Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Point of Service 11 SP3 and SUSE Linux Enterprise Point of Service 12 Image Server

5 Setting Up a Branch Server

The Branch Server provides the network boot and system management infrastructure for the SUSE® Linux Enterprise Point of Service terminals and a generic system platform for instore applications, such as database systems and back-ends for the Point of Service applications.

The Branch Server can be installed in two modes, online or offline. The online installation mode requires an Internet connection to the Administration Server. If no Internet connection to the Administration Server is available, use the offline installation mode.

If you intend to set up a high-availability Branch Server, check out the High Availability Guide, available from http://www.suse.com/documentation/sles11/.

Note
Note: System Requirements

For a list of system requirements to set up an Branch Server, refer to Section 1.2.3, “Branch Server”.

Before configuring a Branch Server, check if the following conditions are met:

5.1 Branch Server Network Configuration

SUSE Linux Enterprise Point of Service offers three ways to configure the network on a Branch Server:

  1. LDAP-based,

  2. Branch Server-based,

  3. predefined defaults.

5.1.1 LDAP-Based Network Configuration

The Branch Server network is configured based on the settings defined in LDAP. This mode is selected when all of the following conditions are met:

  1. The Branch Server's object scLocation attributes ipNetworkNumber and ipNetworkMask differ from 0.0.0.0.

  2. Either one scNetworkcard is defined under scLocation object or one NIC is left unconfigured on Branch Server.

  3. scNetworkcard attribute scDevice matches one of the Branch Server's NIC.

  4. scNetworkcard attribute ipHostNumber differs from 0.0.0.0.

posInitBranchServer then automatically updates network configuration and basic DNS configuration. When posInitBranchServer is about to overwrite a manual configuration, user confirmation is requested. If it is running in noninteractive mode, permission to overwrite is granted automatically.

5.1.2 Branch Server-Based Network Configuration

The Branch Server's NICs are manually configured on the Branch Server. This mode is selected when all of the following conditions are met:

  1. Branch Server's object scLocation attributes ipNetworkNumber and ipNetworkMask equal 0.0.0.0.

  2. One scNetworkcard is defined under scLocation object and its scDevice attribute matches one of the manually configured NICs on the Branch Server, or there is only one manually configured NIC on the Branch Server, which matches one of scNetworkCards scDevice attributes.

  3. scNetworkcard attribute ipHostNumber equals 0.0.0.0.

posInitBranchServer then updates the LDAP configuration to match the current BranchServer configuration and updates the basic DNS configuration.

5.1.3 Predefined Network Configuration

The Branch Server's NICs are configured according to the SUSE Linux Enterprise Point of Service defaults. This mode is selected when all of the following conditions are met:

  1. Branch Server's object scLocation attributes ipNetworkNumber and ipNetworkMask equal 0.0.0.0.

  2. One scNetworkcard is defined under scLocation object and its scDevice attribute matches one unconfigured NIC on the Branch Server, or there is only one unconfigured NIC on the Branch Server, which matches one of the scNetworkCards scDevice attributes.

  3. scNetworkcard attribute ipHostNumber equals 0.0.0.0.

When no information about the network is set, posInitBranchServer configures NICs and updates LDAP databases with a configuration based on SUSE Linux Enterprise Point of Service defaults:

scLocation attributes:
  scNetworkNumber  = '192.168.1.0'
  scNetworkMask    = '255.255.255.0'
  scDhcpRange      = '192.168.1.10,192.168.1.54'
  scDhcpFixedRange = '192.168.1.55,192.168.1.88'
  scDefaultGw      = '192.168.1.1'
scNetworkcard attribute
  ipHostNumber = '192.168.1.1'

5.2 Configuring Branch Server with the posInitBranchserver Command

The posInitBranchserver command is provided for the Branch Server configuration.

