he installation process makes use of scripts, which are also available for free download. Note that some settings in the scripts and in the instructions are specific for Canada, but they can be easily adapted to other countries. For specific user settings and recommendations, go to Instructions for Users.
PREPARATION STEPS
FIRST PHASE OF INSTALLATION
SECOND PHASE OF INSTALLATION
SYSTEM MAINTENANCE
PACKAGES AND SETTINGS
SPECIAL TOPICS
PREPARATION STEPS
- Download the DVD/USB version of the openSUSE 15.1 installation from https://software.opensuse.org/distributions/leap and burn it to a DVD or copy it to a USB. Instructions for burning the ISO file and for creating a bootable USB stick are given in a link at the bottom of the same page.
- Before starting the installation, plan the partitioning of your disk(s). Read all the relevant sections under Special Topics before proceeding. Some additional advice can be found in the openSUSE online documentation. If a clean installation is performed, there is no risk to data, but the partitions cannot be easily changed later without reinstallation. If the system is being updated or dual-booted, care must be taken during partitioning to preserve the existing data. Always make a backup of all user and other relevant information before the installation.
- Always backup your data before starting an installation.
- On machines with UEFI and Secure Boot (MS-Windows) apply any existing updates to your BIOS or GPT before starting the installation. If you are deleting Windows from the machine, use Legacy Boot or at least disable Secure Boot in the BIOS.
FIRST PHASE OF INSTALLATION
The first phase consists of partitioning of the hard disk and installation of a basic version of openSUSE Linux. It is recommended to ask the help of an experienced Linux user for the Partitioning step.
- Boot from DVD or USB stick (this may require an adjustment in the BIOS) and
choose Installation from boot menu.
(Before using the DVD for the first time, select More Options / Check Installation Media and run the test once.) - License Agreement: Next.
- If Network Settings appears, select a network card and Edit: (CFD-Lab)
- In case of laptop, select the wireless card and Edit. Then select Dynamic Address DHCP. Next. Scan network, select the network name, and enter the corresponding settings and Encryption Key (password). Next.
- Hostname/DNS tab:
- Hostname: machine_name; Domain Name: domain.name
- Set Hostname via DHCP to no.
- In case of DHCP, leave everything else as is. OK.
- In case of fixed IP address:
- Name Servers: …; Domain Search: domain.name
- Switch to the Routing tab:
- Default IPv4 Gateway: …
- Device: –
- Switch to the Overview tab:
- Edit the network card (Network Connection), select Statically Assigned IP Address, and set:
- IP Address: …
- Subnet Mask: /24
- Hostname: machine_name
- Next.
- Edit the network card (Network Connection), select Statically Assigned IP Address, and set:
- OK.
- System Probing:
- In case of update with an existing encrypted partition, enter the encryption password for the Encrypted Volume Activation.
- If a network connection exists, activate online repositories with Yes.
- System Role: Check Desktop with KDE Plasma. Next.
- Suggested Partitioning: Click on Expert Partitioner / Start with Existing Partitions. Next:
- When updating systems, mount old /home partition without formatting (in case of RAID, select the RAID volumes on the system view tree) and format only the original swap and / partitions (use ext4 for the latter). In case of encrypted home partition, enter password.
- When installing a New System, see Partitioning details under Special Topics.
- Finish. Accept. Next.
- In case of encrypted home partition, to prevent the boot process from hanging, after the initial phase of installation, add the option nofail to the corresponding entry in /etc/fstab and the options none timeout=300 (time in seconds) to the entry in /etc/crypttab after the installation is complete. Ex.:
/etc/fstab: UUID=….. /home ext4 defaults,nofail 0 2
/etc/crypttab: cr_home UUID=….. none timeout=300
- Clock and Time Zone: Select Canada / Mountain (Edmonton). Leave Hardware Clock Set To UTC checked, unless you are dual-booting with Windows. Next.
- Create New User:
- New systems: Create a temporary dummy user. (Do not use the login name of a real user, as this provisional user will be deleted in the next phase.) Uncheck Use this password for system administrator and Automatic Login.
- Updating systems: Check Import User Data from a Previous Installation and in Choose Users Select All.
- Next.
- Root password: Enter root password carefully. Next.
- Installation Settings: Verify installation settings.
- Booting: In case of a RAID1 array, if Boot from MBR is enabled and Status Location is /dev/sda (MBR) only, then click on Booting and make sure Enable Redundancy for MD array is checked for installation of Grub2 in both disks. OK.
