8 Installation steps #
This chapter describes the procedure in which the data for SUSE Linux Enterprise Server is copied to the target device. Some basic configuration parameters for the newly installed system are set during the procedure. A graphical user interface will guide you through the installation. The procedure described in the following also applies to remote installation procedures as described in Chapter 11, Remote installation. The text mode installation has the same steps and only looks different. For information about performing non-interactive automated installations, see AutoYaST Guide.
Before running the installer, read Part I, “Installation preparation”. Depending on the architecture of your system, it describes the steps necessary to start the installation.
If you are a first-time user of SUSE Linux Enterprise Server, you should follow the default YaST proposals in most parts, but you can also adjust the settings as described here to fine-tune your system according to your preferences. Help for each installation step is provided by clicking .
If the installer does not detect your mouse correctly, use →| for navigation, arrow keys to scroll, and Enter to confirm a selection. Various buttons or selection fields contain a letter with an underscore. Use Alt–Letter to select a button or a selection directly instead of navigating there with →|.
8.1 Overview #
This section provides an overview of all installation steps. Each step contains a link to a more detailed description.
Before the installation starts, the installer may update itself. For details, see Section 8.2, “Installer self-update”.
The actual installation starts with choosing the language and the product. For details, see Section 8.3, “ Language, keyboard, and product selection ”.
Accept the license agreement. For details, see Section 8.4, “License agreement”.
IBM Z machines need to activate disks. For details, see Section 8.5, “IBM Z: disk activation”.
Configure the network. This is only required when you need network access during the installation, and automatic network configuration via DHCP fails. If the automatic network configuration succeeds, this step is skipped. For details, see Section 8.6, “Network settings”.
With a working network connection you can register the machine at the SUSE Customer Center or an RMT server. For details, see Section 8.7, “Registration”.
Select the modules you want to enable for the machine. This impacts the availability of system roles in the next step and packages later on. For details, see Section 8.8, “Extension and module selection”.
You can manually add repositories. For details, see Section 8.9, “Add-on product”.
Select a role for your system. This defines the default list of packages to install and makes a suggestion for partitioning the hard disks. For details, see Section 8.10, “System roles”.
Partition the hard disks of your system. For details, see Section 8.11, “Partitioning”.
Choose a time zone. For details, see Section 8.12, “Clock and time zone”.
Create a user. For details, see Section 8.13, “Create new user”.
Optionally, set a different password for the system administrator
root
. For details, see Section 8.14, “Authentication for the system administratorroot
”.In a final step, the installer presents an overview of all settings. If required, you can change them. For details, see Section 8.15, “Installation settings”.
The installer copies all required data and informs you about the progress. For details, see Section 8.16, “Performing the installation”.
8.2 Installer self-update #
During the installation and upgrade process, YaST may update itself to
solve bugs in the installer that were discovered after the release. This
functionality is enabled by default; to disable it, set the boot parameter
self_update
to 0
. For more information,
see Section 7.4.6, “Enabling the installer self-update”.
The installer self-update is only available if you use the GM
images of the Unified Installer and Packages ISOs. If you install from the ISOs published
as quarterly update (they can be identified by the string QU
in the name), the installer cannot update itself, because this feature is
disabled in the update media.
To download installer updates, YaST needs network access. By default, it tries to use DHCP on all network interfaces. If there is a DHCP server in the network, it will work automatically.
If you need a static IP setup, you can use the ifcfg
boot argument. For more details, see the linuxrc documentation at
https://en.opensuse.org/Linuxrc.
The installer self-update runs before the language selection step. This means that progress and errors which happen during this process are displayed in English by default.
To use another language for this part of the installer, use the
language
boot parameter if available for your
architecture, for example, language=de_DE
. On machines
equipped with a traditional BIOS, alternatively, press F2
in the boot menu and select the language from the list.
Although this feature was designed to run without user intervention, it is worth knowing how it works. If you are not interested, you can jump directly to Section 8.3, “ Language, keyboard, and product selection ” and skip the rest of this section.
8.2.1 Self-update process #
The process can be broken down into two different parts:
Determine the update repository location.
Download and apply the updates to the installation system.
8.2.1.1 Determining the update repository location #
Installer Self-Updates are distributed as regular RPM packages via a dedicated repository, so the first step is to find the repository URL.
No matter which of the following options you use, only the installer self-update repository URL is expected, for example:
self_update=https://www.example.com/my_installer_updates/
Do not supply any other repository URL—for example the URL of the software update repository.
YaST will try the following sources of information:
The
self_update
boot parameter. (For more details, see Section 7.4.6, “Enabling the installer self-update”.) If you specify a URL, it will take precedence over any other method.The
/general/self_update_url
profile element in case you are using AutoYaST.A registration server. YaST will query the registration server for the URL. The server to be used is determined in the following order:
By evaluating the
regurl
boot parameter (Section 7.4.1, “Providing data to access a Repository Mirroring Tool server”).By evaluating the
/suse_register/reg_server
profile element if you are using AutoYaST.By performing an SLP lookup. If an SLP server is found, YaST will ask you whether it should be used because there is no authentication involved and anybody on the local network can broadcast a registration server.
By querying the SUSE Customer Center.
If none of the previous attempts work, the fallback URL (defined in the installation media) will be used.
8.2.1.2 Downloading and applying the updates #
When the update repository is determined, YaST checks whether an update is available. If it is, all the updates are downloaded and applied.
Finally, YaST restarts and displays the welcome screen. If no updates are available, the installation continues without restarting YaST.
Update signatures will be checked to ensure integrity and authorship. If a signature is missing or invalid, you will be asked whether you want to apply the update.
8.2.1.3 Temporary self-update add-on repository #
Some packages distributed in the self-update repository provide additional data for the installer, like installation defaults, system role definitions and similar. If the installer finds such packages in the self-update repository, a local temporary repository is created, to which those packages are copied. They are used during the installation. The temporary local repository is removed at the end of the installation. Its packages are not installed on the target system.
This additional repository is not displayed in the list of add-on
products, but during installation it may still be visible as
SelfUpdate0
repository in the package management.