5.2.1 Online Branch Server Configuration

The following procedure describes the installation process of a SUSE Linux Enterprise Point of Service 11 Branch Server if an Internet connection to the Administration Server is used:

  1. Execute the posInitBranchserver command.

    The posInitBranchserver command asks for the installation mode to be used. For the default online installation enter 1 or press Enter.

  2. Provide the required information. Enter the organization/company name (organization), organizational unit (organizationalUnit) and location/branch name (scLocation) as initialized on the Administration Server (and as specified in the LDAP database). Enter the resolvable and connectible name or the IP address of the Administration Server. Enter the Branch Server password defined when the scLocation object was created using posAdmin on the Administration Server.

    It is possible to use nested organizational units, for example: cn=mybranch,ou=mysuborgunit,ou=myorgunit,o=myorg,c=us. To enter nested organizational units to posInitBranchserver, use the dot notation: mysuborgunit.myorgunit.

  3. The script checks resolvability of the Administration Server IP address and tries to download Administration Server certificates. The certificates are then used for automatic establishment of encrypted SSL communication. If no certificates are found, an unencrypted communication is used.

    Important
    Important: Administration Server's rsync Port Must Be Open

    Make sure the rsync port (usually 873) is open on the Administration Server. The rsync port is not open in the default SLES11 installation. You need to add it by entering its number in the YaST Firewall module under Allowed Services › Advanced › TCP Ports.

    Important
    Important: Branch Server's TFTP Port Must Be Open

    Make sure the TFTP port (usually 69) is open on the Branch Server. This port is not open in the default SLES11 installation. You need to add it by adding its number in the YaST Firewall module under Allowed Services › Advanced › TCP Ports. If FTP is used, the FTP ports must be open.

    If an Administration Server certificate is found, you are asked to acknowledge its fingerprint and validate it.

  4. The script asks if you want to create and use a local branch LDAP database on the Branch Server. It contains a copy of the subtree from the Administration Server LDAP database which corresponds to this Branch Server. This is part of the SUSE Linux Enterprise Point of Service 11 offline functionality feature. The recommended default setting is yes.

    If your choice is yes, the script initializes a local branch LDAP database. If your choice is no, enter the host name or IP address of an already initialized LDAP database.

  5. The script issues a command to start LDAP SyncRelp replication to create a copy of the branch subtree from the Administration Server's LDAP database.

  6. If everything is in order, the script finds the Branch Server domain in the Administration Server's LDAP database and prints information about the found domain.

  7. The script asks for a final confirmation before it configures and starts the core Branch Server services.

  8. If everything is in order, the script finishes successfully. If an error occurs, it is reported and logged in syslog.

    Note
    Note: Aborting the Command

    If you select no in any configuration step (except when selecting not to use a local branch LDAP), the script deletes all its intermediate data and exits.

5.2.2 Offline Branch Server Configuration

The following procedure describes the installation process of a SUSE Linux Enterprise Point of Service 11 Branch Server if no Internet connection to the Administration Server is used:

  1. Preferably, execute posInitBranchserver -f pathToOfflineInstallationFile. You can also execute the posInitBranchserver command without options and select 2 when asked for the installation mode to be used.

  2. Provide the required information. Enter the organization/company name (organization), organizational unit (organizationalUnit) and location/branch name (scLocation) as initialized on the Administration Server (and as specified in the LDAP database). Enter the resolvable and connectible name or the IP address of the Administration Server. Enter the Branch Server password defined when the scLocation object was created using posAdmin on the Administration Server.

    If an offline installation file was provided in the first step, the default values from the file are used.

  3. In the offline installation mode, the script does not check resolvability of the Administration Server IP address. Server certificates are copied from the offline installation file, if present.

    If an Administration Server certificate is found, you are asked to acknowledge its fingerprint and validate it. SSL communication is then automatically established. If no certificate is found, unencrypted communication is used.

  4. The script asks if you want to create and use a local branch LDAP database on the Branch Server. It contains a copy of the subtree from the Administration Server LDAP database which corresponds to this Branch Server. This is a part of the SUSE Linux Enterprise Point of Service 11 offline functionality feature. The recommended default setting is yes.