- Booting: In case of UEFI Secure Boot and dual-boot with Windows, openSUSE should recognize and set Boot Loader Type to GRUB2-EFI. Click on Booting and set Enable Secure Boot Support. OK.
- Software: Leave section as is for faster installation.
- Security: click on enable to enable SSH service and on open to open SSH port.
- In case of system update, click on Import SSH Host Keys and Configuration, leave the options as they are, and Accept.
- Network Configuration: In case of wired network, make sure the setup is using wicked (or else switch to wicked). This ensures that the network connection is persistent, even when there no one logged in.
- Click on Network Configuration and switch to tab Hostname/DNS to change Hostname to the proper machine name and Set Hostname via DHCP to no. Next.
- Install.
- Confirm Installation: Install. Installation may take up to 30 minutes.
- Known Bugs:
- Graphics Card Problems: In case of Nvidia cards, if the machine freezes during reboot, boot with the option nouveau.modeset=0. For that, type e during the Boot Menu and add the option to the list of boot parameters, then exit with F10.
- If you have a computer with a high-DPI display, you can set YaST to scale its UI automatically for the display. To do so, add the parameter QT_AUTO_SCREEN_SCALE_FACTOR=1 to the bootloader command line.
- When installing from USB: If the system refuses to “Boot from Hard Disk” after this initial installation, remove the USB key while system is rebooting, boot into the new system and replace the USB key before continuing.
- Problems with UEFI and Secure Mode: see Notes on UEFI. Apply any existing updates to your BIOS or GPT before starting the installation.
- System will reboot.
- If process goes back to main installation menu, choose Boot from Hard Disk and select openSUSE Leap 15.1.
- Click on Different User then login as root.
- YaST Administration Tool: (KMenu / Settings / YaST)
- Release Notes: (Support / Release Notes)) Read the release notes. Close.
- Online Update: (Software / Online Update))
- Accept. (If network was setup at installation, patches may already have been applied and list will be empty.)
- If a server (installation media) is inaccessible, make sure the network connection is working or connect to it using the Network icon in the taskbar (Choose the Classic mode in the KDE Wallet Service). OK, Retry. It may be necessary to retry a few times.
- In case of package management update (“libzypp”), Accept, OK. Online Update will restart, Accept, Continue.
- Accept licenses; Continue. Continue.
- When finished, Next.
- In case of kernel or systemd update, a warning will advise you to reboot after the update.
- This update process may take a while.
- In case a reboot is recommended, KMenu / Power/Session / Reboot.
SECOND PHASE OF INSTALLATION
In this phase the standard openSUSE installation will be adapted with the installation of many additional software packages and with changes in some default settings. Some changes are performed by scripts. For details about the changes, see the comments in each script. If no network connection was obtained in the First Phase, obtain a network connection before continuing.
- Click on Different User and login as root.
- Konsole Session:
- Open a Konsole terminal (KMenu / System / Konsole). Keep this terminal open.
- If no network connection was obtained in the First Phase, update your system before continuing:
- zypper up
- reboot
- Select Boot from Harddisk.
- Login again as root and continue.
- Copy or download the tar-ball SUSE15_Config.tar.gz and save it to /tmp. (CFD-Lab)
You can also download the tar-ball directly from the terminal
cd /tmp
wget http://sites.ualberta.ca/~clange/Linux/openSUSE/15.1/SUSE15_Config.tar.gz - Unpack the downloaded tar-ball
cd /tmp
tar zxf SUSE15_Config.tar.gz
cd Linux/openSUSE/15.1/ - If network, specially the machine name, is not correctly set at this point, correct the following settings in YaST (YaST / System / Network Settings):
- Hostname/DNS tab:
- Hostname: machine_name; Domain Name: domain.name
- Set Hostname via DHCP to no.
- In case of DHCP, leave everything else as is. OK.
- In case of fixed IP address, fix the address, the name server and gateway, accordingly.
- Restart the Wicked deamon
systemctl restart wickedd
- Hostname/DNS tab:
- Installing Additional Packages: Run
./packageinstall_SUSE15
This script adds software repositories and installs many new packages, depending on the configuration chosen (desktop, laptop or cluster). This process takes a while. In case of problem, select the solution that changes software vendor.- In case of Adobe Flash Plugin, continue with yes.
- When accepting the keys to the repositories, type a to trust always.
- In case of dependency conflicts, there are some hints below under Software Management.
- Answer y to view the notifications from fetchmsttfonts and press q to exit the licenses.
- After installation, answer y when asked to Continue with the update of installed packages.
- At the end, the installation DVD/USB is disabled as repository to prevent the installer from requiring the DVD in the future.
