WebYaST 11

Chapter 3. Creating Appliances Containing WebYaST¶

To create appliances containing WebYaST, use either SUSE Studio or SUSE Studio Onsite®. For details, see Procedure 3.1, “Creating Appliances with SUSE Studio or SUSE Studio Onsite®”.

When creating appliances containing WebYaST, you need to include some packages for WebYaST to work. The following packages are required for the basic WebYaST framework:

webyast-base-ws
webyast-base-ui
webyast-base-ui-branding
webyast-software-ws
webyast-software-ui
webyast-status-ws
webyast-status-ui
webyast-reboot-ws
webyast-reboot-ui

The following non-WebYaST packages are also needed:

syslog-ng

The following non-WebYaST package could be added for convenience:

openssl-certs (to allow SSL connections to the NCC registration server)

Communication with Registration Servers

	Communication with Registration Servers
When registering a system (appliance), the communication with the registration server (NCC, SMT, SLMS) is performed through encrypted HTTPS connections. The certificate that is used on the registration server needs to be trusted by the client (appliance). This can be done by placing the CA certificate that the registration server's server certificate was signed with on the client in `/etc/ssl/certs/` directory. and then run c_rehash /etc/ssl/certs/. By default there are no certificates in `/etc/ssl/certs/`, as it is the administrator or security team who has to decide what certificates their appliances should trust. This means that the creator of the appliance has to take care that the certificates that his appliances should always trust are at this location. The certificates should be added as overlay files during appliance creation, and c_rehash /etc/ssl/certs/ should be run in a post creation script). For SMT (Subscription Management Tool) and SLMS (SUSE Lifecycle Management Server) by default use the custom "YaST_CA" CA certificate that is created during installation of the server. This certificate is exposed via HTTP (but not HTTPS) at the `http://smt-or-slms-host.company.com/smt.crt` location. This file has to be put into the appliance. If a custom CA is used to sign the registration server's server certificate for SMT or SLMS, please put this CA certificate into the appliance. For appliance registrations at NCC (Novell Customer Center) the Equifax CA certificates are needed to allow communication to the Novell registration server. The creator of the appliance could add the package `openssl-certs` to his appliance, which includes all needed certificates. However, this package contains many certificates and by adding this package they are all trusted as well.

When registering a system (appliance), the communication with the registration server (NCC, SMT, SLMS) is performed through encrypted HTTPS connections. The certificate that is used on the registration server needs to be trusted by the client (appliance).

This can be done by placing the CA certificate that the registration server's server certificate was signed with on the client in /etc/ssl/certs/ directory. and then run c_rehash /etc/ssl/certs/.

By default there are no certificates in /etc/ssl/certs/, as it is the administrator or security team who has to decide what certificates their appliances should trust. This means that the creator of the appliance has to take care that the certificates that his appliances should always trust are at this location. The certificates should be added as overlay files during appliance creation, and c_rehash /etc/ssl/certs/ should be run in a post creation script).

For SMT (Subscription Management Tool) and SLMS (SUSE Lifecycle Management Server) by default use the custom "YaST_CA" CA certificate that is created during installation of the server. This certificate is exposed via HTTP (but not HTTPS) at the http://smt-or-slms-host.company.com/smt.crt location. This file has to be put into the appliance. If a custom CA is used to sign the registration server's server certificate for SMT or SLMS, please put this CA certificate into the appliance.

For appliance registrations at NCC (Novell Customer Center) the Equifax CA certificates are needed to allow communication to the Novell registration server. The creator of the appliance could add the package openssl-certs to his appliance, which includes all needed certificates. However, this package contains many certificates and by adding this package they are all trusted as well.

The following packages are optional modules. Select them according to your needs:

webyast-root-user-ui
webyast-licenses-ui
webyast-mail-ui
webyast-network-ui
webyast-registration-ui
webyast-services-ui
webyast-time-ui
webyast-root-user-ws
webyast-firstboot-ws
webyast-licenses-ws
webyast-mail-ws
webyast-network-ws
webyast-ntp-ws
webyast-registration-ws
webyast-services-ws
webyast-time-ws

For a list of all available WebYaST packages and their functions, see Appendix A, WebYaST Packages.

Procedure 3.1. Creating Appliances with SUSE Studio or SUSE Studio Onsite®¶

In a browser, enter the URL of the publicly hosted version of SUSE Studio:http://susestudio.com/ and log in.
Alternatively, enter the URL of your SUSE Studio Onsite server and log in.
As the base template for your appliance, choose SUSE Linux Enterprise 11+Server.
Select the architecture, either 32-bit or 64-bit.
Choose a name for the new appliance and click Create new appliance.
Select the Software tab.
Click Add repositories+Import new repository.

If you are using the publicly hosted version of SUSE Studio, find the WebYaST repository in the list of the available repositories and click Add.

If you are using SUSE Studio Onsite, select Import New Repository and enter the name and URL of your locally available mirror of the WebYaST repository. Then click Add repository.

	Creating a Local Mirror of the WebYaST Repository
The WebYaST packages are available as a pool in the Novell Customer Center. For creating a local mirror of the WebYaST repository, the Subscription Management Tool (SMT) is recommended. For more information about SMT, see the Subscription Management Tool Guide, available at http://www.novell.com/documentation.

In the Software tab search box, enter webyast. All available WebYaST packages will be listed.
If you want to add all WebYaST packages, click Add all.
To add or remove individual packages use the buttons in the left column of the list. For information about individual packages click their names in the list.
Added packages are checkmarked.
Select the Configuration tab and configure your appliance according to your needs.
Regarding WebYaST, the default values in the following categories are mostly sufficient: General, Personalize, Startup, Server, and Desktop, Storage & Memory.
In the General section, make sure that network is enabled.
In the Storage & Memory section, set the RAM size at least to 512 MB.
In the Scripts tab, activate the Run script at the end of the build option.

Enter the following script:

# source in profile
. /studio/profile

# enable services
insserv collectd
insserv yastwc
insserv yastws

change () {
    KEY="$1"
    VALUE="$2"
    FILE="$3"
    sed -i "s/^$KEY.*/$KEY$VALUE/" "$FILE"
}

# bnc#544694
change NETCONFIG_NTP_STATIC_SERVERS= pool.ntp.org /etc/sysconfig/network/config
# bnc#553185
change FQDNLookup " false" /etc/collectd.conf
# bnc#553185#c1
echo "LoadPlugin df" >> /etc/collectd.conf