    If you select yes, the script initializes a local branch LDAP database. If you select no, enter the host name or IP address of an already-initialized LDAP database.

  5. The script initializes the local branch LDAP database using the ldapadd command from the offline installation file.

  6. In offline installation mode, it is not yet possible to find the Branch Server domain. Therefore, if there is no Internet connection, the attempt fails and the script terminates. However if there is a connection to the Administration Server, the script finds the Branch Server domain in the Administration Server's LDAP database and prints information about the found domain.

  7. The script asks for a final confirmation before it configures and starts the core Branch Server services.

  8. If everything is in order, the script finishes successfully. If an error occurs, it is reported and logged in syslog.

    Note
    Note: Aborting the Command

    If you select no in any configuration step (except when you select not to use a local branch LDAP), the script deletes all its intermediate data and exits.

Note
Note: Administration and Branch Server Combination

If the Administration and Branch Servers are being configured on a single machine, no certificates are used and the SSL communication is disabled. Also, there is no local branch LDAP database created, as the offline functionality is not needed.

5.2.2.1 Creating an Offline Installation Package

If you want to initialize an offline Branch Server without any Internet connection, create an offline installation package:

  1. To create an offline installation package, use:

    posAdmin
    --base scLocationDN
    --generate

    For example, for the cn=mybranch,ou=myorgunit,o=myorg,c=us branch, use:

    posAdmin
    --base cn=mybranch,ou=myorgunit,o=myorg,c=us
    --generate
  2. The generated offline installation package is located in the /var/share/SLEPOS/OIF/scLocationDN.tgz file. For the company mentioned earlier, the file name would be /usr/share/SLEPOS/OIF/mybranch.myorgunit.myorg.us.

5.2.2.2 Transferring System Image Files

If there is no network connection between Administration Server and Branch Server, the system image files must be copied from the Administration Server to the Branch Server manually.

Boot images must be copied from the /srv/SLEPOS/boot/ directory on the Administration Server to the /srv/tftpboot/boot/ directory on the Branch Server and then put to production using the possyncimages --local command.

System images and their associated MD5 checksum files must be copied from /srv/SLEPOS/image/ on the Administration Server to /srv/tftpboot/image on the Branch Server and then put to production using the possyncimages --local command.

5.2.3 Changing the Branch Server Password

Before attempting to change the Branch Server password, ensure that the following conditions are met and understood:  

  • The Branch Server is already initialized.

  • The Branch Server is in online mode and the Administration Server's LDAP is available.

  • The Branch Server's local LDAP will be restarted during the procedure.

When you are ready to proceed with changing the password, call posInitBranchServer -p or posInitBranchServer --chpasswd.

You will be asked to enter the old Branch Server password then the new Branch Server password twice. After changing the password, the system will perform a password validation and inform you of the result.

In case of problems, see Section 13.3.3, “Problems with Changing the Branch Server Password”.

5.3 Distributing Images to the Branch Server

If you want to create a new image or change an image version, run the possyncimages command at the Branch Server. This transfers new or updated images to the Branch Server after the images have been added to the Administration Server’s RSYNC directory.

Important
Important: rsync Service and LDAP Objects

The rsync service must be properly configured and running on the Administration Server for the possynimages command to run. For more information, see Section 4.6.1.3, “Adding an scServerContainer and scBranchServer Objects”.

Additionally, each system image has an associated scPosImage object in LDAP. The object's scPosImageVersion attribute should be set to active or a relevant scImageVersion object must be created to keep track of the most recent image version and state before possyncimages transfers the images to the Branch Server. For more information, see Section 4.6.2.8, “Activating Images”.

