| What is it? | Justify | Functions | On Desktop | Details | Installation | Top |
Contents:
It has a nice black aluminum extruded case.
Remove two screws on the rear panel. Tilt the top outward. The grabbers along the bottom edge will let go eventually.
Pull the motherboard out to the rear by wiggling it from side to side. The grounding thingies point in an unfavorable direction: it goes in easily but doesn't want to come out. Likely the techs have something like a shoehorn which can get the mobo right out with no hassle. It might be worth a person's while to cut something out of a thin plastic or cardboard sheet that would slide under the grounding thingies and bring out the mobo.
You will find that the motherboard is prominently labelled
Ion A603
.
The DIMM socket for the memory (factory installed) is on the bottom.
The motherboard includes the disc tray, PATA cable, disc mounting hardware, and internal speaker. They also give you a piece of mylar and a rubber rattle suppressor for a flash disc that installs on the PATA connector, which my configuration doesn't have. Internal construction is very solid.
Follow the manual's instructions to attach the hard disc to the tray. The manual assumes that the disc tray is not yet attached to the mobo. I did things in this order:
Put the mobo back into the case (it sticks out the rear about 3 mm). Re-attach the back cover and replace its two screws.
These instructions are for the INOi DW560C-0000 5.25" USB & 1394 ODD External Enclosure.
Be careful removing the 6 screws holding the top and bottom shells together. They are too small for a Phillips #1 driver and too big for #0, so with either one you tend to spin over the slots, damaging the head. I was successful using the #0 driver and pressing hard to hold it down.
The bottom shell is the removeable part. But the front bezel is attached to the bottom by a grabber which must be squeezed to make it let go.
Insert the drive through the bezel from the front. The bottom mounting holes need to line up with thru holes on the bottom of the case, for final attachment. They give you screws in a little bag taped to the bottom access hatch.
Suggestion when attaching the IDE/ATAPI cable: remove it from the
circuit board first, attach it to the drive, then attach to the board.
Alternatively you may have more luck sliding the drive in part way so you have
room to work.
The cable needs to zag about 2 cm to the right, which will cause the wires
to separate; don't panic; this is normal
.
The cable needs to bend down behind the drive. You may have an easier time getting it down there than I did if you connect the drive when it isn't slid all the way in.
Finally, slide the drive in, and put the bottom shell in position. I inserted and tightened the four drive screws first, then the six screws holding the halves together. Remember to make the grabber on the bezel grab onto the bottom shell.
It worked the first time, both burning CDs (as a test) and installing Linux on the Koolu.
There is a button on the back for power, but I have not discovered when you have to press it, or how to make the power supply turn off (if you wanted to). The enclosure stays active after power cycles.
When you boot, things happen a lot faster than on an Intel motherboard, so try to have your monitor lit up ahead of time. You may want to just let it get into the PXE booter, then hit ctrl-alt-del to retry.
Immediately after rebooting hit shift-F10 to activate PXE (network boot) configuration. The major item is the second one, boot mode. Default is int 19h meaning to attempt network booting, then if it fails (which it will, if you haven't set up your server), attempt local devices. Change this to int 18h, meaning to skip PXE and boot local devices in the order configured in the BIOS. Before you get this configured, just wait 10-15 seconds for the PXE booter to time out.
Hit Del immediately after USB is activated (it's a USB keyboard). This drops you into setup. I changed these settings:
PartitioningI discuss what to do about this. I haven't had any trouble using the 160 Gb disc. You don't need to change anything in this section.
I left these as-is.
I did SuSE installation off the DVD for version 10.3. Installation was very normal.
After I set the timezone, probably leaping 3 hours into the future, the screen stayed blank, probably DPMS due to 3 hours of inactivity. Press Shift to wake it up.
Planning to do a user experience evaluation, I picked the Gnome installation. For a server I would normally pick Other-Minimal Graphic System.
Partitioning: Since this BIOS cannot address over about 136 Gb, on the larger disc it is essential to create a partition wholly within this limit where the booter (GRUB) and kernel can reside. I'm going to test Microsoft Windows on the machine, so I need two bootable partitions. Here is the configuration I settled on.