8.2.2 Custom self-update repositories #
YaST can use a user-defined repository instead of the official
repository by specifying a URL through the
self_update
boot parameter.
HTTP/HTTPS and FTP repositories are supported.
Starting with yast2-installation-4.4.30, the
relurl://
schema is supported, as a boot parameter or in an AutoYaST profile. The URL is relative to the main installation repository, and you may navigate the file tree with the usual../
notation, for example relurl://../self_update. This is useful when serving the packages via a local installation server, or when building a custom installation medium which includes a self-update repository.The following examples assume the installation repository is at the medium root (/), and the self-update repository in the
self_update
subdirectory. This structure makes therelurl://
portable, and it will work anywhere without changes as a boot parameter, copied to a USB stick, hard disk, network server, or in an AutoYaST profile.- Custom DVD/USB medium
Add the
self_update=relurl://self_update
boot option directly to the default boot parameters, and it will work properly even if the medium is copied to an USB stick, hard disk, or a network server.- Installation server
Assume that the installation packages are available via http://example.com/repo and a self-update repository is available at http://example.com/self_update.
Then you can use the http://example.com/repo and http://example.com/self_update boot parameters, without having to change the
self_update
parameter when the repositories are moved to a different location.
Only RPM-MD repositories are supported (required by RMT).
Packages are not installed in the usual way: They are uncompressed only and no scripts are executed.
No dependency checks are performed. Packages are installed in alphabetical order.
Files from the packages override the files from the original installation media. This means that the update packages might not need to contain all files, only files that have changed. Unchanged files are omitted to save memory and download bandwidth.
Currently, it is not possible to use more than one repository as source for installer self-updates.
8.3 Language, keyboard, and product selection #
The
and settings are initialized with the language you chose on the boot screen. If you did not change the default, it will be English (US). Change the settings here, if necessary.Changing the language automatically selects a corresponding keyboard layout. You can override this proposal by selecting a different keyboard layout from the drop-down box. Use the This setting can be modified later as described in Chapter 5, Changing language and country settings with YaST.
text box to test the layout. The selected language also determines a time zone for the system clock.With the Unified Installer, you can install all SUSE Linux Enterprise base products:
SUSE Linux Enterprise Server 15 SP5 (covered here)
SUSE Linux Enterprise Desktop 15 SP5 (for installation instructions, refer to https://documentation.suse.com/sled/)
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Real Time 15 SP5 (for installation instructions, refer to https://documentation.suse.com/sle-rt/)
SUSE Linux Enterprise Server for SAP Applications 15 SP5 (for installation instructions, refer to https://documentation.suse.com/sles-sap)
Select a product for installation. You need to have a registration code for the respective product. In this document it is assumed you have chosen SUSE Linux Enterprise Server. Proceed with .
If you have difficulties reading the labels in the installer, you can change the widget colors and theme.
Click the button or press Shift–F3 to open a theme selection dialog. Select a theme from the list and the dialog.
Shift–F4 switches to the color scheme for vision-impaired users. Press the buttons again to switch back to the default scheme.
8.4 License agreement #
Read the License Agreement. It is presented in the language you have chosen on the boot screen. Translations are available via the If you agree to the terms, check SUSE Linux Enterprise Server; click to terminate the installation. and click to proceed with the installation. If you do not agree to the license agreement, you cannot install
drop-down box.8.5 IBM Z: disk activation #
When installing on IBM Z platforms, the language selection dialog is followed by a dialog to configure the attached hard disks.
Select DASD, Fibre Channel Attached SCSI Disks (zFCP), or iSCSI for installation of SUSE Linux Enterprise Server. The DASD and zFCP configuration buttons are only available if the corresponding devices are attached. For instructions on how to configure iSCSI disks, refer to Section 15.3, “Configuring iSCSI initiator”.
You can also change the See Section 23.4, “Configuring a network connection with YaST” for more details.
in this screen by launching the dialog. Choose a network interface from the list and click to change its settings. Use the tabs to configure DNS and routing.8.5.1 Configuring DASD disks #
Skip this step if you are not installing on IBM Z hardware.
After selecting
, an overview lists all available DASDs. To get a clearer picture of the available devices, use the text box located above the list to specify a range of channels to display. To filter the list according to such a range, select .Specify the DASDs to use for the installation by selecting the corresponding entries in the list. Use Section 10.1, “Using the . ”
to select all DASDs currently displayed. Activate and make the selected DASDs available for the installation by selecting › . To format the DASDs, select › . Alternatively, use the YaST partitioner later as described in8.5.2 Configuring zFCP disks #
Skip this step if you are not installing on IBM Z hardware.
After selecting
, a dialog with a list of the zFCP disks available on the system opens. In this dialog, select to open another dialog in which to enter zFCP parameters.To make a zFCP disk available for the SUSE Linux Enterprise Server installation, choose an available from the drop-down box. (World Wide Port Number) and (Logical Unit Number) return lists with available WWPNs and FCP-LUNs, respectively, to choose from. Automatic LUN scanning only works with NPIV enabled.
When completed, exit the zFCP dialog with
and the general hard disk configuration dialog with to continue with the rest of the configuration.8.6 Network settings #
After booting into the installation, the installation routine is set up. During this setup, an attempt to configure at least one network interface with DHCP is made. In case this attempt has failed, the
dialog launches now.Choose a network interface from the list and click See Section 23.4, “Configuring a network connection with YaST” for more details. On IBM Z this dialog does not start automatically. It can be started in the step.
to change its settings. Use the tabs to configure DNS and routing.In case DHCP was successfully configured during installation setup, you can also access this dialog by clicking the and step. It lets you change the automatically provided settings.
at theIf at least one network interface has been configured via boot parameters (see Section 7.3.2, “Configuring the network interface”), automatic DHCP configuration is disabled and the boot parameter configuration is imported and used.
To access a SAN or a local RAID during the installation, you can use the libstorage command line client for this purpose:
Switch to a console with Ctrl–Alt–F2.
Install the libstoragemgmt extension by running
extend libstoragemgmt
.Now you have access to the
lsmcli
command. For more information, runlsmcli --help
.To return to the installer, press Alt–F7
Supported are Netapp Ontap, all SMI-S compatible SAN providers, and LSI MegaRAID.
