Installation of openSUSE Linux Leap 15.2
(2021-10-18)
Carlos F. Lange
CFD Lab, MecE, UofA
Style convention: filenames and commands; ; check item
This page contains instructions for the installation of openSUSE Linux Leap 15.2. These instructions were compiled for use at the Computational Fluid Dynamics Laboratory (CFD-Lab) at the University of Alberta, but they are made available for general use. Some Lab specific instructions, which are not applicable in general, are included in a separate page. The installation process makes use of scripts, which are also available for free download. Note that some settings in the scripts and in the instructions are specific for Canada, but they can be easily adapted to other countries. For specific user settings and recommendations, go to Instructions for Users.
- PREPARATION STEPS
- FIRST PHASE OF INSTALLATION
- SECOND PHASE OF INSTALLATION
- SYSTEM MAINTENANCE
- PACKAGES AND SETTINGS
- SPECIAL TOPICS
PREPARATION STEPS
- Download the DVD/USB version of the openSUSE 15.2 installation from https://software.opensuse.org/distributions/leap/15.2 and burn it to a DVD or copy it to a USB. Instructions for burning the ISO file and for creating a bootable USB stick are given in a link at the bottom of the webpage.
- Before starting the installation, plan the partitioning of your disk(s). Read all the relevant sections under Special Topics before proceeding. Some additional advice can be found in the openSUSE online documentation. If a clean installation is performed, there is no risk to data, but the partitions cannot be easily changed later without reinstallation. If the system is being updated or dual-booted, care must be taken during partitioning to preserve the existing data. Always make a backup of all user and other relevant information before the installation.
- Always backup your data before starting an installation.
- In the BIOS (press Del or F2 during boot) change the boot order to prioritize the USB or DVD disk . Also, select Legacy or CSM boot mode and make sure to disable Secure Boot in the BIOS, if possible. On machines that require UEFI and Secure Boot (MS-Windows) apply any existing updates to the BIOS before starting the installation.
FIRST PHASE OF INSTALLATION
The first phase consists of partitioning of the hard disk and installation of a basic version of openSUSE Linux. It is recommended to ask the help of an experienced Linux user for the Partitioning step.
- Boot from DVD or USB stick (this may require an adjustment in the BIOS) and
choose Installation from boot menu.
(Before using the DVD for the first time, select More Options / Check Installation Media and run the test once.) - License Agreement: Next.
- If Network Settings appears, then setup the network as follows (or else, skip to the next step):
- Hostname/DNS tab:
- Hostname: machine_name
- Set Hostname via DHCP to no.
- In case of DHCP, leave everything else as is.
-
In case of fixed IP address:
- Name Servers: ...; Domain Search: domain.name
-
Switch to the Routing tab:
- Default IPv4 Gateway: ...
- Device: -
- Switch to the Overview tab:
- Edit the network card (Network Connection), select Statically Assigned IP Address, and set:
- IP Address: ...
- Subnet Mask: /24
- Hostname: machine_name
- Next.
- Edit the network card (Network Connection), select Statically Assigned IP Address, and set:
- Overview tab: Select a network card. In case of laptop, select the wireless card. Then Edit.
- In case of wireless card: Scan network, select the network name, adjust the Authentication Mode, and enter the corresponding settings and Password.
- Address tab: Select Dynamic Address DHCP. Next.
- Hostname/DNS tab:
- System Probing:
- In case of update with an existing encrypted partition, enter the encryption password for the Encrypted Volume Activation.
- If a network connection exists, activate online repositories with Yes. Leave the list of Repositories as is. Next.
- System Role: Check Desktop with KDE Plasma. Next.
- Suggested Partitioning:
- When updating systems, click on Expert Partitioner / Start with Existing Partitions. Mount old /home partition without formatting (in case of RAID, select the RAID volumes on the system view tree) and format only the original swap and / partitions (use ext4 for the latter). In case of encrypted home partition, enter password.
- When installing a New System, see Partitioning details under Special Topics.
- Finish. Accept. Next.
- In case of encrypted home partition, to prevent the boot process from hanging, after the initial phase of installation, add the option nofail to the corresponding entry in /etc/fstab and the options none timeout=300 (time in seconds) to the entry in /etc/crypttab after the installation is complete. Ex.:
/etc/fstab: UUID=..... /home ext4 defaults,nofail 0 2
/etc/crypttab: cr_home UUID=..... none timeout=300
- Clock and Time Zone: Select Canada / Mountain (Edmonton). Leave Hardware Clock Set To UTC checked, unless you are dual-booting with Windows. Next.