- Depending on the speed of the Internet connection and of the machine, this process may take a while.
- Install NVidia Drivers: In case of NVidia graphics cards, before continuing, install the proprietary NVidia drivers to fix stability issues.
- Check to see if the machine is using an NVidia graphic card:
/sbin/lspci -nnk | grep VGA -A2 - Open YaST: KMenu / Settings / YaST.
- Start the Software Management tool: YaST / Software / Software Management
- If the NVidia packages are already selected, simply Accept, Accept the license (as often as needed). Continue.
- If not, search for NVidia packages. Select the corresponding driver, likely x11-video-nvidiaG04. Accept. Continue to accept automatic changes. Accept. Finish.
- Reboot the computer to activate the new driver in the kernel.
- Check to see if the machine is using an NVidia graphic card:
- Custom System Settings: To adapt system configuration files (requires successful run of packageinstall_SUSE15) and to install third party packages, run: (CFD-Lab)
- ./systemconfig_SUSE151
- When prompted, enter the names of the privileged users with full administrator status, i.e. who can run root commands with sudo.
- Answer y if you want to install any of the third party software. Some may require you to download the corresponding installation package and save it to /tmp/Linux/openSUSE/15/packages/ before installation. In this case, you need to run ./systemconfig_SUSE151 again to perform the installation.
- In case of Skype, Virtualbox and Google Chrome, accept Unknown GnuPG Key with Yes or ignore with i in case of Signature verification failed.
- YaST Administration Tool: (KMenu / Settings / YaST)
- Adapting user environments (YaST / Security and Users / User and Group Management): (CFD-Lab)
- New System: In case of a new system, apply the adapted user environment resulting from systemconfig_SUSE151:
- Delete the temporary first user (select user, Delete, check Delete Home Directory, Yes). Then OK to close the window and perform the changes, and then open the same window again.
- Create users as required:
- Create all users for the system.
- In the Details tab, add the new users to the video group in Additional Groups (check video) in case of NVidia graphic cards.
- In Expert options. . . / Login settings make sure Auto Login and Passwordless Logins are unchecked!
- Encryption: Encryption is now mandatory at the University of Alberta. Since the option of Use Encrypted Home Directory is no longer available in openSUSE, the best option is to encrypt the entire home partition (see Partitioning). Alternatively, users can create an Encrypted Virtual Disk and mount them as directories/folders to store sensitive data. Remember that any computer can be compromised, if a malicious person has physical access to it. With an encrypted home partition or encrypted folder at least the user’s data will remain protected.
- OK.
- System Update: In case of system update, there is no need to adapt the user environment, when updating from Leap 15.0 to 15.1.
- New System: In case of a new system, apply the adapted user environment resulting from systemconfig_SUSE151:
- Online Update Configuration (YaST / Software / Online Update Configuration)(restart YaST, if this tool does not appear):
- Import Untrusted GnuPG Keys with Yes or Trust, if necessary.
- Enable Automatic Online Update. Interval: weekly. Set Skip Interactive Patches, Agree with licenses and Include Recommended Packages and Use delta rpms.
- To prevent the automatic update process from being halted by issues with non-official repositories, enable Filter by Category and Add from the pull-down menu the main categories: Security and Packagemanager and YaST.
- To install the interactive patches (such as kernel updates) and other patches, run from time to time as root or sudo:
zypper up - OK.
- /etc/sysconfig Editor (YaST / System / /etc/sysconfig Editor):
- Applications / Words / ENGLISH_WORDS: canadian (delete the other entries)
- Next two items in case of RAID1 only:
- System / File systems / Mdadm / MDADM_MAIL: add users to receive e-mail in case of RAID failure (format: ,user@localhost).
- System / File systems / Mdadm / MDADM_RAIDDEVICES: add devices, e.g. /dev/md0,/dev/md1.
- OK. Save.
- Kernel Settings (YaST / System / Kernel Settings): In case of laptop or netbook with solid state disk (SSD) and flash drive, change the Global I/O Scheduler to Deadline for better performance.
- Security and Users:
- Firewall (YaST / Security and Users / Firewall): (CFD-Lab)
- Select the network card under Interfaces (e.g. eth0) and click on Change Zone, then select zone work (or public in case of wireless card).
- Services:From the Zones list select work or public:
- Make sure ssh is Allowed. Or else select it on the Known list and Add.
- Add also nfs to mount remote file systems.
- Add also kdeconnect-kde to enable connection with an Android device, if desired.
- Add other services from the list, as needed.