8.7 Registration #
To get technical support and product updates, you need to register and activate SUSE Linux Enterprise Server with the SUSE Customer Center or a local registration server. Registering your product at this stage also grants you immediate access to the update repository. This enables you to install the system with the latest updates and patches available.
When registering, repositories and dependencies for modules and extensions are loaded from the registration server.
From this dialog, you can switch to the YaST For details, see Section 23.4, “Configuring a network connection with YaST”.
module by clicking .If you are offline or want to skip registration, activate Section 8.7.3, “Installing without registration” for instructions.
. See8.7.1 Manual registration #
To register with the SUSE Customer Center, provide the SUSE Linux Enterprise Server.
associated with your SCC account and the forIf your organization offers a local registration server, you may register there. Activate
and either choose a URL from the drop-down box or type in an address. Proceed with .To register with the SUSE Customer Center, enter your SUSE Linux Enterprise Server. If your organization provides a local registration server, you may register there. Activate and either choose a URL from the drop-down box or type in an address.
forStart the registration process with
.After SUSE Linux Enterprise Server has been successfully registered, you are asked whether to install the latest available online updates during the installation. If you choose , the system will be installed with the most current packages without having to apply updates after installation. It is recommended to enable this option.
By default, the firewall on SUSE Linux Enterprise Server only blocks incoming connections.
If your system is behind another firewall that blocks outgoing traffic,
make sure to allow connections to https://scc.suse.com/
and
https://updates.suse.com
on ports 80 and 443 in order
to receive updates.
If the system is successfully registered during installation, YaST disables repositories from local installation media such as CD/DVD or flash disks when the installation completes. This prevents problems caused by the missing installation source and ensures that you always get the latest updates from the online repositories.
8.7.2 Loading registration codes from USB storage #
To make the registration more convenient, you can also store your registration codes on a USB storage device such as a flash disk. YaST will automatically pre-fill the corresponding text box. This is particularly useful when testing the installation or if you need to register many systems or extensions.
Create a file named regcodes.txt
or
regcodes.xml
on the USB disk. If both are present, the
XML takes precedence.
In that file, identify the product with the name returned by
zypper search --type product
and assign it a
registration code as follows:
regcodes.txt
#SLES cc36aae1 SLED 309105d4 sle-we 5eedd26a sle-live-patching 8c541494
regcodes.xml
#<?xml version="1.0"?>
<profile xmlns="http://www.suse.com/1.0/yast2ns"
xmlns:config="http://www.suse.com/1.0/configns">
<suse_register>
<addons config:type="list">
<addon>
<name>SLES</name>
<reg_code>cc36aae1</reg_code>
</addon>
<addon>
<name>SLED</name>
<reg_code>309105d4</reg_code>
</addon>
<addon>
<name>sle-we</name>
<reg_code>5eedd26a</reg_code>
</addon>
<addon>
<name>sle-live-patching</name>
<reg_code>8c541494</reg_code>
</addon>
</addons>
</suse_register>
</profile>
Note that SLES
and SLED
are not
extensions, but listing them as add-ons allows for combining several base
product registration codes in a single file. See
Section 4.3.1, “Extensions” for
details.
Currently flash disks are only scanned during installation or upgrade, but not when registering a running system.
8.7.3 Installing without registration #
If you are offline or want to skip registration, activate
. Accept the warning with and proceed with .
Your system and extensions need to be registered to retrieve
updates and to be eligible for support. Skipping the registration is
only possible when installing from the
SLE-15-SP5-Full-ARCH-GM-media1.iso
image.
Your system and extensions need to be registered to retrieve updates and to be eligible for support. If you do not register during the installation, you can do so at any time later from the running system. To do so, run
› .Use the following command to copy the contents of the installation image to a removable flash disk.
>
sudo
dd if=IMAGE of=FLASH_DISK bs=4M && sync
IMAGE needs to be replaced with the path to the
SLE-15-SP5-Online-ARCH-GM-media1.iso
or SLE-15-SP5-Full-ARCH-GM-media1.iso
image file. FLASH_DISK needs to be replaced
with the flash device. To identify the device, insert it and run:
#
grep -Ff <(hwinfo --disk --short) <(hwinfo --usb --short)
disk:
/dev/sdc General USB Flash Disk
Make sure the size of the device is sufficient for the desired image. You can check the size of the device with:
#
fdisk -l /dev/sdc | grep -e "^/dev"
/dev/sdc1 * 2048 31490047 31488000 15G 83 Linux
In this example, the device has a capacity of 15 GB. The command to use for
the SLE-15-SP5-Full-ARCH-GM-media1.iso
would be:
dd if=SLE-15-SP5-Full-ARCH-GM-media1.iso of=/dev/sdc bs=4M && sync
The device must not be mounted when running the dd
command. Note that all data on the partition will be erased!
8.8 Extension and module selection #
In this dialog the installer lists modules and extensions that are available for SUSE Linux Enterprise Server. Modules are components that allow you to customize the product according to your needs. They are included in your SUSE Linux Enterprise Server subscription. Extensions add functionality to your product. They must be purchased separately.
The availability of certain modules or extensions depends on the product you chose in the first step of this installation. For a description of the modules and their lifecycles, select a module to see the accompanying text. More detailed information is available in the Modules and Extensions Quick Start.
The selection of modules indirectly affects the scope of the installation, because it defines which software sources (repositories) are available for installation and in the running system.
The following modules and extensions are available for SUSE Linux Enterprise Server:
- Basesystem Module
This module adds a basic system on top of the Unified Installer. It is required by all other modules and extensions. The scope of an installation that only contains the base system is comparable to the installation pattern minimal system of previous SUSE Linux Enterprise Server versions. This module is selected for installation by default and should not be deselected.
Dependencies: None
- Certifications Module
Contains the FIPS certification packages.
Dependencies: Basesystem
- Containers Module
Contains support and tools for containers.
Dependencies: Basesystem
- Desktop Applications Module
Adds a graphical user interface and essential desktop applications to the system.