When I'm done testing Windows I will recover by this procedure:
Dreamer! Windows didn't want to install in the partition provided for it, and I ended up trashing the partition table. The actual procedure was to copy all Linux data to another machine, wipe the partition table, install Windows (in a 20 Gb partition at the beginning), then wipe the disc, repartition, and bring back the Linux data in its proper partitions.
Software selection: I suppressed AppArmor and added KDE-3, XFCE, DHCP, DNS, and various other development and server packages. Total to be insalled: 3.26 Gb (not compressed but excluding logs and package database in /var).
Installation timing:
| Step | Time | Length (mins) | Activity |
|---|---|---|---|
| Start | 20:30 | 50 | Set up configuration |
| Finish selections | 21:20 | 80 | Install packages |
| Finish packages | 22:40 | 20 | Reboot, post-install |
| Finish everything | 23:00 | ||
| Total installation time | 150 |
In a SuSE installation from the DVD or from a local media server the limiting resource is CPU time, and the Koolu was noticeably slower to install the packages than Intel desktop systems I've done recently at work (that use 6 times more power).
Sax2, the X-Windows setup program in SuSE, failed to recognize that the "amd" X-server module was appropriate for the AMD Geode, and gave me "fbdev" instead, the VESA framebuffer driver. The fix is described here, with a link to my xorg.conf file.
Follow this link for a discussion of cryptographic issues.
Machine names: Jacinth
is the new Koolu, and Fafnir
is the old
home server, a Dell Dimension 4600 with an Intel Pentium 4 at 2.4 GHz, which is
being replaced. Functions are listed here in the approximate order of being
worked on.
SSH Shell Access: The configuration on Fafnir was carefully compared with parameters for the latest SSH version, and newly added parameters were configured as I want them. SSH is now operational.
Gateway: The firewall configuration was copied from Fafnir and worked with only one glitch: needed to add to /etc/services: sane-data 6567/tcp. Dhclient configuration (for DSL line) was also copied, and worked properly.
DNS Server: Configuration from Fafnir copied over and it works. After deployment, Jacinth is recognized as the master server by other hosts.
VPN Terminus: The configuration from Fafnir was copied to Jacinth. It works properly, and in fact was used to retrieve 0.38 Gb of online updates from the enterprise mirror at work.
Kerberos Server: Kerberos database was copied to Jacinth, and it seems to be working as a slave server. After deployment, it is functioning as the master server.
NTP Time Synchronization: Master and slave configurations copied over. Jacinth had no problems operating either as a slave or as a master. However, it's necessary to tell the other clients that the master is now Jacinth, which I forgot, leading to chasing my tail for quite a while.
IPP Printing: Installed the Epson print daemon. If the Koolu is required to render a relatively simple web page with one small picture, sent over as PostScript, it can barely run the inkjet printer at half speed. But if the clients render the pages locally and send over the larger raw files, CUPS on the Koolu can send them to the printer with no noticeable CPU load. More discussion can be found here.
XMPP/Jabber Server: This took some struggle. I installed jabberd-2.0s11-23.2 from the SuSE Build Service. Due to library problems with Berkeley DB I couldn't keep the old database, so I upgraded to SQLite-3. It's working and tested now.
HTTP Web Portal: Copied over; edited with new name, logo image and photo credit. Working, including CGI scripts for machine control. Speed test: sending out streaming audio at 112 Kbit/sec, there was no visible load on the CPU.
Backup and Burning: After straightening out the usual confusion about device permissions, setUID operation, etc., we were able to use our normal procedures to back up the other machines onto the Koolu, burn the data onto a disc, and verify it. With a procedure improvement, we're doing it almost twice as fast as before.
SMTP Outgoing Mail: Copied the configuration from Fafnir and set up session cache files (/var/spool/postfix/{smtp,smtpd}_scache.db mode 600 owned by root). Added symlinks to certificate authorizing access to the work net. Additional fixups required: Uncomment the line in master.cf for tlsmgr. Changed explicit hostname in main.cf::myhostname from Fafnir to Jacinth. That done, it sends mail using TLS.
DHCP Server: Configuration from Fafnir was copied over. The startup script was hacked so DHCP won't start if the machine is on an alien net, e.g. a demonstration at work. It is now serving dynamic addresses to the local domain.