- In case of a printer server (Shared Printer), Add ipp. If instead the machine needs to access a remote printer, Add ipp-client.
- Accept.
- For more advanced Firewall settings for networked printers and scanners, check out http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- Security Center and Hardening (YaST / Security and Users / Security Center and Hardening):
- Predefined Security Configurations: select Workstation.
- Password Settings: Minimum Acceptable Password Length: 10 and Password Age: Minimum: 0.
- Boot Settings: Interpretation of Ctrl+Alt+Del = Halt.
- OK.
- Firewall (YaST / Security and Users / Firewall): (CFD-Lab)
- Printer (YaST / Hardware / Printer):
- Local Printer:
- Printer Configurations: Add and setup local printer. Select one of the drivers and set default paper size to letter. You can Set Arbitrary Name to something more meaningful. OK. Then Print Test Page.
- In case of HP printer, specially multi-function printer, Run hp-setup from the Add window to install the HP management tool ‘HP-systray’. The user will be required to download the corresponding plugin on the first use of the printer.
- Additional Printer Drivers: If the printer is not found among the listed printer drivers, even if clicking on Find More, then try the following:
- Click on Driver Packages.
- Select all driver packages. OK.
- Install each driver package (one by one).
- YaST2 will automatically perform a new search through the installed packages and hopefully find the appropriate printer driver. Select it. OK.
- After initial setup, Edit profile to be able to set All Options for the Current Driver. Here you can select the default settings for the printer. These settings can later be adjusted by changing the Properties at time of printing. Here you can also set the Use as Default option.
- Share Printer: (CFD-Lab)
- Start the CUPS deamon (cups in YaST / System / Services Manager) and set Start Mode to On boot.
- Under Share Printers, check Allow Remote Access, as well as the sub-item For computers within the local network, adding the network interface (usually eth0).
- Add to field Allow the space-separated list of IP addresses that should use this printer (this list will prevent other machines in the LAN from using this printer server). Alternatively, leave the address fields blank to allow general access from the LAN, in which case you should set Publish printers in the local network.
- Don’t forget to open the CUPS ports (ipp) in the firewall (see Firewall above).
- Remote Printer: (CFD-Lab)
- In case of a single remote print server running CUPS:
- In YaST / System / Services Manager Stop both cups and cups-browsed deamons. Also set both Start Mode to Manually.
- Open YaST / Hardware / Printer and do not Restart locally running CUPS daemon. Accept the 3 error messages with OK.
- Under Print via Network check Do All Printing Directly via One Single CUPS Server, and enter the print server IP address in the field. Test Server. OK. OK.
- Alternatively, use the Connection Wizard to connect to a CUPS Server (IPP) and select the Raw Queue instead of a printer manufacturer, if the CUPS server is a Linux machine.
- In case of multiple print servers:
- In YaST / System / Services Manager make sure the deamon cups-browsed is running. Or else select it and Start and set Start Mode to On boot.
- Under Printer Configurations click on Add and then on Connection Wizard to add each remote printer.
- In case of a single remote print server running CUPS:
- OK. OK.
- Local Printer:
- Adapting user environments (YaST / Security and Users / User and Group Management): (CFD-Lab)
- LibreOffice Extensions: Start LibreOffice Writer (KMenu / Office / LibreOffice Writer), then click on Tools / Extension Manager and Add the following extensions (For all users):
/tmp/Linux/LibreOffice/dict-en-20200101.oxt (Canadian English dictionary)
/tmp/Linux/LibreOffice/gallerysignauxdangers.2.0.5.1.oxt (danger signs clipart)
/tmp/Linux/LibreOffice/Sun_ODF_Template_Pack2_en-US.oxt (page down and accept license)
/tmp/Linux/LibreOffice/Sun_ODF_Template_Pack_en-US.oxt (page down and accept license)
/tmp/Linux/LibreOffice/TexMaths-0-48.oxt; Check for Updates; Install; OK (insert LaTeX equations as images)
then Close. You can find many more extensions at extensions.libreoffice.org and templates at templates.libreoffice.org. - Dual-boot with Windows: To allow read/write, instead of read-only, on NTFS partitions you need to edit the corresponding entry in /etc/fstab to remove the ro (read-only) parameter. The parameters (after ntfs-3g) should read:
user,users,gid=users,umask=0002 - Reboot the machine (KMenu / Leave / Restart).
- From this point on, avoid logging in as root in a graphical desktop, such as KDE.
- User Settings: In addition to the main system setup steps performed here, each user needs to adjust their own environment. The Instructions for Users list those adjustments, as well as useful information about Remote Connections, Online Resources, etc.