Dependencies: Basesystem
- Development Tools Module
Contains compilers (including gcc) and libraries required for compiling and debugging applications. Replaces the former Software Development Kit (SDK).
Dependencies: Basesystem, Desktop Applications
- Legacy Module
Helps you with migrating applications from earlier versions of SUSE Linux Enterprise Server and other systems to SLES 15 SP5, by providing packages which are discontinued on SUSE Linux Enterprise. Packages in this module are selected based on the requirement for migration and the level of complexity of configuration.
This module is recommended when migrating from a previous product version.
Dependencies: Basesystem, Server Applications
- NVIDIA Compute Module
Contains the NVIDIA CUDA (Compute Unified Device Architecture) drivers.
The software in this module is provided by NVIDIA under the CUDA End User License Agreement and is not supported by SUSE.
Dependencies: Basesystem
- Public Cloud Module
Contains all tools required to create images for deploying SUSE Linux Enterprise Server in cloud environments such as Amazon Web Services (AWS), Microsoft Azure, Google Compute Platform, or OpenStack.
Dependencies: Basesystem, Server Applications
- Python 3 Module
This module contains the most recent version of the selected Python 3 packages.
Dependencies: Basesystem
- SAP Business One Server
This module contains packages and system configuration specific to SAP Business One Server. It is maintained and supported by the SUSE Linux Enterprise Server product subscription.
Dependencies: Basesystem, Server Applications, Desktop Applications, Development Tools
- Server Applications Module
Adds server functionality by providing network services such as DHCP server, name server, or Web server. This module is selected for installation by default; deselecting it is not recommended.
Dependencies: Basesystem
- SUSE Linux Enterprise High Availability
Adds clustering support for mission critical setups to SUSE Linux Enterprise Server. This extension requires a separate license key.
Dependencies: Basesystem, Server Applications
- SUSE Linux Enterprise Live Patching
Adds support for performing critical patching without having to shut down the system. This extension requires a separate license key.
Dependencies: Basesystem, Server Applications
- SUSE Linux Enterprise Workstation Extension
Extends the functionality of SUSE Linux Enterprise Server with packages from SUSE Linux Enterprise Desktop, like additional desktop applications (office suite, e-mail client, graphical editor, etc.) and libraries. It allows to combine both products to create a fully featured workstation. This extension requires a separate license key.
Dependencies: Basesystem, Desktop Applications
- SUSE Package Hub
Provides access to packages for SUSE Linux Enterprise Server maintained by the openSUSE community. These packages are delivered without L3 support and do not interfere with the supportability of SUSE Linux Enterprise Server. For more information refer to https://packagehub.suse.com/.
Dependencies: Basesystem
- Transactional Server Module
Adds support for transactional updates. Updates are either applied to the system all together in a single transaction, or not. This happens without influencing the running system. If an update fails, or if the successful update is deemed to be incompatible or otherwise incorrect, it can be discarded to immediately return the system to its previous functioning state.
Dependencies: Basesystem
- Web and Scripting Module
Contains packages intended for a running Web server.
Dependencies: Basesystem, Server Applications
Some modules depend on the installation of other modules. Therefore, when selecting a module, other modules may be selected automatically to fulfill dependencies.
Depending on the product, the registration server can mark modules and extensions as recommended. Recommended modules and extensions are preselected for registration and installation. To avoid installing these recommendations, deselect them manually.
Select the modules and extension you want to install and proceed with
. In case you have chosen one or more extensions, you will be prompted to provide the respective registration codes. Depending on your choice, it may also be necessary to accept additional license agreements.When performing an offline installation from the SLE-15-SP5-Full-ARCH-GM-media1.iso, only the To install the complete default package set of SUSE Linux Enterprise Server, additionally select the .
is selected by default.8.9 Add-on product #
The “repositories”) to SUSE Linux Enterprise Server, that are not provided by the SUSE Customer Center. Such add-on products may include third-party products and drivers or additional software for your system.
dialog allows you to add additional software sources (so-calledFrom this dialog, you can switch to the YaST For details, see Section 23.4, “Configuring a network connection with YaST”.
module by clicking .You can also add driver update repositories via the https://drivers.suse.com/. These drivers have been created via the SUSE SolidDriver Program.
dialog. Driver updates for SUSE Linux Enterprise are provided atIf you do not want to install add-ons, proceed with
. Otherwise activate . Specify the Media Type by choosing from CD, DVD, Hard Disk, USB Mass Storage, a Local Directory or a Local ISO Image. If network access has been configured you can choose from additional remote sources such as HTTP, SLP, FTP, etc. Alternatively you may directly specify a URL. Check to download the files describing the repository now. If deactivated, they will be downloaded after the installation starts. Proceed with and insert a CD or DVD if required.Depending on the add-on's content, it may be necessary to accept additional license agreements.
8.10 System roles #
To simplify the installation, the installer offers predefined use cases that tailor the system for the selected scenario.
Choose the
that meets your requirements best. The availability of system roles depends on your selection of modules and extensions. The dialog is omitted under the following conditions:The combination of base product and modules does not allow roles to be chosen.
The combination of base product and modules only allows a single role.
With the default selection, the following system roles are available:
This option installs a basic SLES without a desktop environment but with a rich set of command line tools.
Dependencies: Basesystem
Select this role if you want a very small installation with only the basic command line tools.
Dependencies: None
Select this scenario when installing on a machine that should serve as a KVM host that can run other virtual machines.
/var/lib/libvirt
will be placed on a separate partition and the firewall and Kdump will be disabled.Dependencies: Basesystem, Server Applications
Select this scenario when installing on a machine that should serve as a Xen host that can run other virtual machines.
/var/lib/libvirt
will be placed on a separate partition and the firewall and Kdump will be disabled.Dependencies: Basesystem, Server Applications
8.11 Partitioning #
8.11.1 Important information #
Read this section carefully before continuing with Section 8.11.2, “Suggested partitioning”.