- Create New User:
- New systems: Create a temporary dummy user. (Do not use the login name of a real user, as this provisional user will be deleted in the next phase.)
Uncheck Use this password for system administrator and Automatic Login. - Updating systems: Check Import User Data from a Previous Installation and in Select All.
- Next.
- New systems: Create a temporary dummy user. (Do not use the login name of a real user, as this provisional user will be deleted in the next phase.)
- Root password: Enter root password carefully. Next.
- Installation Settings: Verify installation settings.
- Booting: In case of a RAID1 array, if Boot from MBR is enabled and Status Location is /dev/sda (MBR) only, then click on Booting and make sure Enable Redundancy for MD array is checked for installation of Grub2 in both disks. OK.
- Booting: In case of UEFI Secure Boot and dual-boot with Windows, openSUSE should recognize and set Boot Loader Type to GRUB2-EFI. Click on Booting and set Enable Secure Boot Support. OK.
- Software: Leave section as is for faster installation.
- Security: click on enable to enable SSH service and on open to open SSH port.
- In case of system update, click on Import SSH Host Keys and Configuration, leave the options as they are, and Accept.
- Network Configuration: In case of wired network, make sure the setup is using wicked (or else switch to wicked). This ensures that the network connection is persistent, even when there is no one logged in. Leave it as Using Network Manager for laptops.
- Click on Network Configuration and switch to tab Hostname to the proper machine name, if not done before, and Set Hostname via DHCP to no. Next. to change
- Install.
- Confirm Installation: Install. Installation may take up to 30 minutes.
- Known Bugs:
- Graphics Card Problems: In case of Nvidia cards, if the machine freezes during reboot, boot with the option nouveau.modeset=0. For that, type e during the Boot Menu and add the option to the list of boot parameters, then exit with F10.
- If you have a computer with a high-DPI display, you can set YaST to scale its UI automatically for the display. To do so, add the parameter QT_AUTO_SCREEN_SCALE_FACTOR=1 to the bootloader command line.
- When installing from USB: If the system refuses to "Boot from Hard Disk" after this initial installation, remove the USB key while system is rebooting, boot into the new system and replace the USB key before continuing.
- Problems with UEFI and Secure Mode: see Notes on UEFI. Apply any existing updates to your BIOS or GPT before starting the installation.
- System will reboot.
- If process goes back to main installation menu, choose Boot from Hard Disk and select openSUSE Leap 15.2.
- Click on Other then login as root.
- YaST Administration Tool: ( )
- Release Notes: ( ) Read the release notes. Close.
- Online Update: ( )
- Accept. (If network was setup at installation, patches may already have been applied and list will be empty.)
- If a server (installation media) is inaccessible, make sure the network connection is working or connect to it using the Network icon in the taskbar (Choose the Classic mode in the ). OK, Retry. It may be necessary to retry a few times.
- In case of package management update (libzypp or YAML), Accept, OK. Online Update will restart, Accept, Continue.
- Accept licenses; Continue. Continue.
- When finished, Next.
- In case of kernel or systemd update, a warning will advise you to reboot after the update.
- This update process may take a while.
- In case a reboot is recommended, .
SECOND PHASE OF INSTALLATION
In this phase the standard openSUSE installation will be adapted with the installation of many additional software packages and with changes in some default settings. Some changes are performed by scripts. For details about the changes, see the comments in each script. If no network connection was obtained in the First Phase, obtain a network connection before continuing.
- Click on Other and login as root. (or remain logged in from the previous phase)
- Konsole Session:
- Open a Konsole terminal ( ). Keep this terminal open.
- If no network connection was obtained in the First Phase, update your system before continuing:
- zypper up
- reboot
- Select Boot from Harddisk.
- Login again as root and continue.
- Copy or download the tar-ball SUSE152_Config.tar.gz and save it to /tmp.
You can also download the tar-ball directly from the terminal
cd /tmp
wget http://sites.ualberta.ca/~clange/Linux/openSUSE/15.2/SUSE152_Config.tar.gz - Unpack the downloaded tar-ball
cd /tmp
tar zxf SUSE152_Config.tar.gz
cd Linux/openSUSE/15.2/ - If network, specially the machine name, is not correctly set at this point, correct the following settings in YaST (
- Hostname/DNS tab:
- Hostname: machine_name; Domain Name: domain.name
- Set Hostname via DHCP to no.
- In case of DHCP, leave everything else as is. OK.
- In case of fixed IP address, fix the address, the name server and gateway, accordingly.