SYSTEM MAINTENANCE
- System Administrators: The users entered as administrators during Custom System Settings can run the administration tool YaST without knowing the root password in a terminal:
sudo /sbin/yast
or in graphical mode:
xhost + ; sudo /sbin/yast2; xhost –
Don’t forget the last part in the command sequence above to restore the secure access control to Xorg! - Manual System Patching: The automatic patch installation sometimes fails in the case of conflicts. When Apper indicates that new patches were not installed overnight (gear symbol with down pointing arrow), then install the patches clicking on the icon and following the prompts. Alternatively, run the update in command line mode:
sudo zypper up
Reboot the machine afterwards, only if instructed to do so. If not, it is recommended to logout and login again to avoid desktop freezing. - Time Synchronization: If the computer time drifts or changes, NTP may not have been setup during installation. Open Yast2 / Network Services / NTP Configuration and check Now and on Boot.
Then Add a Server, Select a Public NTP Server in Canada. OK. OK. - Laptop Set Time: When NTP is not running continuously in a laptop, but an NTP server was entered in Yast2 / Network Services / NTP Configuration, time can be corrected by root in a terminal with the command:
service ntpd ntptimeset
whenever the laptop is connected to the Internet.
PACKAGES AND SETTINGS
To install RPM packages prepared for openSUSE15, right-click on the package file and Open with Install/Remove Software. Alternatively, install package with sudo zypper in package.rpm. Most packages are found in the corresponding Community Repository (see below) or in the openSUSE Build Service (http://software.opensuse.org/search) as 1-Click Install.
- Repositories: (KMenu / Settings / YaST / Software / Software Repositories) To add specialized repositories of software packages, click on Add and either enter a Specified URL, or select from a list of Community Repositories. OK.
- Software Management: (KMenu / Settings / YaST / Software / Software Management) To install additional packages, browse the Patterns and Package Groups (you may need to activate these tabs by selecting them under the View pull-down menu), selecting packages to install:
- Dictionaries:
- In Package Group Office select aspell, ispell and myspell dictionaries, as required. myspell dictionaries are also recognized by LibreOffice. Do not select items in the Localization group, unless you want program menus in that language.
- To verify which is the compose key for accents and special characters, check your local ~/.Xmodmap file.
- Repositories: here is the best place to check if packages need updates (blue):
- Package / All in This List / Update if newer version available
- Dependency Conflict:
- If the conflict occurs because the newest version is at another repository, it is usually safe to change the repositories (enter corresponding option number) or to replace the file (yes).
- If there is a conflict with no clear solution, it is preferable to choose the option that says Do not install …, then OK – try again.
- Alternatively, cancel the warning, right-click on the package that caused the conflict and either select Do Not Install, if the original intent was to install, or select Keep, if the original intent was to update the package.
- In case many packages were selected, it is better to cancel the install completely and start again installing one package at a time.
- Accept all licenses and automatic changes: Continue. If the process times out and says that server is unavailable, Retry to continue.
- If a new kernel is installed, reboot.
- Note: If the samba server is installed (not default), then run again systemconfig_SUSE151 afterwards (see Custom System Settings).
- Dictionaries:
- X2Go: (installation may have been performed by systemconfig_SUSE151)
- X2Go is a highly efficient remote X server based on the NX3 technology.
- Find instructions for use of X2Go in the User Settings under Remote Connections.
- Skype: not revised yet.
- Google-Chrome: Since Adobe is no longer supporting Flash plug-in for Linux, Google Chrome is the only browser that can show Flash animations with its built-in tool. Download and install the RPM package.
- VirtualBox: (installation may have been performed by systemconfig_SUSE151) To install Linux or Windows virtual machines, use Oracle’s VirtualBox binary packages, which offer USB control and remote desktop access. There are 32 and 64 bit versions available. Install from the VirtualBox repository for openSUSE (http://download.virtualbox.org/virtualbox/rpm/opensuse/42.1/). Install the package dkms first and run /etc/init.d/vboxdrv setup after installation.
- Laptop:
- Wireless: If the wireless card is not recognized and set automatically, install kndiswrapper, ndiswrapper and ndiswrapper-kmp-default and follow the instructions in http://en.opensuse.org/SDB:Ndiswrapper.
- Touchpad: To adjust the touchpad, go to KMenu / Configure Desktop / Hardware / Input Devices / Touchpad.
- Tablet PCs: Touch and digital pen should be fully supported. Use Xournal to annotate PDFs and write notes on the tablet.