- Custom partitioning on UEFI machines
A UEFI machine requires an EFI system partition that must be mounted to
/boot/efi
. This partition must be formatted with theFAT32
file system.If an EFI system partition is already present on your system (for example from a previous Windows installation) use it by mounting it to
/boot/efi
without formatting it.If no EFI system partition is present on your UEFI machine, make sure to create it. The EFI system partition must be a physical partition or RAID 1. Other RAID levels, LVM and other technologies are not supported. It needs to be formatted with the FAT32 file system.
- Custom partitioning and
Snapper
If the root partition is larger than 16 GB, SUSE Linux Enterprise Server by default enables file system snapshots.
SUSE Linux Enterprise Server uses Snapper together with Btrfs for this feature. Btrfs needs to be set up with snapshots enabled for the root partition.
If the disk is smaller than 16 GB, all Snapper features and automatic snapshots are disabled to prevent the system partition
/
from running out of space.Being able to create system snapshots that enable rollbacks requires important system directories to be mounted on a single partition, for example
/usr
and/var
. Only directories that are excluded from snapshots may reside on separate partitions, for example/usr/local
,/var/log
, and/tmp
.If snapshots are enabled, the installer will automatically create
single
snapshots during and immediately after the installation.For details, see Chapter 10, System recovery and snapshot management with Snapper.
Important: Btrfs snapshots and root partition sizeSnapshots may take considerable storage space. Generally, the older a snapshot is or the larger the changeset it covers, the more storage space the snapshot takes. And the more snapshots you keep, the more disk space you need.
To prevent the root partition running full with snapshot data, you need to make sure it is big enough. In case you do frequent updates or other installations, consider at least 30 GB for the root partition. If you plan to keep snapshots activated for a system upgrade or a service pack migration (to be able to roll back), you should consider 40 GB or more.
- Btrfs data volumes
Using Btrfs for data volumes is supported on SUSE Linux Enterprise Server 15 SP5. For applications that require Btrfs as a data volume, consider creating a separate file system with quota groups disabled. This is already the default for non-root file systems.
- Btrfs on an encrypted root partition
The default partitioning setup suggests the root partition as Btrfs. To encrypt the root partition, make sure to use the GPT partition table type instead of the MSDOS type. Otherwise the GRUB2 boot loader may not have enough space for the second stage loader.
- IBM Z: Using minidisks in z/VM
If SUSE Linux Enterprise Server is installed on minidisks in z/VM, which reside on the same physical disk, the access path of the minidisks (/dev/disk/by-id/) is not unique. This is because it represents the ID of the physical disk. If two or more minidisks are on the same physical disk, they all have the same ID.
To avoid problems when mounting minidisks, always mount them either by path or by UUID.
- IBM Z: Using FBA DASDs in z/VM
If SUSE Linux Enterprise Server is installed on FBA DASDs in z/VM, a suggested partitioning cannot be provided. Instead, choose › .
FBA DASD comes with an implicit partition that must not be deleted, but should be reused without any changes. Do not repartition the FBA DASD.
- IBM Z: LVM root file system
If you configure the system with a root file system on LVM or software RAID array, you must place
/boot
on a separate, non-LVM or non-RAID partition, otherwise the system will fail to boot. The recommended size for such a partition is 500 MB and the recommended file system is Ext4.- IBM POWER: Installing on systems with multiple Fibre Channel disks
If more than one disk is available, the partitioning scheme suggested during the installation puts the PReP and BOOT partitions on different disks. If these disks are Fibre Channel disks, the GRUB boot loader is not able to find the BOOT partition and the system cannot be booted.
When prompted to select the partition scheme during the installation, choose
and verify that only one disk is selected for installation. Alternatively, run the and manually set up a partitioning scheme that has PReP and BOOT on a single disk.- Supported software RAID volumes
Installing to and booting from existing software RAID volumes is supported for Disk Data Format (DDF) volumes and Intel Matrix Storage Manager (IMSM) volumes. IMSM is also known by the following names:
Intel Rapid Storage Technology
Intel Matrix Storage Technology
Intel Application Accelerator / Intel Application Accelerator RAID Edition
Intel Virtual RAID on CPU (Intel VROC, see https://www.intel.com/content/www/us/en/support/articles/000024498/memory-and-storage/ssd-software.html for more details)
- Mount points for FCoE and iSCSI devices
FCoE and iSCSI devices will appear asynchronously during the boot process. While the initrd guarantees that those devices are set up correctly for the root file system, there are no such guarantees for any other file systems or mount points like
/usr
. Hence any system mount points like/usr
or/var
are not supported. To use those devices, ensure correct synchronization of the respective services and devices.
8.11.2 Suggested partitioning #
Define a partition setup for SUSE Linux Enterprise Server in this step.
Depending on the system role, the installer creates a proposal for one of
the disks available. All proposals contain a root partition formatted with
Btrfs (with snapshots enabled) and a swap partition. The GNOME desktop and
the text mode proposals create a separate home partition on disks larger
than 20 GB. The system roles for virtualization hosts create a separate
partition for /var/lib/libvirt
, the directory that
hosts the image files by default. If one or more swap partitions have been
detected on the available hard disks, these existing ones will be used
(rather than proposing a new swap partition). You have several options to
proceed:
To accept the proposal without any changes, click
to proceed with the installation workflow.To adjust the proposal, choose
. First, choose which hard disks and partitions to use. In the screen, you can enable Logical Volume Management (LVM) and activate disk encryption. Afterward specify the . You can adjust the file system for the root partition and create a separate home and swap partitions. If you plan to suspend your machine, make sure to create a separate swap partition and check . If the root file system format is Btrfs, you can also enable or disable Btrfs snapshots here.To create a custom partition setup click
. Select either if you want start with the suggested disk layout, or to ignore the suggested layout and start with the existing layout on the disk. You can , , , or partitions.You can also set up logical volume management (LVM), configure software RAID and device mapping (DM), encrypt partitions, mount NFS shares and manage tmpfs volumes with the Section 10.1, “Using the . ”
. To fine-tune settings such as the subvolume and snapshot handling for each Btrfs partition, choose . For more information about custom partitioning and configuring advanced features, refer to
Note that for partitioning purposes, disk space is measured in binary
units, rather than in decimal units. For example, if you enter sizes of
1GB
, 1GiB
or 1G
,
they all signify 1 GiB (Gibibyte), as opposed to 1 GB (Gigabyte).