Wireless Network: There are USB wireless NICs whose drivers are included in the kernel, but I don't have one of those. My Netgear WG111v2 uses a Realtek chipset, but I was not able to get the driver to compile in kernel 2.6.22. (Plus the code looks a bit unsalubrious.) This function is going to have to be delayed: either I'll buy a standardly supported NIC, or track down recent patches to the driver. And plan to recompile it on every security update to the kernel that I get from my distro.
Image Scanning: The xsane software works and can capture an image, including running xsane on a remote machine. However, there's a major glitch: the Epson CX4800 has three USB functions, the printer, a memory card reader, and the scanner. If any of these are in use, the sane daemon fails to connect to the scanner interface. I obtained a fairly recent version of the Epson (Epkowa) software, pips-scx4700-cups-2.6.3-1.i386.rpm, and configured printing and scanning to work through it. That took care of the USB access conflict. Scanning is now operational.
When Jacinth is put into production these actions will be needed [all finished]:
I'm going to swap the IP addresses of Fafnir and Jacinth, to avoid having to monkey with hardwired IP addresses, e.g. for the default route and DNS servers, on the Windows machines. This needs to be done on Fafnir and Jacinth in their own fixed IP configurations, in DNS, and in /etc/hosts.
The DNS configuration for the local zone and reverse maps have to be changed to add Jacinth as a NS, and as the master in the SOA record. Remember to update the serial numbers.
Kerberos configuration (/etc/krb5/krb5.conf.m4) has to be changed to list Jacinth as a KDC and as the master server.
NTP configuration needs to list Jacinth as a master server.
Jabberd v2.0s11 is said to be very old. Investigate newer versions, specifically ejabberd.
xntpd contingency: should not start until network is up. More than one script calls ntpdate, find and dispose of the two earlier ones. One of these is /etc/init.d/network. Also if any network interface is taken down (as when I'm debugging the wireless LAN), /etc/init.d/network takes down ntpd, hiss, boo! This deserves a bug report.
Does userspace use the crypto engine by default? Can this be configured? [No, and no.] I can find no reference to a SSL engine driver for the AMD Geode. Hiss, boo. But see this discussion of AMD's driver; it should not be too difficult to create a SSL engine library.
I've been using OpenVPN, but I should revive IPSEC; ipsec.conf will have to be re-created.
Wireless: I need to either get a NIC for the available drivers, or a driver for the available NIC.
Finished items:
Make sure the Windows workstation can print on Jacinth. [Yes it can.]
Speed benchmarks, specifically floating point. [done, benchmark here]
Compare all boot files and propagate hacks. [done]
Check/compare auth files, install missing PAM modules. [done]
krb-incr seems to have stopped working at least on jacinth. [fixed.]
Why are we using /sbin/dhcpcd and not dhclient? Because /etc/sysconfig/dhcp said so. [fixed.]
Add CPUFREQ=no to kernel command line. [done] The AMD Geode does not have CPU clock modulation; it always runs at full speed.
Check that log rotation is happening. [yes it is]
After server switch, Jacinth's NTP will not send out time service.
If eth1 is down at boot (which it always is), peers at Mathnet are
deleted. [Fixed by adding dynamic
option to server line.]
Jacinth is sending out answers just fine; the problem was that Xena
did not trust Jacinth as a master. [Fixed.]
Need to make a fancy /etc/issue and /etc/issue.net. [done]
Postfix is complaining about something at startup. [Fixed myhostname=fafnir, should be jacinth.]
The jabberd log file is not getting rotated, /var/lib/jabberd/db/log.0000000001 [also not getting created, with sqlite, so this is fixed.]
Check that xinetd is working. [Yes.]
Check if fam can be started by xinetd. [No.] In SuSE 10.1 and 10.2 there was a protocol disagreement causing an infinite loop of starting fam, and apparently this problem is still present.
Kerberos script -- Decision on server class must be made after m4 runs. Verify that krb-incr (incremental propagation) is actually being run -- yes it is (after permission fixes).
Verify that the hack packet reporting script works properly. It does now.
/etc/init.d/network calls SuSEfirewall2, but I have my own firewall. The startup script prints an annoying error message and exits. Ignore it.
Activate Disc Power Saving for Laptops
on Jacinth. It's not
a laptop but it has similar issues. [Done.]
| What is it? | Justify | Functions | On Desktop | Details | Installation | Top |