- Power Management: For a more refined and optimized power control than KDE Power Management offers, run powertop in a terminal as root.
- CrossOver Linux: (commercial Windows emulation, only installed in selected machines, since it needs license payment) Uninstall the openSUSE wine package first. Install the latest version of CrossOver Linux from /tmp/Linux/CrossOverLinux. Always install Windows programs as a user, not as root. From CrossOver 11 on, you need to enter the registration to unlock the installation, running KMenu / Applications / CrossOver / Register and Unlock (enter root password). To make the same Windows software available to all users, run KMenu / Applications / CrossOver / Manage Bottles. Select the bottle containing the software, then go to the Advanced tab and click on Publish (enter root password).
SPECIAL TOPICS
- Partitioning: Recommendations for partitioning a new system:
- If you do not have experience, it is better to use the Guided Setup option and follow the recommendations.
- When installing a New System, make sure to use a GUID Partition Table (GPT). If unsure, go to Expert… and Create New Partition Table of type GPT.
- BIOS Boot: On all disks with GUID Partition Table (GPT), create first a small partition at the beginning of each disk (8 or 16 MiB), Do not format, Patition ID: BIOS Boot Partition, Do not mount device. This partition is needed to hold the second stages of the GRUB boot loader.
- Root partition: 40 GiB (for systems without large simulation software) to 160 GiB (for systems with large simulation software) with Role of Operating System of type ext4, mounted as /.
- Swap partition: one to two times the size of RAM (2 if system has low RAM, >=1 for laptops, because this partition is used to store the memory during sleep).
- Home partition: rest of the drive (use Role of Data and ISV Applications and type ext4), mounted as /home.
Important: For the entire /home partition to be encrypted, check Encrypt device, then enter the Encryption password. To prevent the boot process from hanging, add the option nofail to the corresponding entry in /etc/fstab and the options none timeout=300 (time in seconds) to the entry in /etc/crypttab after the installation is complete. Ex.:
/etc/fstab: UUID=….. /home ext4 defaults,nofail 0 2
/etc/crypttab: cr_home UUID=….. none timeout=300 - (For laptops) Fstab options…: Check No Access time in all partitions to save battery.
- RAID: see RAID topic below.
- NTFS shrinking and repartition: Always defrag the partition first. In new Windows 8 machines, run chkdsk /f in eleveated mode (Administrator Command Prompt) and reboot into Windows twice. See topic Parted below.
- UEFI: In case of UEFI, find the existing Windows partition of type EFI boot and mount it to mount point /boot/efi without formatting. YaST2 will give a warning about this partition being mounted without formatting, but it can safely be ignored. See more details at https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.uefi.html.
- IMPORTANT: To increase the chances of data recovery in case of hard disk failure, always write down a table with devices, sizes, FS type, mount points and start/end, as shown in the “Hard Disks” view.
- Finish and Accept.
- For a GUI-based partitioning tool, when the system is running normally, try KMenu / System / GParted.
- Encrypted Partitions: To create encrypted partitions with LUKS, such as /home, see Partitioning above. Here are a few hints to help maintain LUKS encrypted partitions:
- To mount a LUKS encrypted partition from an external disk, say /dev/sdc1:
cryptsetup luksOpen /dev/sdc1 cr_tmp
mount /dev/mapper/cr_tmp /mnt
Or to mount the encrypted home partition, if the system reboots unattended, use the 2 entries in /etc/crypttab in reverse order to open the device, then mount the device, for example:
cryptsetup luksOpen /dev/md2 cr_home
mount /dev/mapper/cr_home /home - To create a new encrypted folder:
- First create an empty image file (size is in bytes, e.g. 100G):
fallocate -l size crypt_dir.img - Then turn the image into an encrypted LUKS container:
cryptsetup -y luksFormat crypt_dir.img
Type YES and enter the passphrase twice. - Finally, open the container, format it, and mount the folder:
cryptsetup luksOpen crypt_dir.img crypt_dir
mkfs.ext4 /dev/mapper/crypt_dir
mkdir /mnt/dir
mount /dev/mapper/crypt_dir /mnt/dir
- First create an empty image file (size is in bytes, e.g. 100G):
- To change the encryption key from a LUKS partition, say /dev/md2:
- Check which slot is being used (ENABLED) by the partition:
cryptsetup luksDump /dev/md2 - Change the passphrase for the identified slot, say Key Slot 0:
cryptsetup luksChangeKey /dev/md2 -S 0
- Check which slot is being used (ENABLED) by the partition:
- To change the label of an encrypted partition (must be open, say cr_tmp):
e2label /dev/mapper/cr_tmp new-label - It is also possible to add more keys (passphrases) to a partition:
cryptsetup luksAddKey /dev/md2 - To unmount a LUKS encrypted partition from an external disk, say /dev/sdc1:
umount /dev/mapper/cr_tmp
cryptsetup luksClose cr_tmp - To find all crypto_LUKS devices currently open:
lsblk
- To mount a LUKS encrypted partition from an external disk, say /dev/sdc1:
- Protecting SSD Drives: Solid State Drives (SSD) are very fast, but they also can wear out much faster (i.e. fail sooner) than spinning disks, if not properly cared for. A good set of hints for protecting your SSD can be found here:
- 5 Tweaks from Going Linux.