- Binary
1 GiB = 1 073 741 824 bytes.
- Decimal
1 GB = 1 000 000 000 bytes.
- Difference
1 GiB ≈ 1.07 GB.
8.12 Clock and time zone #
In this dialog, select your region and time zone. Both are preselected according to the installation language.
To change the preselected values, either use the map or the drop-down boxes for
and . When using the map, point the cursor at the rough direction of your region and left-click to zoom. Now choose your country or region by left-clicking. Right-click to return to the world map.To set up the clock, choose whether the
. If you run another operating system on your machine, such as Microsoft Windows, it is likely your system uses local time instead. If you run Linux on your machine, set the hardware clock to UTC and have the switch from standard time to daylight saving time performed automatically.The switch from standard time to daylight saving time (and vice versa) can only be performed automatically when the hardware clock (CMOS clock) is set to UTC. This also applies if you use automatic time synchronization with NTP, because automatic synchronization will only be performed if the time difference between the hardware and system clock is less than 15 minutes.
Since a wrong system time can cause serious problems (missed backups, dropped mail messages, mount failures on remote file systems, etc.), it is strongly recommended to always set the hardware clock to UTC.
POWER, AMD/Intel If a network is already configured, you can configure time synchronization with an NTP server. Click Chapter 38, Time synchronization with NTP for more information on configuring the NTP service. When finished, click to continue the installation.
to either alter the NTP settings or to set the time. SeePOWER, AMD/Intel
If running without NTP configured, consider setting
SYSTOHC=no
(sysconfig
variable) to
avoid saving unsynchronized time into the hardware clock.
Since the operating system is not allowed to change time and date directly, the
option is not available on IBM Z.8.13 Create new user #
Create a local user in this step.
After entering the first name and last name, either accept the proposal or
specify a new .
(dot), -
(hyphen) and
_
(underscore). Special characters, umlauts and accented
characters are not allowed.
Finally, enter a password for the user. Re-enter it for confirmation (to ensure that you did not type something else by mistake). To provide effective security, a password should be at least six characters long and consist of uppercase and lowercase letters, numbers and special characters (7-bit ASCII). Umlauts or accented characters are not allowed. Passwords you enter are checked for weakness. When entering a password that is easy to guess (such as a dictionary word or a name) you will see a warning. It is a good security practice to use strong passwords.
Remember both your user name and the password because they are needed each time you log in to the system.
If you install SUSE Linux Enterprise Server on a machine with one or more existing Linux installations, YaST allows you to import user data such as user names and passwords. Select and then for import.
If you do not want to configure any local users (for example when setting up a client on a network with centralized user authentication), skip this step by choosing Chapter 6, Managing users with YaST for instructions.
and confirming the warning. Network user authentication can be configured at any time later in the installed system; refer toTwo additional options are available:
If checked, the same password you have entered for the user will be used for the system administrator
root
. This option is suitable for stand-alone workstations or machines in a home network that are administrated by a single user. When not checked, you are prompted for a system administrator password in the next step of the installation workflow (see Section 8.14, “Authentication for the system administratorroot
”).This option automatically logs the current user in to the system when it starts. This is mainly useful if the computer is operated by only one user. For automatic login to work, the option must be explicitly enabled.
With the automatic login enabled, the system boots straight into your desktop with no authentication. If you store sensitive data on your system, you should not enable this option if the computer can also be accessed by others.
In an environment where users are centrally managed (for example by NIS or LDAP) you should skip the creation of local users. Select
in this case.8.14 Authentication for the system administrator root
#
If you have not chosen root
or provide a public SSH
key. Otherwise, this configuration step is skipped.
root
#
Enter the password for the system administrator root
. For verification purposes, the
password for root
must be entered twice. Do not forget the password as it cannot be
retrieved later.
It is recommended to only use US ASCII characters. In case of a system error or when you need to start your system in rescue mode, the keyboard may not be localized.
To change the root
password later in the installed system, run YaST and start
› .
root
user
root
is the name of the system administrator or superuser. Its user ID (uid) is
0
. Unlike regular users, root
account has unlimited privileges.
- Do not forget the
root
password Only
root
has the privileges to change the system configuration, install programs, manage users and set up new hardware. To carry out such tasks, theroot
password is required. Do not forget the password as it cannot be retrieved later.- Do not use the
root
user for daily work Logging in as
root
for daily work is rather risky: Commands fromroot
are usually executed without additional confirmation, so a single mistake can lead to an irretrievable loss of system files. Only use theroot
account for system administration, maintenance and repair.- Do not rename the
root
user account YaST will always name the system administrator
root
. While it is technically possible to rename theroot
account, certain applications, scripts or third-party products may rely on the existence of a user calledroot
. While such a configuration always targets individual environments, necessary adjustments could be overwritten by vendor updates, so this becomes an ongoing task, not a one-time setting. This is especially true in very complex setups involving third-party applications, where it needs to be verified with every involved vendor whether a rename of theroot
account is supported.As the implications for renaming the
root
account cannot be foreseen, SUSE does not support renaming theroot
account.Usually, the idea behind renaming the
root
account is to hide it or make it unpredictable. However,/etc/passwd
requires644
permissions for regular users, so any user of the system can retrieve the login name for the user ID 0. For better ways to secure theroot
account, refer to Section 14.5, “Restrictingroot
logins” and Section 14.5.3, “Restricting SSH logins”.
If you want to access the system remotely via SSH using a public key, import a key from a removable storage device or an existing partition. After the installation is finished, you can log in through SSH using the provided SSH key.
root
#To import a public SSH key from a medium partition, perform the following steps:
The public SSH key is located in your
~/.ssh
directory and has the file extension.pub
. Copy it to a removable storage device or an existing partition that is not formatted during installation.If your key is on a removable storage device, insert it into your computer and click
. You should see the device in the drop-down box under .Click
, select the public SSH key and confirm with .Proceed with
.