The basic process is as follows:

  1. Via the PID file, the possyncimages command initially checks if an instance is already running.

  2. The image files are then copied from the Administration Server to the Branch Server. Boot images are copied from the /srv/SLEPOS/boot/ directory on the Administration Server to the /srv/tftpboot/boot/ directory on the Branch Server. System images and their associated MD5 checksum files are copied from /srv/SLEPOS/image/ to /srv/tftpboot/image.

    possyncimages downloads the base images first but later prefers downloading the deltas instead of full images. Full images are re-created on the Branch Server in /srv/SLEPOS.

    During this process, the TFTP server must be stopped or otherwise prevented from transmitting the image files to clients.

For more information on the possyncimages command, see Section B.3.9, “possyncimages”.

After executing the possyncimages command, verify the result by checking the contents of the following directories:

  • /srv/tftpboot/image

  • /srv/tftpboot/boot

5.3.1 Controlling the List of Images Downloaded by Branch Server

The scLocation object can have a multivalue scSynchronizedImagesDn attribute, which contains a list of scPosImage or scCashRegister DNs. The possyncimages command downloads only the listed images or the images used on listed terminals. If one scPosImage object points to multiple image versions, the command downloads all active ones. An empty list means that all images have been downloaded. The list can be edited with posAdmin.

5.4 Starting the posleases2ldap Core Script

Start the core script (posleases2ldap) as a daemon process on the Branch Server. The core script is responsible for registering any new Point of Service terminals at the LDAP directory and transferring image install notification data to the LDAP directory on the Administration Server.

  • To verify that posleases2ldap is currently running, execute the following command:

    rcposleases2ldap status

  • To manually start the posleases2ldap service, execute the following command:

    rcposleases2ldap start

  • To ensure the Branch Server automatically starts the core script at boot time, execute the following command:

    insserv posleases2ldap

5.5 Starting the posASWatch Service

The posASWatch command checks if the Administration server is available. It also checks the status of LDAP synchronization replication and the posleases2ldap core service. The service is started with the rcposASWatch start command and stopped with the rcposASWatch stop command. To check the service status, use the rcposASWatch status command.

Important
Important: Start the Service Manually

To ensure that local LDAP contains valid data (if the Branch Server and Administration Server are installed on different machines), you need to start the service after the Branch Server is restarted. The service is NOT configured to start automatically by default. If the service is not running and the network connection to the Administration Server is down, the Branch Server cannot function properly.

To ensure that the Branch Server starts the posASWatch command automatically at boot time, execute the insserv posASWatch command.

Note
Note: When the posASWatch Service is Not Required

The posASWatch service is needed when the network connection to the Administration Server is down. If the Administration Server is never used or the Administration Server and the Branch Server are combined on one machine, this service is not required. When the machine hosting both servers is configured and an attempt to start the service is made, the service will exit with an error message.

5.6 Installing a Branch Server Using a Specialized Image

Instead of installing Branch Servers using the standard method (installing SUSE Linux Enterprise Server with the SUSE Linux Enterprise Point of Service add-on and manual configuration of the Branch Server), it is possible to build a Branch Server image using Image Creator or KIWI.

The image building process is the same as for terminal images. The image boot defaults to "oemboot" with the "install_stick" option. The result is a USB image, which offers installation to a hard disk during first boot. Other boot methods can be configured according to the KIWI manual.

The provided image is suitable for the online installation, where the terminal images and LDAP data are downloaded from the Administration Server. For offline installation, the terminal images and OIF files must be added to the Branch Server image before building. The OIF files of one or more branches must be added to the /usr/share/SLEPOS/OIF of the image (/var/lib/SLEPOS/system/images/branchserver-3.4.0/root/usr/share/SLEPOS/OIF). You can also copy the terminal images from Administration Server's /srv/SLEPOS to /var/lib/SLEPOS/system/images/branchserver-3.4.0/root/srv/SLEPOS.

When the Branch Server image boots, it is necessary to configure one network interface card for connecting to the Administration Server, the other one can remain unconfigured. Then it offers offline installation based on the selected OIF file or online installation.

Print this page