- Restart the Wicked deamon
systemctl restart wickedd
):
- Hostname/DNS tab:
- Installing Additional Packages:
Run
./packageinstall_SUSE152
This script adds software repositories and installs many new packages, depending on the configuration chosen (desktop or laptop). This process takes a while. In case of problem, select the solution that changes software vendor.- In case of Adobe Flash Plugin, continue with yes.
- Answer y when asked to Continue with package installations.
- In case of dependency conflicts, choose the option that includes (with vendor change). Choose the solution do not install octave-forge-ocs and do not install ImageMagic-extra and deinstallation of tlp (in case of laptops). Find some additional hints below under Software Management.
- After installation, answer y when asked to Continue with the distribution update of installed packages.
- At the end, the installation DVD/USB is disabled as repository to prevent the installer from requiring the DVD in the future. It can now be removed from the computer.
- Depending on the speed of the Internet connection and of the machine, this process may take a while.
- Install NVidia Drivers: In case of NVidia graphics cards, before continuing, install the proprietary NVidia drivers to fix stability issues.
- Check to see if the machine is using an NVidia graphic card:
/sbin/lspci -nnk | grep VGA -A2 - Open YaST: .
- Start the Software Management tool:
- If the NVidia packages are already selected, simply Accept, Accept the license (as often as needed). Continue.
- If not, search for NVidia packages. Select the corresponding driver, likely x11-video-nvidiaG04. Accept. Continue to accept automatic changes. Accept. Finish.
- Reboot the computer to activate the new driver in the kernel.
- Check to see if the machine is using an NVidia graphic card:
- Custom System Settings: To adapt system configuration files (requires successful run of packageinstall_SUSE152) and to install third party packages, run:
- ./systemconfig_SUSE152
- When prompted, enter the names of the privileged users with full administrator status, i.e. who can run root commands with sudo.
- Answer y if you want to install any of the third party software. Some may require you to download the corresponding installation package and save it to /tmp/Linux/openSUSE/15.2/packages/ before installation. In this case, you need to run ./systemconfig_SUSE152 again to perform the installation.
- In case of Skype, Virtualbox and Google Chrome, accept Unknown GnuPG Key with Yes or ignore with i in case of Signature verification failed. In case of Zoom, type a to trust always the imported key.
- In the case of VirtualBox, load the Extension Pack found in the packages folder.
- In case of Slack, ignore the complaint about 'libappindicator-gtk3', typing the solution number that breaks slack-... .
- YaST Administration Tool: ( )
- Adapting user environments ( ):
- Remove Temporary User: Now that the user environment has been adapted with systemconfig_SUSE152, delete the temporary first user:
- Select user, then Delete.
- Check Delete Home Directory, Yes.
- Then OK to close the window and perform the changes.
- Then open the same window again.
- Create Users as required:
- Create all users for the system.
- In Expert options. . . / Login settings make sure Auto Login and Passwordless Logins are unchecked!
- In the Additional Groups (check video) in case of NVidia graphic cards. tab, add the new users to the video group in
- OK.
- Encryption: Encryption is now mandatory at the University of Alberta. At the CFD-Lab we accomplish this by encrypting the entire home partition (see Partitioning). Alternatively, users can create an Encrypted Virtual Disk and mount them as directories/folders to store sensitive data. Remember that any computer can be compromised, if a malicious person has physical access to it. With an encrypted home partition or encrypted folder at least the user's data will remain protected after the computer is shut down.
- System Update: In case of system update, run ./cleanKDE_SUSE152 in the console to clean up user settings from previously existing users, if present. Inform other users that their settings are saved in the corresponding *_old directories (.kde4_old/).
- Remove Temporary User: Now that the user environment has been adapted with systemconfig_SUSE152, delete the temporary first user:
- Online Update Configuration ( )(restart YaST, if this tool does not appear):
- Import Untrusted GnuPG Keys with Yes or Trust, if necessary.
- Enable Automatic Online Update. Interval: weekly. Set Skip Interactive Patches, Agree with licenses and Include Recommended Packages and Use delta rpms.
- To prevent the automatic update process from being halted by issues with non-official repositories, enable Filter by Category and Add from the pull-down menu the main categories: Security and Packagemanager and YaST.
- OK.
- To install the interactive patches (such as kernel updates) and other patches, run from time to time as root or sudo:
zypper up
- Sysconfig Editor ( ):
- canadian (delete the other entries) :
- Next two items in case of RAID1 only:
- ,user@localhost). : add users to receive e-mail in case of RAID failure (format:
- /dev/md0,/dev/md1. : add devices, e.g.