If you have both set a password and added a public SSH key, and need remote access right after the installation, do not forget to open the SSH port in the
section of the summary. If you set no password but only add a key, the port will be opened automatically to prevent you from being locked out of the newly installed system.8.15 Installation settings #
On the last step before the real installation takes place, you can alter installation settings suggested by the installer. To modify the suggestions, click the respective headline. After having made changes to a particular setting, you are always returned to the Installation Settings window, which is updated accordingly.
If you have added an SSH key for your root
as mentioned in Procedure 8.1,
make sure to open the SSH port in the settings.
8.15.1 #
SUSE Linux Enterprise Server contains several software patterns for various application purposes. The available choice of patterns and packages depends on your selection of modules and extensions.
Click
to open the screen where you can modify the pattern selection according to your needs. Select a pattern from the list and see a description in the right-hand part of the window.Each pattern contains several software packages needed for specific functions (for example Web and LAMP server or a print server). For a more detailed selection based on software packages to install, select to switch to the YaST Software Manager.
You can also install additional software packages or remove software packages from your system at any later time with the YaST Software Manager. For more information, refer to Chapter 8, Installing or removing software.
If you choose to install GNOME, SUSE Linux Enterprise Server is installed with the X.org
display server. As an alternative to GNOME, the lightweight
window manager IceWM can be installed. Select
from the screen and
search for icewm
.
The hardware cryptography stack is not installed by default. To install it, select
in the screen.The language you selected with the first step of the installation will be used as the primary (default) language for the system. You can add secondary languages from within the
dialog by choosing › › .8.15.2 #
The installer proposes a boot configuration for your system. Other operating systems found on your computer, such as Microsoft Windows or other Linux installations, will automatically be detected and added to the boot loader. However, SUSE Linux Enterprise Server will be booted by default. Normally, you can leave these settings unchanged. If you need a custom setup, modify the proposal according to your needs. For information, see Section 18.3, “Configuring the boot loader with YaST”.
Booting a configuration where /boot
resides on a
software RAID 1 device is supported, but it requires to install the boot
loader into the MBR ( › ). Having
/boot
on software RAID devices with a level other
than RAID 1 is not supported. Also see
Chapter 8, Configuring software RAID for the root partition.
8.15.3 #
By default, the firewalld
, click
(not recommended).
When the firewall is activated, all interfaces are assigned to the
public
zone, where all ports are closed by default,
ensuring maximum security. The only port you can open during the
installation is port 22 (SSH), to allow remote access. Other services
requiring network access (such as FTP, Samba, Web server, etc.) will only
work after having adjusted the firewall settings. Refer to Chapter 23, Masquerading and firewalls
for configuration details.
By default, the firewall on SUSE Linux Enterprise Server only blocks incoming connections.
If your system is behind another firewall that blocks outgoing traffic,
make sure to allow connections to https://scc.suse.com/
and
https://updates.suse.com
on ports 80 and 443 in order
to receive updates.
The Refer to Chapter 22, Securing network operations with OpenSSH for more information.
is enabled by default, but its port (22) is closed in the firewall. Click to open the port or to disable the service. Note that if SSH is disabled, remote logins will not be possible.If you install SUSE Linux Enterprise Server on a machine with existing Linux installations, the installation routine imports an SSH host key. It chooses the host key with the most recent access time by default. See also Section 8.15.9, “. ”
If you are performing a remote administration over VNC, you can also specify whether the machine should be accessible via VNC after the installation. Note that enabling VNC also requires you to set the
to .The default Section 8.15.1, “). ”
is . To disable it, select as module in the settings. This allows you to deselect the pattern in the settings (8.15.4 #
This feature is available for SUSE Linux Enterprise 15 SP4 GM via installer self-update or using the QU2 media.
This category allows hardening your system with OpenSCAP security
policies. The first policy that was implemented is the
Security Technical Implementation Guide (STIG)
by the Defense Information Systems Agency
(DISA).
Click to
the security policy. Non-compliant installation settings will be listed with the rule they violate. Some settings can be adjusted automatically by clicking . For settings that require user input, click to open the respective settings screen.
If you do not want to wait for the YAST_SECURITY_POLICY=POLICY
.
To check for compliance with the DISA STIG, use
YAST_SECURITY_POLICY=stig
. For more information about
boot parameters, refer to Chapter 7, Boot parameters.
The installer does not check all rules of the profile, only those necessary for the installation or that are hard to fix afterward. To apply the remaining rules, a full SCAP remediation is performed on first boot. You can also perform a Hardening SUSE Linux Enterprise with STIG and Hardening SUSE Linux Enterprise with OpenSCAP.
or and manually remediate the system later with OpenSCAP. For more information, refer to the articles8.15.5 #
This category displays the current network settings, as automatically
configured after booting into the installation (see Section 8.6) or as manually
configured during the installation process. By default,
wicked
is used for server installations and NetworkManager for desktop workloads.
If you want to check or adjust the network settings, click For details, see Section 23.4, “Configuring a network connection with YaST”.
. This takes you to the YaST module.
SUSE only supports NetworkManager for desktop workloads with SLED or the Workstation extension.
All server certifications are done with wicked
as the network
configuration tool, and using NetworkManager may invalidate them. NetworkManager is not supported by SUSE for
server workloads.
8.15.6 #
Using Kdump, you can save a dump of the kernel (in case of a crash) to analyze what went wrong. Use this dialog to enable and configure Kdump. Find detailed information at Chapter 20, Kexec and Kdump.
8.15.7 #
To save memory, all channels for devices currently not in use are blacklisted by default (each channel that is not blacklisted occupies approximately 50 KB of memory). To configure additional hardware in the installed system using channels that are currently blacklisted, run the respective YaST module to enable the respective channels first.
To disable blacklisting, click
.8.15.8 #
SUSE Linux Enterprise Server can boot into two different targets (formerly known as “runlevels”). The target starts a display manager, whereas the target starts the command line interface.