- Formatting USB Disk Drives: USB memory sticks and USB external hard disks are extremely convenient means of transporting data. They are usually pre-formatted with either FAT32 or NTFS partition formats. They are automatically recognized in KDE and can be easily mounted through the automounter (in the pop-up window select Open with File Manager). However, because of the limited capabilities of these file formats, files copied to them cannot store associated information, such as user and group ownership, file permissions, etc. When files are copied back to a Linux disk, the automounter assumes the most permissive settings (ownership by the current user and full permissions (rwx) to all). Modification dates may also not be preserved. Although the permissions can be somewhat corrected using the recursive alias command cleanmode, which is part of ~/.alias in this installation.
(Note: Memory sticks should never be relied upon for backup or to keep single copies of a file. They can easily be permanently and irrecoverably damaged, if they are exposed to a strong magnetic field or if their flash controller electronics fails.)
To preserve all file informations, create another partition or reformat the entire USB drive with a Linux file system, such as ext4. This can be done with YaST / Partitioner or KMenu / System / GParted. Just make sure you work on the “hard disk” associated with your USB drive. Once the Linux partition is created, remove and reinsert the USB drive to mount the partition with the automounter. Then create the following directories (folders) in a terminal as root.- Create as root one directory for each user in the partition:
mkdir /media/…/userid
chown userid.users userid/
and remember that it is the user number in the target machine (see /etc/passwd) that determines the ownership. - Create as root one directory that is writable to all users, so other users can save things on the USB drive:
mkdir /media/…/share
chmod a+rwx /media/…/share
- Create as root one directory for each user in the partition:
- RAID: If you join 2 identical hard disks in a software RAID 1 (mirror RAID), you get data redundancy that allows you to survive a disk crash without downtime. Linux based software RAID also allows you to plug one or both disks in any other Linux machine and read the data without hardware compatibility issues posed by RAID controllers. NOTE: The use of RAID should only be viewed as a convenience, and never be considered a backup.
To create a mirror RAID out of 2 identical hard disks at installation:- Create: in the Expert Partitioner during installation or using YaST / System / Partitioner:
- Create identical individual partitions in all disks. Do not format! Set Role as Raw Volume (unformatted) and Partition ID as Linux RAID. Do not mount.
- After setting up the first disk, change to the Overview tab and select at the bottom Partition Table / Clone Partitions to Other Devices to easily copy the same partitions to the second disk.
- Go to the RAID item of the System View tree and Add RAID. Create each RAID, selecting Type RAID 1 (Mirroring), and adding the partitions from both disks to the corresponding RAID. Next. Next.
- Go to the RAID item (e.g. md0)) and in the Partitions tab Add Partition.
- Select the Role of Operating System for the root partition and Data and ISV Applications for the home partition. Next.
- Finish each RAID, formatting with Ext4 and selecting the mounting points. Fstab Options: check Extended User Attributes. Set Encrypt Device in the case of /home.
- Existing RAIDs that are not to be formatted, such as /home, should just set a mounting point using Edit… . Disregard the proposed RAID names (linux:1), which will later change to md1 by themselves later.
- Accept. Next.
- YaST2 / System / /etc/sysconfig Editor:
- System / File systems / Mdadm / MDADM_MAIL: add users to receive e-mail in case of RAID failure (format: ,user@localhost).
- System / File systems / Mdadm / MDADM_RAIDDEVICES: add devices, e.g. /dev/md0, /dev/md1.
- Install Grub2 in both disks (new): Check if /etc/default/grub_installdevice has 2 entries, one for each disk ((hd0) and (hd1)). If not, install Grub2 in both RAID1 disks, so both are bootable.
