HP Integrity Superdome SX1000 SmartSetup Scripting Toolkit Deployment Guide: H - Page 38

Setting Repository Access Permissions, Creates four partitions: EFI System Partition ESP

Get HP Integrity Superdome SX1000 PDF manuals and user guides View all HP Integrity Superdome SX1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

The script performs the following operations: 1. Creates four partitions: EFI System Partition (ESP), HP Service Partition (HPSP), the Linux-swap partition, and the Linux partition. 2. Formats these partitions. 3. Copies the Linux distribution boot files to the ESP partition. 4. Updates the unattended files. 5. Creates a new boot option in the EFI boot manager, which starts the Linux Setup process. 6. Reboots the server. NOTE: The parted utility uses decimal, instead of binary, units to measure disk size. This means that the parted command treats 1 KB as 1000 bytes, 1 MB as 1000 KB, and 1 GB as 1000 MB. Other programs calculate this conversion based on multiples of 1024 (2^10). As a result, when you specify a size as an argument to the parted command, the actual size is slightly less than you expect. Multiply a factor of 1.0464 (1.024 x 1.024) to the size in MB of the partition you want to have. Then add it to the start of the partition (to account for the other partitions). Setting Repository Access Permissions There is no reason to allow write permission to the entire SSTK repository. If you restrict the directories to which users have write access, you increase security. Also, you guarantee the integrity of the files which should remain read-only permission. SSTK allows this secure configuration through two NFS mounts: one for the repository root and other for the data_files directory. It is up to the system administrator to configure the NFS repository as to support your environment. The following is the recommended visibility of the SSTK repository over NFS: Directory SSTKLnx3.3 |-- boot_files |-- data_files |-- os |-- scripts |-- software `-- utilities Permissions R R RW R R R R NOTE: In the following examples, the "*" means that "any host" is allowed to mount this shared directory. The security can be improved even more by specifying only the target hosts rather than "any host". An example of secure permissions set for an NFS repository is as follows: /etc/exports: /repository/SSTKLnx3.3 *(no_root_squash,async) /repository/SSTKLnx3.3/data_files *(rw,no_root_squash,async) An example of simple (insecure) permissions set for NFS repository is as follows: /etc/exports: /repository/SSTKLnx3.3 *(rw, no_root_squash,async) 38 Setting Up the Toolkit Environment

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
The script performs the following operations:
1.
Creates four partitions: EFI System Partition (ESP), HP Service Partition (HPSP), the
Linux-swap partition, and the Linux partition.
2.
Formats these partitions.
3.
Copies the Linux distribution boot files to the ESP partition.
4.
Updates the unattended files.
5.
Creates a new boot option in the EFI boot manager, which starts the Linux Setup process.
6.
Reboots the server.
NOTE:
The
parted
utility uses decimal, instead of binary, units to measure disk size. This
means that the
parted
command treats 1 KB as 1000 bytes, 1 MB as 1000 KB, and 1 GB as 1000
MB. Other programs calculate this conversion based on multiples of 1024 (2^10). As a result,
when you specify a size as an argument to the
parted
command, the actual size is slightly less
than you expect.
Multiply a factor of 1.0464 (1.024 x 1.024) to the size in MB of the partition you want to have.
Then add it to the start of the partition (to account for the other partitions).
Setting Repository Access Permissions
There is no reason to allow write permission to the entire SSTK repository. If you restrict the
directories to which users have write access, you increase security. Also, you guarantee the
integrity of the files which should remain read-only permission. SSTK allows this secure
configuration through two NFS mounts: one for the repository root and other for the
data_files
directory. It is up to the system administrator to configure the NFS repository as to support your
environment.
The following is the recommended visibility of the SSTK repository over NFS:
Permissions
Directory
R
SSTKLnx3.3
R
|-- boot_files
RW
|-- data_files
R
|-- os
R
|-- scripts
R
|-- software
R
`-- utilities
NOTE:
In the following examples, the “*” means that “any host” is allowed to mount this shared
directory. The security can be improved even more by specifying only the target hosts rather
than “any host”.
An example of secure permissions set for an NFS repository is as follows:
/etc/exports:
/repository/SSTKLnx3.3 *(no_root_squash,async)
/repository/SSTKLnx3.3/data_files *(rw,no_root_squash,async)
An example of simple (insecure) permissions set for NFS repository is as follows:
/etc/exports:
/repository/SSTKLnx3.3 *(rw, no_root_squash,async)
38
Setting Up the Toolkit Environment