The default target is
. In case you have not installed the patterns, you need to change it to . If the system should be accessible via VNC, you need to choose .8.15.9 #
If an existing Linux installation on your computer was detected, YaST
will import the most recent SSH host key found in
/etc/ssh
by default, optionally including other files
in the directory as well. This makes it possible to reuse the SSH identity
of the existing installation, avoiding the REMOTE HOST
IDENTIFICATION HAS CHANGED
warning on the first connection. Note
that this item is not shown in the installation summary if YaST has not
discovered any other installations. You have the following choices:
Select this option to import the SSH host key and optionally the configuration of an installed system. You can select the installation to import from in the option list below.
Enable this to copy other files in
/etc/ssh
to the installed system in addition to the host keys.
8.15.10 #
This screen lists all the hardware information the installer could obtain about your computer. When opened for the first time, the hardware detection is started. Depending on your system, this may take some time. Select any item in the list and click
to see detailed information about the selected item. Use to save a detailed list to either the local file system or a removable device.Advanced users can also change the
and kernel settings by choosing . A screen with two tabs opens:Each kernel driver contains a list of device IDs of all devices it supports. If a new device is not in any driver's database, the device is treated as unsupported, even if it can be used with an existing driver. You can add PCI IDs to a device driver here. Only advanced users should attempt to do so.
To add an ID, click
and select whether to enter the data, or whether to choose from a list. Enter the required data. The is the directory name from/sys/bus/pci/drivers
—if empty, the name is used as the directory name. Existing entries can be managed with and .Change the This setting can also be changed at any time later from the installed system. Refer to Chapter 14, Tuning I/O performance for details on I/O tuning.
here. If is chosen, the default setting for the respective architecture will be used.Also activate the https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for details.
here. These keys will let you issue basic commands (such as rebooting the system or writing kernel dumps) in case the system crashes. Enabling these keys is recommended when doing kernel development. Refer to
8.16 Performing the installation #
After configuring all installation settings, click
in the Installation Settings window to start the installation. Some software may require a license confirmation. If your software selection includes such software, license confirmation dialogs are displayed. Click to install the software package. When not agreeing to the license, click and the software package will not be installed. In the dialog that follows, confirm with again.The installation usually takes between 15 and 30 minutes, depending on the system performance and the selected software scope. After having prepared the hard disk and having saved and restored the user settings, the software installation starts. Choose
to switch to the installation log or to read important up-to-date information that was not available when the manuals were printed.After the software installation has completed, the system reboots into the new installation where you can log in. To customize the system configuration or to install additional software packages, start YaST.
8.16.1 IBM Z: IPLing the installed system #
YaST usually reboots into the installed system on the IBM Z
platform. Exceptions are installations where the boot loader
resides on an FCP device in environments with LPAR on a machine older than
z196 or with z/VM older than release 5.4. The boot loader gets written to a
separate partition mounted as /boot/zipl/
.
In cases where an automatic reboot is not possible, YaST will show a dialog containing information about from which device to do an IPL. Accept the shutdown option and perform an IPL after the shutdown. The procedure varies according to the type of installation:
- LPAR installation
In the IBM Z HMC, select
, select , then enter the loading address (the address of the device containing the/boot/zipl
directory with the boot loader). If using a zFCP disk as the boot device, choose and specify the load address of your FCP adapter plus WWPN and LUN of the boot device. Now start the loading process.- z/VM installation
Log in to the VM guest (see Example 5.1, “Configuration of a z/VM directory” for the configuration) as
LINUX1
and proceed to IPL the installed system:IPL 151 CLEAR
151
is an example address of the DASD boot device, replace this value with the correct address.If using a zFCP disk as the boot device, specify both the zFCP WWPN and LUN of the boot device before initiating the IPL. The parameter length is limited to eight characters. Longer numbers must be separated by spaces:
SET LOADDEV PORT 50050763 00C590A9 LUN 50010000 00000000
Finally, initiate the IPL:
IPL FC00
FC00
is an example address of the zFCP adapter, replace this value with the correct address.- KVM guest installation
After the installation has finished, the virtual machine is shut down. At this point, log in to the KVM host, edit the virtual machine's description file and restart it to IPL into the installed system:
Log in to the KVM host.
Edit the domain XML file by running
>
sudo
virsh edit s12-1
and remove the following lines:
<!-- Boot kernel - remove 3 lines after successfull installation --> <kernel>/var/lib/libvirt/images/s12-kernel.boot</kernel> <initrd>/var/lib/libvirt/images/s12-initrd.boot</initrd> <cmdline>linuxrcstderr=/dev/console</cmdline>
Restart the VM Guest to IPL into the installed system:
>
sudo
virsh start s12-1 --console
Note:cio_ignore
is disabled for KVM installationsThe kernel parameter
cio_ignore
prevents the kernel from looking at all the available hardware devices. However, for KVM guests, the hypervisor already takes care to only provide access to the correct devices. Thereforecio_ignore
is disabled by default when installing a KVM guest (for z/VM and LPAR installations it is activated by default).
8.16.2 IBM Z: Connecting to the installed system #
After IPLing the system, establish a connection via VNC, SSH, or X to log in to the installed system. Using either VNC or SSH is recommended. To customize the system configuration or to install additional software packages, start YaST.
8.16.2.1 Using VNC to connect #
A message in the 3270 terminal asks you to connect to the Linux system using a VNC client. However, this message is easily missed, because it is mixed with kernel messages and the terminal process might quit before you notice the message. If nothing happens for five minutes, try to initiate a connection to the Linux system using a VNC viewer.
If you connect using a JavaScript-capable browser, enter the complete URL, consisting of the IP address of the installed system along with the port number, in the following fashion:
http://IP_OF_INSTALLED_SYSTEM:5801/
8.16.2.2 Using SSH to connect #
A message in the 3270 terminal asks you to connect to the Linux system with an SSH client. This message is easily missed, however, because it is mixed with kernel messages and the terminal process might quit before you become aware of the message.
When the message appears, use SSH to log in to the Linux system as
root
. If the connection is denied or times out, wait for the login
timeout to expire, then try again (this time depends on server
settings).
8.16.2.3 Using X to connect #
When IPLing the installed system, make sure that the X server used for the first phase of the installation is up and still available before booting from the DASD. YaST opens on this X server to finish the installation. Complications may arise if the system is booted up but unable to connect to the X server in a timely fashion.