- OK. Save. (Ignore the error saying that mdadm service does not exist.)
- Security and Users:
- Firewall ( ):
- Select the network card under eth0) and click on Change Zone, then select zone work (or public in case of wireless card). (e.g.
- Services:From the work or public:
- Make sure ssh is . Or else select it on the list and Add.
- Add also nfs to mount remote file systems.
- Add also kdeconnect-kde to enable connection with an Android device, if desired.
- Add other services from the list, as needed.
- Add ipp-client to connect to a remote printer. In case of a printer server (Shared Printer), also Add ipp.
list select - Accept.
- For more advanced Firewall settings for networked printers and scanners, check out http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- Security Center ( ):
- Workstation (or Roaming Device for laptops). : select
- 10 and Password Age: Minimum: 0. : Minimum Acceptable Password Length:
- Halt. : Interpretation of Ctrl+Alt+Del =
- OK.
- Firewall ( ):
- Time Synchronization ( ): To prevent the computer time from drifting, make sure the NTP Server is correctly setup.
- Make sure that Start NTP Daemon is set to Now and on Boot and that one or more servers are listed as Synchronization Servers.
- If there are no servers listed, Add a Server, Select a Public NTP Server in Canada. Make sure to Test the connection to the server. OK. OK.
- To ensure that the synchronization also happens between reboots, right-click on the clock in the Taskbar and select Adjust Date and Time..., then check Set date and time automatically. Apply. OK. This will apply to all users.
- Printer ( ):
- Local Printer:
- Printer Configurations: Add and setup local printer. Select one of the drivers and set default paper size to letter. You can Set Arbitrary Name to something more meaningful. OK. Then Print Test Page.
- In case of HP printer , specially multi-function printer:
- Run hp-setup from the Add window to install the HP management tool 'HP-systray'.
- Download the corresponding plugin on the first use of the printer.
- If a plugin is missing or needs update, a message "Driver plugin installation is required" will appear (only root can complete this update). Next. Download and install from server. Next. Agree with license. Next. Enter root password.
- Additional Printer Drivers: If the printer is not found among the listed printer drivers, even if clicking on Find More, then try the following:
- Click on Driver Packages.
- Select all driver packages. OK.
- Install each driver package (one by one).
- YaST will automatically perform a new search through the installed packages and hopefully find the appropriate printer driver. Select it. OK.
- After initial setup, Edit profile to be able to set All Options for the Current Driver. Here you can select the default settings for the printer. These settings can later be adjusted by changing the Properties at time of printing. Here you can also set the Use as Default option.
- Share Printer:
- Start the CUPS deamon (cups in ) and set Start Mode to On boot.
- Under Allow Remote Access, as well as the sub-item For computers within the local network, adding the network interface (usually eth0). , check
- Add to field Allow the space-separated list of IP addresses that should use this printer (this list will prevent other machines in the LAN from using this printer server). Alternatively, leave the address fields blank to allow general access from the LAN, in which case you should set Publish printers in the local network.
- Don't forget to open the CUPS ports (ipp) in the firewall (see Firewall above).
- Remote Printer:
- In case of a single remote print server running CUPS:
- In Stop both cups and cups-browsed deamons. Also set both Start Mode to Manually.
- Open Restart locally running CUPS daemon. Accept the 3 error messages with OK. and do not
- Under Print via Network check Do All Printing Directly via One Single CUPS Server, and enter the print server IP address in the field. Test Server. OK. OK.
- Alternatively, use the Connection Wizard to connect to a CUPS Server (IPP) and select the Raw Queue instead of a printer manufacturer, if the CUPS server is a Linux machine.
- In case of multiple print servers:
- In cups-browsed is running. Or else select it and Start and set Start Mode to On boot. make sure the deamon
- Under Printer Configurations click on Add and then on Connection Wizard to add each remote printer.
- In case of a single remote print server running CUPS:
- OK. OK.
- Local Printer:
- Adapting user environments ( ):
- LibreOffice Extensions: Start LibreOffice Writer ( ), then click on and Add the following extensions (For all users):
/tmp/Linux/LibreOffice/dict-en-20210101.oxt (Canadian English dictionary)
/tmp/Linux/LibreOffice/gallerysignauxdangers.2.0.5.1.oxt (danger signs clipart)
/tmp/Linux/LibreOffice/Sun_ODF_Template_Pack2_en-US.oxt (page down and accept license)
/tmp/Linux/LibreOffice/Sun_ODF_Template_Pack_en-US.oxt (page down and accept license)
/tmp/Linux/LibreOffice/TexMaths-0-49.oxt; Check for Updates; Install; OK (insert LaTeX equations as images)
then Close. You can find many more extensions at extensions.libreoffice.org and templates at templates.libreoffice.org. - Encrypted Partitions: In case of encrypted partitions, do not forget to edit /etc/fstab and /etc/crypttab, as described in Partitioning.