- Check the device name of the disks with
fdisk -l - Usually Grub2 is installed only on the first disk (say /dev/sda). To install it also on the second:
grub2-install /dev/sdb
- Check the device name of the disks with
- Check status: The status of RAID can be seen with
cat /proc/mdstat
where the [UU] or equivalent part indicates that both partitions that make up that RAID are up. In case one partition fails, it becomes inactive and the U is replaced by an underscore. In this case, the users entered in the /etc/sysconfig list above receive an e-mail, which can be seen with the mail command. - Restore disk: If the status shows one of the disks is not active, first try restoring the disk as in c) below. Watch with
journalctl -f
for any error in the hard disk.
In case I/O error is reported by journalctl, the failed disk needs to be replaced as soon as possible:- Remove failed disk and replace by another of identical (or larger) size.
- Partition the new disk (say /dev/sdX) with YaST exactly as the other (identical partitions). Do not format. Flag as 0xFD Linux RAID.
- As root, add partition sdXN back to the RAID mdM with:
mdadm /dev/mdM –add /dev/sdXN - Observe status with
cat /proc/mdstat
- Retrieve data: To retrieve data from a RAID, attach the disks to a machine, turn it on and use
cat /proc/partitions
to find out the device names of the disks and their partitions. Assuming the disks are named /dev/sdc and /dev/sdd and each has N partitions, you can query which RAID device was associated with partition N running
mdadm –examine /dev/sdcN /dev/sddN
This will report the order (see table at the end, Number of this device). Now, reassemble the RAID using the next available (non-used) M number (check existing ones with cat /proc/mdstat) and keep the exact same order of devices (example: /dev/sdcN was device 0 and /dev/sddN was device 1)
mdadm –assemble /dev/mdM /dev/sdcN /dev/sddN
Then mount the RAID with
mount /dev/mdM /mnt or
mount /dev/mdM /mnt/tmp
In case one disk has failed after the RAID was removed, e.g. only disk /dev/sdc can be seen with cat /proc/partitions but mdadm –assemble refuses to create RAID with one disk only, force the reassembly of mdM with
mdadm –assemble –run /dev/mdM /dev/sdcN
mount /dev/mdM /mnt
- Create: in the Expert Partitioner during installation or using YaST / System / Partitioner:
- Parted: If installation fails due to partitioning error during shrinking of an NTFS partition on a dual-boot machine, you may need to use the command line tool parted to fix the disk partitioning before restarting your installation. You will need the table copied from the “Hard Disks” section of the installer (see Important Note above).
- Reboot and select “Rescue System” from the DVD Menu and login as root (no password).
- Run parted and use help or help command to get help within Parted:
- select /dev/sda (or hda or other name of disk being partitioned)
- unit cyl (display values in cylinders)
- print all (see what was actually done during the failed attempt to repartition)
- rm N (remove all partitions N created after the last NTFS partition)
- mkpart typecyl_start1cyl_end1 (partition type can be primary, extended or logical, start and end should be from the table)
- mkpart typecyl_end1 +1 cyl_end2 (make sure the next partition starts one cylinder past the end of the previous one)
- print all (check what you did)
- quit
- reboot
- Restart installation process and simply Edit file system types and mounting points of the existing partitions.
- For a KDE-based partitioning tool, when the system is running normally, try KMenu / Applications / System / File System / Partition Editor.
- Using Windows Shares: Make sure samba-client is an Allowed Service in the Firewall and the samba-client package was installed during Custom System Settings (or else rerun systemconfig_SUSE151). To mount Windows shares from MECE, proceed as follows:
- Mounting Windows Shares:
- For a temporary mount, go to the Places panel of Dolphin, click on Network, then click on Samba Shares.
- Alternatively, if the available shares do not show up for browsing, type the Windows share directly in the Location bar. Example:
smb://www.mece.ualberta.ca/users/ - For a permanent mount, create a hidden file (and only readable to user) containing your Samba username and password as follows:
username=foo
password=plaintext
and add the following line (single line) to /etc/fstab for automatic mounting at reboot:
//servername/shareddir /mnt/mounteddir cifs rw,file_mode=0640,dir_mode=0750,credentials=/path/.hiddenfile,user=foo,uid=userid,gid=users 0 0
- Exchanging files with a Windows Share:
- For interactive mode, use smbclient in the same way as an FTP client:
cd localdir
smbclient //server/share
cd remotedir
put filename
mput file*
recurse (toggles recursive mode on, test with ls)
mget * - For batch mode, you can transfer a complete directory with one command:
cd localdir
tar cvf – . | smbclient //server/share -D remote/dir -Tx –
- For interactive mode, use smbclient in the same way as an FTP client:
- Mounting Windows Shares:
- MECE Printers: (CFD-Lab)