1416.         <warn>7</warn> 
  1417.       </password_settings> 
  1418.       <shell>/bin/bash</shell> 
  1419.       <uid>4</uid> 
  1420.       <user_password>*</user_password> 
  1421.       <username>lp</username> 
  1422.     </user
  1423.     <user
  1424.       <encrypted config:type="boolean">true</encrypted> 
  1425.       <fullname>User for uuidd</fullname> 
  1426.       <gid>104</gid> 
  1427.       <home>/var/run/uuidd</home> 
  1428.       <password_settings> 
  1429.         <max>99999</max
  1430.         <min>0</min
  1431.         <warn>7</warn> 
  1432.       </password_settings> 
  1433.       <shell>/bin/false</shell> 
  1434.       <uid>102</uid> 
  1435.       <user_password>*</user_password> 
  1436.       <username>uuidd</username> 
  1437.     </user
  1438.     <user
  1439.       <encrypted config:type="boolean">true</encrypted> 
  1440.       <fullname>Postfix Daemon</fullname> 
  1441.       <gid>51</gid> 
  1442.       <home>/var/spool/postfix</home> 
  1443.       <password_settings> 
  1444.         <max>99999</max
  1445.         <min>0</min
  1446.         <warn>7</warn> 
  1447.       </password_settings> 
  1448.       <shell>/bin/false</shell> 
  1449.       <uid>51</uid> 
  1450.       <user_password>*</user_password> 
  1451.       <username>postfix</username> 
  1452.     </user
  1453.     <user
  1454.       <encrypted config:type="boolean">true</encrypted> 
  1455.       <fullname>Novell Customer Center User</fullname> 
  1456.       <gid>114</gid> 
  1457.       <home>/var/lib/YaST2/suse-ncc-fakehome</home> 
  1458.       <password_settings> 
  1459.         <max>99999</max
  1460.         <min>0</min
  1461.         <warn>7</warn> 
  1462.       </password_settings> 
  1463.       <shell>/bin/bash</shell> 
  1464.       <uid>107</uid> 
  1465.       <user_password>*</user_password> 
  1466.       <username>suse-ncc</username> 
  1467.     </user
  1468.     <user
  1469.       <encrypted config:type="boolean">true</encrypted> 
  1470.       <fullname>FTP account</fullname> 
  1471.       <gid>49</gid> 
  1472.       <home>/srv/ftp</home> 
  1473.       <password_settings> 
  1474.         <flag></flag> 
  1475.         <inact>-1</inact> 
  1476.         <max>99999</max
  1477.         <min>0</min
  1478.         <warn>7</warn> 
  1479.       </password_settings> 
  1480.       <shell>/bin/bash</shell> 
  1481.       <uid>40</uid> 
  1482.       <user_password>*</user_password> 
  1483.       <username>ftp</username> 
  1484.     </user
  1485.     <user
  1486.       <encrypted config:type="boolean">true</encrypted> 
  1487.       <fullname>Gnome Display Manager daemon</fullname> 
  1488.       <gid>115</gid> 
  1489.       <home>/var/lib/gdm</home> 
  1490.       <password_settings> 
  1491.         <max>99999</max
  1492.         <min>0</min
  1493.         <warn>7</warn> 
  1494.       </password_settings> 
  1495.       <shell>/bin/false</shell> 
  1496.       <uid>108</uid> 
  1497.       <user_password>*</user_password> 
  1498.       <username>gdm</username> 
  1499.     </user
  1500.     <user
  1501.       <encrypted config:type="boolean">true</encrypted> 
  1502.       <fullname>Batch jobs daemon</fullname> 
  1503.       <gid>25</gid> 
  1504.       <home>/var/spool/atjobs</home> 
  1505.       <password_settings> 
  1506.         <max>99999</max
  1507.         <min>0</min
  1508.         <warn>7</warn> 
  1509.       </password_settings> 
  1510.       <shell>/bin/bash</shell> 
  1511.       <uid>25</uid> 
  1512.       <user_password>*</user_password> 
  1513.       <username>at</username> 
  1514.     </user
  1515.     <user
  1516.       <encrypted config:type="boolean">true</encrypted> 
  1517.       <fullname>root</fullname> 
  1518.       <gid>0</gid> 
  1519.       <home>/root</home> 
  1520.       <password_settings> 
  1521.         <flag></flag> 
  1522.         <inact>-1</inact> 
  1523.         <max>99999</max
  1524.         <min>0</min
  1525.         <warn>7</warn> 
  1526.       </password_settings> 
  1527.       <shell>/bin/bash</shell> 
  1528.       <uid>0</uid> 
  1529.       <user_password>$2y$05$PgHRKTw9p..KhpR4r3bhF.8yFRP30eBTO6bQSfDspTz8J5/8yw.qW</user_password> 
  1530.       <username>root</username> 
  1531.     </user
  1532.     <user
  1533.       <encrypted config:type="boolean">true</encrypted> 
  1534.       <fullname>Mailer daemon</fullname> 
  1535.       <gid>12</gid> 
  1536.       <home>/var/spool/clientmqueue</home> 
  1537.       <password_settings> 
  1538.         <flag></flag> 
  1539.         <inact>-1</inact> 
  1540.         <max>99999</max
  1541.         <min>0</min
  1542.         <warn>7</warn> 
  1543.       </password_settings> 
  1544.       <shell>/bin/false</shell> 
  1545.       <uid>8</uid> 
  1546.       <user_password>*</user_password> 
  1547.       <username>mail</username> 
  1548.     </user
  1549.     <user
  1550.       <encrypted config:type="boolean">true</encrypted> 
  1551.       <fullname>Daemon</fullname> 
  1552.       <gid>2</gid> 
  1553.       <home>/sbin</home> 
  1554.       <password_settings> 
  1555.         <flag></flag> 
  1556.         <inact>-1</inact> 
  1557.         <max>99999</max
  1558.         <min>0</min
  1559.         <warn>7</warn> 
  1560.       </password_settings> 
  1561.       <shell>/bin/bash</shell> 
  1562.       <uid>2</uid> 
  1563.       <user_password>*</user_password> 
  1564.       <username>daemon</username> 
  1565.     </user
  1566.     <user
  1567.       <encrypted config:type="boolean">true</encrypted> 
  1568.       <fullname>NTP daemon</fullname> 
  1569.       <gid>111</gid> 
  1570.       <home>/var/lib/ntp</home> 
  1571.       <password_settings> 
  1572.         <max>99999</max
  1573.         <min>0</min
  1574.         <warn>7</warn> 
  1575.       </password_settings> 
  1576.       <shell>/bin/false</shell> 
  1577.       <uid>74</uid> 
  1578.       <user_password>*</user_password> 
  1579.       <username>ntp</username> 
  1580.     </user
  1581.     <user
  1582.       <encrypted config:type="boolean">true</encrypted> 
  1583.       <fullname>Unix-to-Unix CoPy system</fullname> 
  1584.       <gid>14</gid> 
  1585.       <home>/etc/uucp</home> 
  1586.       <password_settings> 
  1587.         <flag></flag> 
  1588.         <inact>-1</inact> 
  1589.         <max>99999</max
  1590.         <min>0</min
  1591.         <warn>7</warn> 
  1592.       </password_settings> 
  1593.       <shell>/bin/bash</shell> 
  1594.       <uid>10</uid> 
  1595.       <user_password>*</user_password> 
  1596.       <username>uucp</username> 
  1597.     </user
  1598.     <user
  1599.       <encrypted config:type="boolean">true</encrypted> 
  1600.       <fullname>User for D-Bus</fullname> 
  1601.       <gid>101</gid> 
  1602.       <home>/var/run/dbus</home> 
  1603.       <password_settings> 
  1604.         <min>0</min
  1605.         <warn>7</warn> 
  1606.       </password_settings> 
  1607.       <shell>/bin/false</shell> 
  1608.       <uid>100</uid> 
  1609.       <user_password>*</user_password> 
  1610.       <username>messagebus</username> 
  1611.     </user
  1612.     <user
  1613.       <encrypted config:type="boolean">true</encrypted> 
  1614.       <fullname>User for haldaemon</fullname> 
  1615.       <gid>102</gid> 
  1616.       <home>/var/run/hald</home> 
  1617.       <password_settings> 
  1618.         <min>0</min
  1619.         <warn>7</warn> 
  1620.       </password_settings> 
  1621.       <shell>/bin/false</shell> 
  1622.       <uid>101</uid> 
  1623.       <user_password>*</user_password> 
  1624.       <username>haldaemon</username> 
  1625.     </user
  1626.     <user
  1627.       <encrypted config:type="boolean">true</encrypted> 
  1628.       <fullname>Oracle user</fullname> 
  1629.       <gid>107</gid> 
  1630.       <home>/opt/oracle</home> 
  1631.       <password_settings> 
  1632.         <max>99999</max
  1633.         <min>0</min
  1634.         <warn>7</warn> 
  1635.       </password_settings> 
  1636.       <shell>/bin/false</shell> 
  1637.       <uid>104</uid> 
  1638.       <user_password>*</user_password> 
  1639.       <username>oracle</username> 
  1640.     </user
  1641.     <user
  1642.       <encrypted config:type="boolean">true</encrypted> 
  1643.       <fullname>WWW daemon apache</fullname> 
  1644.       <gid>8</gid> 
  1645.       <home>/var/lib/wwwrun</home> 
  1646.       <password_settings> 
  1647.         <flag></flag> 
  1648.         <inact>-1</inact> 
  1649.         <max>99999</max
  1650.         <min>0</min
  1651.         <warn>7</warn> 
  1652.       </password_settings> 
  1653.       <shell>/bin/false</shell> 
  1654.       <uid>30</uid> 
  1655.       <user_password>*</user_password> 
  1656.       <username>wwwrun</username> 
  1657.     </user
  1658.     <user
  1659.       <encrypted config:type="boolean">true</encrypted> 
  1660.       <fullname>Puppet daemon</fullname> 
  1661.       <gid>106</gid> 
  1662.       <home>/var/lib/puppet</home> 
  1663.       <password_settings> 
  1664.         <max>99999</max
  1665.         <min>0</min
  1666.         <warn>7</warn> 
  1667.       </password_settings> 
  1668.       <shell>/bin/false</shell> 
  1669.       <uid>103</uid> 
  1670.       <user_password>*</user_password> 
  1671.       <username>puppet</username> 
  1672.     </user
  1673.     <user
  1674.       <encrypted config:type="boolean">true</encrypted> 
  1675.       <fullname>Manual pages viewer</fullname> 
  1676.       <gid>62</gid> 
  1677.       <home>/var/cache/man</home> 
  1678.       <password_settings> 
  1679.         <flag></flag> 
  1680.         <inact>-1</inact> 
  1681.         <max>99999</max
  1682.         <min>0</min
  1683.         <warn>7</warn> 
  1684.       </password_settings> 
  1685.       <shell>/bin/bash</shell> 
  1686.       <uid>13</uid> 
  1687.       <user_password>*</user_password> 
  1688.       <username>man</username> 
  1689.     </user
  1690.     <user
  1691.       <encrypted config:type="boolean">true</encrypted> 
  1692.       <fullname>MySQL database admin</fullname> 
  1693.       <gid>109</gid> 
  1694.       <home>/var/lib/mysql</home> 
  1695.       <password_settings> 
  1696.         <max>99999</max
  1697.         <min>0</min
  1698.         <warn>7</warn> 
  1699.       </password_settings> 
  1700.       <shell>/bin/false</shell> 
  1701.       <uid>60</uid> 
  1702.       <user_password>*</user_password> 
  1703.       <username>mysql</username> 
  1704.     </user
  1705.     <user
  1706.       <encrypted config:type="boolean">true</encrypted> 
  1707.       <fullname>PolicyKit</fullname> 
  1708.       <gid>110</gid> 
  1709.       <home>/var/run/PolicyKit</home> 
  1710.       <password_settings> 
  1711.         <max>99999</max
  1712.         <min>0</min
  1713.         <warn>7</warn> 
  1714.       </password_settings> 
  1715.       <shell>/bin/false</shell> 
  1716.       <uid>105</uid> 
  1717.       <user_password>*</user_password> 
  1718.       <username>polkituser</username> 
  1719.     </user
  1720.     <user
  1721.       <encrypted config:type="boolean">true</encrypted> 
  1722.       <fullname>News system</fullname> 
  1723.       <gid>13</gid> 
  1724.       <home>/etc/news</home> 
  1725.       <password_settings> 
  1726.         <flag></flag> 
  1727.         <inact>-1</inact> 
  1728.         <max>99999</max
  1729.         <min>0</min
  1730.         <warn>7</warn> 
  1731.       </password_settings> 
  1732.       <shell>/bin/bash</shell> 
  1733.       <uid>9</uid> 
  1734.       <user_password>*</user_password> 
  1735.       <username>news</username> 
  1736.     </user
  1737.     <user
  1738.       <fullname>SSH daemon</fullname> 
  1739.       <gid>65</gid> 
  1740.       <home>/var/lib/sshd</home> 
  1741.       <password_settings> 
  1742.         <inact>-1</inact> 
  1743.         <max>99999</max
  1744.         <min>0</min
  1745.         <warn>7</warn> 
  1746.       </password_settings> 
  1747.       <shell>/bin/false</shell> 
  1748.       <uid>71</uid> 
  1749.       <username>sshd</username> 
  1750.     </user
  1751.     <user
  1752.       <encrypted config:type="boolean">true</encrypted> 
  1753.       <fullname>PulseAudio daemon</fullname> 
  1754.       <gid>112</gid> 
  1755.       <home>/var/lib/pulseaudio</home> 
  1756.       <password_settings> 
  1757.         <max>99999</max
  1758.         <min>0</min
  1759.         <warn>7</warn> 
  1760.       </password_settings> 
  1761.       <shell>/bin/false</shell> 
  1762.       <uid>106</uid> 
  1763.       <user_password>*</user_password> 
  1764.       <username>pulse</username> 
  1765.     </user
  1766.   </users> 
  1767.   <x11> 
  1768.     <color_depth config:type="integer">24</color_depth> 
  1769.     <display_manager>gdm</display_manager> 
  1770.     <enable_3d config:type="boolean">true</enable_3d> 
  1771.     <monitor> 
  1772.       <display> 
  1773.         <max_hsync config:type="integer">48</max_hsync> 
  1774.         <max_vsync config:type="integer">60</max_vsync> 
  1775.         <min_hsync config:type="integer">31</min_hsync> 
  1776.         <min_vsync config:type="integer">50</min_vsync> 
  1777.       </display> 
  1778.       <monitor_device>1024X768@60HZ</monitor_device> 
  1779.       <monitor_vendor>--&gt; VESA</monitor_vendor> 
  1780.     </monitor> 
  1781.     <resolution>1024x768 (XGA)</resolution> 
  1782.     <window_manager>gnome</window_manager> 
  1783.   </x11> 
  1784. </profile> 

四、SuSE自动化PXE网络安装

PXE基本原理

什么是PXE

PXE(Pre-boot Execution Environment)是由Intel设计的协议,它可以使计算机通过网络启动。协议分为client和server两端,PXE client在网卡的ROM中,当计算机引导时,BIOS把PXE client调入内存执行,并显示出命令菜单,经用户选择后,PXE client将放置在远端的操作系统通过网络下载到本地运行。

PXE协议的成功运行需要解决以下两个问题:

1.既然是通过网络传输,那么计算机在启动时,它的IP地址由谁来配置;

2.通过什么协议下载Linux内核和根文件系统。

对于第一个问题,可以通过DHCP Server解决,由DHCP server来给PXE client分配一个IP地址,DHCP Server是用来给DHCP Client动态分配IP地址的协议,不过由于这里是给PXE Client分配IP地址,所以在配置DHCP Server时,需要增加相应的PXE特有配置。

至于第二个问题,在PXE client所在的ROM中,已经存在了TFTP Client。PXE Client使用TFTP Client,通过TFTP协议到TFTP Server上下载所需的文件。

这样,PXE协议运行的条件就具备了,下面我们就来看看PXE协议的工作过程。

工作过程

在下图中,PXE client是需要安装Linux的计算机,TFTP Server和DHCP Server运行在另外一台Linux Server上。Bootstrap文件、配置文件、Linux内核以及Linux根文件系统都放置在Linux Server上TFTP服务器的根目录下。

PXE client在工作过程中,需要三个二进制文件:bootstrap、Linux 内核和Linux根文件系统。Bootstrap文件是可执行程序,它向用户提供简单的控制界面,并根据用户的选择,下载合适的Linux内核以及Linux根文件系统。

方案介绍

这种方案需要首先设置一个启动服务器和一个安装服务器(可以配置在同一台物理机上),然后通过网络启动存放在启动服务器上的安装程序。安装程序会自动访问存放在安装服务器上的安装配置文件和安装介质来完成安装。

涉及到的技术

该方案主要应用了三种技术:

1.在PC上从网络启动SLES安装程序的PXE协议

2.SLES安装程序提供的网络安装功能(即指通过网络访问安装介质)

3.SLES安装程序提供的无人值守安装功能(SuSE称为AutoYast)

软硬件需求

要按本文介绍的方法完成自动化安装,你需要如下软硬件资源:

◆一台PC机器作为启动和安装服务器(其它架构机器也可以)

◆一台待安装的PC机器,它的网卡必须带有PXE支持

◆一个建好的局域网,上述两台机器已经连接入同一子网

◆待安装的SLES安装介质

配置tftpd

为了简化步骤,我们在XP虚拟机下搭建DHCP和TFTP服务端,用tftpd工具来整合实现PXE网络引导,注意服务端与客户端要在同一局域网内。在Linux下配置服务的原理类似,具体方法可参考互联网。

(1)下载tftpd

http://tftpd32.jounin.net/

(2)启动tftpd32程序,选择【Settings】

(3)按需勾选,这里我们仅选择【TFTP】和【DHCP】 

(4)TFTP设置如下:

Base Directory:对应存放Linux的引导文件

PXE Compatibility:增强对不同型号网卡的网络启动支持

Show Progress bar:在网络引导过程中显示进度

Translate Unix file names:转化Unix文件名

Allow “\” As virtual root:允许虚拟路径

其它高级选项:设置包括兼容性以及一些细节

(5)DHCP配置

重点注意Boot File引导文件的设置和DHCP绑定地址

(6)tftpboot目录结构

  1. file://D:\tftpboot  (2 folders, 3 files, 35.86 MB, 36.46 MB in total.) 
  2. │   INITRD    32.20 MB 
  3. │   LINUX 3.64 MB 
  4. │   pxelinux.0    16.04 KB 
  5. ├─pxelinux.cfg  (0 folders, 1 files, 193 bytes, 193 bytes in total.) 
  6. │         default 193 bytes 
  7. └─tftpd32   (0 folders, 4 files, 620.33 KB, 620.33 KB in total.) 
  8.             EUPL-EN.pdf 33.51 KB 
  9.             tftpd32.chm 346.96 KB 
  10.             tftpd32.exe 200.50 KB 
  11.             tftpd32.ini 39.36 KB 

INITRD和LINUX提取自Linux启动引导镜像

pxelinux.0是pxe启动引导镜像

pxelinux.cfg文件夹下的default文件为启动菜单配置项

编辑tftpboot\pxelinux.cfg,可以自定义autoinst.xml文件的访问方式和路径

  1. default linux 
  2.   
  3. # Install Linux 
  4. label linux 
  5.   kernel linux 
  6.   append initrd=initrd autoyast=ftp://198.15.0.106/suse/autoinst.xml install=ftp://198.15.0.106/suse splash=silent showopts 

配置FTP

(1)下载Filezilla Server

http://filezilla-project.org/

(2)设置ftp

允许匿名访问帐户即可,配置好ftp路径

提取SLES镜像内的安装目录至ftp目录下

配置AutoYaST

使用SuSE中的AutoYaST工具生成autoinst.xml,复制到ftp任意目录下,注意文件路径与default配置相吻合

网络启动机器

前面的配置工作完成后,下面我们就在待安装机器上通过网络以无人值守的方式来安装

(1)启动待安装机器,选择从网卡启动。具体方法因BIOS版本不同而异。下图是从VMWare虚拟机上得到的选择网络启动的屏幕截图。

(2)网卡中的PXE代码会联系DHCP服务器来获取IP地址以及启动镜像,然后启动镜像被载入并运行。

(3)开始全自动安装

安装后添加自定义模块

我这里以添加Kernel内核补丁为例

  1. <scripts> 
  2. <init-scripts config:type="list"
  3. <script> 
  4. <filename>instkernel.sh</filename> 
  5. <debug config:type="boolean">true</debug> 
  6. <location></location> 
  7. <interpreter>shell</interpreter> 
  8. <source><![CDATA[ 
  9. #!/bin/bash 
  10. After installation, the logfile from this script can be found in 
  11. # /var/adm/autoinstall/logs 
  12. echo "=========================================" 
  13. echo "... Starting AutoYAST included script ..." 
  14. echo "=========================================" 
  15. rpm -ivh --root=/  ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-base-3.0.74-0.6.8.1.x86_64.rpm  
  16. rpm -ivh --root=/  ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-3.0.74-0.6.8.1.x86_64.rpm  
  17. rpm -ivh --root=/  ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-source-3.0.74-0.6.8.1.x86_64.rpm  
  18. rpm -ivh --root=/  ftp://144.131.254.206/update/3.0.74-0.6.8/kernel-default-devel-3.0.74-0.6.8.1.x86_64.rpm 
  19. ]]> 
  20. </source> 
  21. </script> 
  22. </init-scripts> 
  23. </scripts> 

小结

统一是自动化运维的基础核心,而统一部署又是自动化运维的第一步,其实在研究自动化部署的过程中我们会遇到各种坑,只有踩过的人才能够体会其中的不容易,如果大家在测试和使用SuSE自动化安装时遇到任何问题,欢迎直接在原文下方留言,我们一起学习和成长^_^。

GitHub源码 - https://github.com/wsgzao/autoinstall/

【编辑推荐】

  1. 简单介绍自动化运维工具clip
  2. 我从【优维计划】访谈中看到的运维现状
  3. 运维人,你应该了解的三张武功心法图
  4. 云运维如何选择部署适合自身的IDC和网络
  5. 详解互联网运维需要把握的四力模型
【责任编辑:火凤凰 TEL:(010)68476606】

点赞 0
分享:
大家都在看
猜你喜欢

读 书 +更多

SQL实用简明教程(第2版)

SQL(结构化查询语言)是数据库系统的通用语言,利用它可以用几乎同样的语句在不同的数据库系统上执行同样的操作,在数据库系统的开发中有着...

订阅51CTO邮刊

点击这里查看样刊

订阅51CTO邮刊
× CTO训练营(深圳站)