- Dual-boot with Windows: To allow read/write, instead of read-only, on NTFS partitions you need to edit the corresponding entry in /etc/fstab to remove the ro (read-only) parameter. The parameters (after ntfs-3g) should read:
user,users,gid=users,umask=0002 - Reboot the machine ( ).
- From this point on, avoid logging in as root in a graphical desktop, such as KDE.
- User Settings: In addition to the main system setup steps performed here, each user needs to adjust their own environment. The Instructions for Users list those adjustments, as well as useful information about Remote Connections, Online Resources, etc.
SYSTEM MAINTENANCE
- System Administrators: The users entered as administrators during Custom System Settings can run the administration tool YaST without knowing the root password in a terminal:
sudo /sbin/yast
or in graphical mode:
xhost + ; sudo /sbin/yast2; xhost -
Don't forget the last part in the command sequence above to restore the secure access control to Xorg! - Manual System Patching: The automatic patch installation sometimes fails in the case of conflicts. When Apper indicates that new patches were not installed overnight (circle with arrow pointing up in the System Tray), then install the patches clicking on the icon and following the prompts. Alternatively, run the update in command line mode:
sudo zypper up
Reboot the machine afterwards, only if instructed to do so. If not, it is recommended to logout and login again to avoid desktop freezing. - Time Synchronization: If the computer time drifts or changes, NTP may not have been setup during installation. Open and check Now and on Boot.
Then Add a Server, Select a Public NTP Server in Canada. OK. OK.
To ensure that the synchronization also happens between reboots, right-click on the clock in the Taskbar and select Adjust Date and Time..., then check Set date and time automatically.
PACKAGES AND SETTINGS
To install RPM packages prepared for openSUSE15.2, right-click on the package file and Open with Install/Remove Software. Alternatively, install package with sudo zypper in package.rpm. Most packages are found in the corresponding Community Repository (see below) or in the openSUSE Build Service (http://software.opensuse.org/search) as 1-Click Install.
- Repositories: ( ) To add specialized repositories of software packages, click on Add and either enter a Specified URL, or select from a list of Community Repositories. OK.
- Software Management: ( ) To install additional packages, browse the Patterns and Package Groups (you may need to activate these tabs by selecting them under the View pull-down menu), selecting packages to install:
- Dictionaries:
- In Package Group Office select aspell, ispell and myspell dictionaries, as required. myspell dictionaries are also recognized by LibreOffice. Do not select items in the Localization group, unless you want program menus in that language.
- To verify which is the compose key for accents and special characters, check your local ~/.Xmodmap file.
- Repositories: here is the best place to check if packages need updates (blue):
- Dependency Conflict:
- If the conflict occurs because the newest version is at another repository, it is usually safe to change the repositories (enter corresponding option number) or to replace the file (yes).
- If there is a conflict with no clear solution, it is preferable to choose the option that says Do not install ..., then OK – try again.
- Alternatively, cancel the warning, right-click on the package that caused the conflict and either select Do Not Install, if the original intent was to install, or select Keep, if the original intent was to update the package.
- In case many packages were selected, it is better to cancel the install completely and start again installing one package at a time.
- Accept all licenses and automatic changes: Continue. If the process times out and says that server is unavailable, Retry to continue.
- If a new kernel is installed, reboot.
- Note: If the samba server is installed (not default), then run again systemconfig_SUSE152 afterwards (see Custom System Settings).
- Dictionaries:
- X2Go: (installation may have been performed by systemconfig_SUSE152)
- X2Go is a highly efficient remote X server based on the NX3 technology.
- Find instructions for use of X2Go in the User Settings under Remote Connections.
-
Laptop:
- Wireless: If the wireless card is not recognized and set automatically, install kndiswrapper, ndiswrapper and ndiswrapper-kmp-default and follow the instructions in http://en.opensuse.org/SDB:Ndiswrapper.
- Touchpad: To adjust the touchpad, go to .
- Tablet PCs: Touch and digital pen should be fully supported. Use Xournal++ to annotate PDFs and write notes on the tablet.
- Power Management: For a more refined and optimized power control than KDE Power Management offers, run powertop in a terminal as root.
- CrossOver Linux: (Enhanced WINE, a commercial Windows emulation; only installed in selected machines) Uninstall the openSUSE wine package first. Install the latest version of CrossOver Linux from /tmp/Linux/CrossOverLinux. Always install Windows programs as a user, not as root. From CrossOver 11 on, you need to enter the registration to unlock the installation, running (enter root password). To make the same Windows software available to all users, run . Select the bottle containing the software, then go to the Advanced tab and click on Publish (enter root password).
SPECIAL TOPICS
- Partitioning: Recommendations for partitioning a new system:
- If you do not have experience, it is better to use the Guided Setup option and follow the recommendations.
- When installing a New System, make sure to use a GUID Partition Table (GPT). If unsure, go to Expert... and Create New Partition Table of type GPT.
- BIOS Boot: On all disks with GUID Partition Table (GPT), create first a small partition at the beginning of each disk (8 or 16 MiB); Role: Raw volume; Do not format, Partition ID: BIOS Boot Partition, Do not mount device. This partition is needed to hold the second stages of the GRUB boot loader.
- Root partition: 60 GiB (for systems without large simulation software) to 250 GiB (for systems with large simulation software) with Role of Operating System of type ext4, mounted as /.
- Swap partition: one to two times the size of RAM (=2 if system has low RAM, >=1 for laptops, because this partition is used to store the memory during sleep).
- Home partition: rest of the drive (use Role of Data and ISV Applications and type ext4), mounted as /home.
Important: For the entire /home partition to be encrypted, check Encrypt device, then enter the Encryption password. To prevent the boot process from hanging, add the option nofail to the corresponding entry in /etc/fstab and the options none timeout=300 (time in seconds) to the entry in /etc/crypttab after the installation is complete. Ex.:
/etc/fstab: UUID=..... /home ext4 defaults,nofail 0 2
/etc/crypttab: cr_home UUID=..... none timeout=300 - (For laptops) Fstab options...: Check No Access time in all partitions to save battery.
- RAID: see RAID topic below.
- NTFS shrinking and repartition: Always defrag the partition first. In new Windows 8 machines, run chkdsk /f in elevated mode (Administrator Command Prompt) and reboot into Windows twice. See topic Parted below.
- UEFI: In case of UEFI and Windows dual-boot, find the existing Windows partition of type EFI boot and mount it to mount point /boot/efi without formatting. YaST will give a warning about this partition being mounted without formatting, but it can safely be ignored. See more details at https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.uefi.html.
- IMPORTANT: To increase the chances of data recovery in case of hard disk failure, always write down a table with devices, sizes, FS type, mount points and start/end, as shown in the “Hard Disks” view.
- Finish and Accept.
- For a GUI-based partitioning tool, when the system is running normally, try .
- To test a partition, first unmount the partition with umount.
Then run the read-only check with automatic fixing of errors
fsck -cy /dev/PARTITION | tee disk_errors.txt
The command shows the error messages and saves them in the file at the same time. For a more complete read-write check, replace -cy with -ccy. This process may take several hours.
- Managing Encrypted Partitions: To create encrypted partitions with LUKS, such as /home, see Partitioning above. Here are a few hints to help maintain LUKS encrypted partitions:
- To mount a LUKS encrypted partition from an external disk, say /dev/sdc1:
cryptsetup luksOpen /dev/sdc1 cr_tmp
mount /dev/mapper/cr_tmp /mnt
Or to mount the encrypted home partition, if the system reboots unattended, use the 2 entries in /etc/crypttab in reverse order to open the device, then mount the device, for example:
cryptsetup luksOpen /dev/md2 cr_home
mount /dev/mapper/cr_home /home
- To create a new encrypted folder:
- First create an empty image file (size is in bytes, e.g. 100G):
fallocate -l size crypt_dir.img
- Then turn the image into an encrypted LUKS container:
cryptsetup -y luksFormat crypt_dir.img
Type YES and enter the passphrase twice. - Finally, open the container, format it, and mount the folder:
cryptsetup luksOpen crypt_dir.img crypt_dir
mkfs.ext4 /dev/mapper/crypt_dir
mkdir /mnt/dir
mount /dev/mapper/crypt_dir /mnt/dir
- First create an empty image file (size is in bytes, e.g. 100G):
- To change the encryption key from a LUKS partition, say /dev/md2:
- Check which slot is being used (ENABLED) by the partition:
cryptsetup luksDump /dev/md2 - Change the passphrase for the identified slot, say Key Slot 0:
cryptsetup luksChangeKey /dev/md2 -S 0
- Check which slot is being used (ENABLED) by the partition:
- To change the label of an encrypted partition (must be open, say cr_tmp):
e2label /dev/mapper/cr_tmp new-label - It is also possible to add more keys (passphrases) to a partition:
cryptsetup luksAddKey /dev/md2 - To unmount a LUKS encrypted partition from an external disk, say /dev/sdc1:
umount /dev/mapper/cr_tmp
cryptsetup luksClose cr_tmp
- To find all crypto_LUKS devices currently open:
lsblk
- To mount a LUKS encrypted partition from an external disk, say /dev/sdc1:
- Protecting SSD Drives: Solid State Drives (SSD) are very fast, but they also can wear out much faster (i.e. fail sooner) than spinning disks, if not properly cared for. A good set of hints for protecting your SSD can be found here:
- Formatting USB Disk Drives: USB memory sticks and USB external hard disks are extremely convenient means of transporting data. They are usually pre-formatted with either FAT32 or NTFS partition formats. They are automatically recognized in KDE and can be easily mounted through the automounter (in the pop-up window select Open with File Manager). However, because of the limited capabilities of these file formats, files copied to them cannot store associated information, such as user and group ownership, file permissions, etc. When files are copied back to a Linux disk, the automounter assumes the most permissive settings (ownership by the current user and full permissions (rwx) to all). Modification dates may also not be preserved. Although the permissions can be somewhat corrected using the recursive alias command cleanmode, which is part of ~/.alias in this installation.
(Note: Memory sticks should never be relied upon for backup or to keep single copies of a file. They can easily be permanently and irrecoverably damaged, if they are exposed to a strong magnetic field or if their flash controller electronics fails.)
To preserve all file informations, create another partition or reformat the entire USB drive with a Linux file system, such as ext4. This can be done with or . Just make sure you work on the "hard disk" associated with your USB drive. Once the Linux partition is created, remove and reinsert the USB drive to mount the partition with the automounter. Then create the following directories (folders) in a terminal as root.- Create as root one directory for each user in the partition:
mkdir /media/.../userid
chown userid.users userid/
and remember that it is the user number in the target machine (see /etc/passwd) that determines the ownership. - Create as root one directory that is writable to all users, so other users can save things on the USB drive:
mkdir /media/.../share
chmod a+rwx /media/.../share
- Create as root one directory for each user in the partition:
- RAID: If you join 2 identical hard disks in a software RAID 1 (mirror RAID), you get data redundancy that allows you to survive a disk crash without downtime. Linux based software RAID also allows you to plug one or both disks in any other Linux machine and read the data without hardware compatibility issues posed by RAID controllers. NOTE: The use of RAID should only be viewed as a convenience, and never be considered a backup.
To create a mirror RAID out of 2 identical hard disks at installation:- Create: in the Expert Partitioner during installation or using
- Create identical individual partitions in all disks. Do not format! Set Role as Raw Volume (unformatted) and Partition ID as Linux RAID. Do not mount.
- After setting up the first disk, change to the Overview tab and select at the bottom Partition Table / Clone Partitions to Other Devices to easily copy the same partitions to the second disk.
- Go to the RAID item of the System View tree and Add RAID. Create each RAID, selecting Type RAID 1 (Mirroring), and adding the partitions from both disks to the corresponding RAID. Next. Next.
- Go to the RAID item (e.g. md0)) and in the Partitions tab Add Partition.
- Select the Role of Operating System for the root partition and Data and ISV Applications for the home partition. Next.
- Finish each RAID, formatting with Ext4 and selecting the mounting points. Set Encrypt Device in the case of /home.
- Existing RAIDs that are not to be formatted, such as /home, should just set a mounting point using Edit... . Disregard the proposed RAID names (linux:1), which will later change to md1 by themselves later.
- Accept. Next.
:
-
- ,user@localhost). : add users to receive e-mail in case of RAID failure (format:
- /dev/md0, /dev/md1. : add devices, e.g.
:
- Install Grub2 in both disks: Check if /etc/default/grub_installdevice has 2 entries, one for each disk ((hd0) and (hd1)). If not, install Grub2 in both RAID1 disks, so both are bootable.
- Check the device name of the disks with
fdisk -l - Usually Grub2 is installed only on the first disk (say /dev/sda). To install it also on the second:
grub2-install /dev/sdb
- Check the device name of the disks with
- Check status: The status of RAID can be seen with
cat /proc/mdstat
where the [UU] or equivalent part indicates that both partitions that make up that RAID are up. In case one partition fails, it becomes inactive and the U is replaced by an underscore. In this case, the users entered in the /etc/sysconfig list above receive an e-mail, which can be seen with the mail command. - Restore disk:
If the status shows one of the disks is not active, first try restoring the disk as in d) below. Watch with
journalctl -f
for any error in the hard disk.
In case I/O error is reported by journalctl, the failed disk needs to be replaced as soon as possible:- Identify the failed disk: find out from the journal which device failed or use command
lsblk
Then identify the physical disk corresponding to this device from its serial number with
udevadm info --query=all --name=/dev/sdX | grep ID_SERIAL - Remove failed disk and replace by another of identical (or larger) size.
- Partition the new disk (say /dev/sdX) with YaST exactly as the other (identical partitions). Do not format. Flag as 0xFD Linux RAID.
- As root, add partition sdXN back to the RAID mdM with:
mdadm /dev/mdM --add /dev/sdXN - Observe status with
cat /proc/mdstat
- Identify the failed disk: find out from the journal which device failed or use command
- Retrieve data: To retrieve data from a RAID, attach the disks to a machine, turn it on and use
cat /proc/partitions
to find out the device names of the disks and their partitions. Assuming the disks are named /dev/sdc and /dev/sdd and each has N partitions, you can query which RAID device was associated with partition N running
mdadm --examine /dev/sdcN /dev/sddN
This will report the order (see table at the end, Number of this device). Now, reassemble the RAID using the next available (non-used) M number (check existing ones with cat /proc/mdstat) and keep the exact same order of devices (example: /dev/sdcN was device 0 and /dev/sddN was device 1)
mdadm --assemble /dev/mdM /dev/sdcN /dev/sddN
Then mount the RAID with
mount /dev/mdM /mnt or
mount /dev/mdM /mnt/tmp
In case one disk has failed after the RAID was removed, e.g. only disk /dev/sdc can be seen with cat /proc/partitions but mdadm --assemble refuses to create RAID with one disk only, force the reassembly of mdM with
mdadm --assemble --run /dev/mdM /dev/sdcN
mount /dev/mdM /mnt
- Create: in the Expert Partitioner during installation or using
- Parted: If installation fails due to partitioning error during shrinking of an NTFS partition on a dual-boot machine, you may need to use the command line tool parted to fix the disk partitioning before restarting your installation. You will need the table copied from the “Hard Disks” section of the installer (see Important Note above).
- Reboot and select “Rescue System” from the DVD Menu and login as root (no password).
- Run parted and use help or help command to get help within Parted:
- select /dev/sda (or hda or other name of disk being partitioned)
- unit cyl (display values in cylinders)
- print all (see what was actually done during the failed attempt to repartition)
- rm N (remove all partitions N created after the last NTFS partition)
- mkpart typecyl_start1cyl_end1 (partition type can be primary, extended or logical, start and end should be from the table)
- mkpart typecyl_end1 +1 cyl_end2 (make sure the next partition starts one cylinder past the end of the previous one)
- print all (check what you did)
- quit
- reboot
- Restart installation process and simply Edit file system types and mounting points of the existing partitions.
- For a graphical partitioning tool, when the system is running normally, try .
- samba-client is an Allowed Service in the Firewall and the samba-client package was installed during Custom System Settings (or else rerun systemconfig_SUSE152). To mount Windows shares from MECE, proceed as follows:
- Mounting Windows Shares:
- For a temporary mount, go to the Places panel of Dolphin, click on Network, then click on Samba Shares.
- Alternatively, if the available shares do not show up for browsing, type the Windows share directly in the Location bar. Example:
smb://www.mece.ualberta.ca/users/ - For a permanent mount, create a hidden file (and only readable to user) containing your Samba username and password as follows:
username=foo
password=plaintext
and add the following line (single line) to /etc/fstab for automatic mounting at reboot:
//servername/shareddir /mnt/mounteddir cifs rw,file_mode=0640,dir_mode=0750,credentials=/path/.hiddenfile,user=foo,uid=userid,gid=users 0 0
- Exchanging files with a Windows Share:
-
For interactive mode, use smbclient in the same way as an FTP client:
cd localdir
smbclient //server/share
cd remotedir
put filename
mput file*
recurse (toggles recursive mode on, test with ls)
mget * - For batch mode, you can transfer a complete directory with one command:
cd localdir
tar cvf - . | smbclient //server/share -D remote/dir -Tx -
-
For interactive mode, use smbclient in the same way as an FTP client:
: Make sure - Mounting Windows Shares: