- <title>Third and probably last beta release of Debian Edu Wheezy</title>
- <link>http://people.skolelinux.org/pere/blog/Third_and_probably_last_beta_release_of_Debian_Edu_Wheezy.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Third_and_probably_last_beta_release_of_Debian_Edu_Wheezy.html</guid>
- <pubDate>Mon, 16 Sep 2013 21:30:00 +0200</pubDate>
- <description><p>The third wheezy based beta release of Debian Edu was wrapped up
-today. This is the release announcement from Holger Levsen:</p>
-
-<blockquote>
-<p>Hi,</p>
-
-<p>it is my pleasure to announce the third beta release (beta 2 for
-short) of <a href="http://www.skolelinux.org/">Debian Edu /
-Skolelinux</a> based on Debian Wheezy!</p>
-
-<p>Please test these images extensivly, if no new problems are found
-we plan to do this final Debian Edu Wheezy release this coming
-weekend. We are not aware of any major problems or blockers in beta2,
-if you find something, please notify us immediately!</p>
-
-<p>(More about the remaining steps for the Edu Wheezy release in
-another mail to the edu list tonight or tomorrow...)</p>
-
-<p>Noteworthy changes and software updates for Debian Edu 7.1+edu0~b2
-compared to beta1:</p>
-
-<ul>
-
-<li>The KDE proxy setup has been adjusted to use the provided wpad.dat. This
-also gets Chromium to use this proxy.</li>
-<li>Install kdepim-groupware with KDE desktops to make sure korganizer
-understand ical/dav sources.</li>
-<li>Increased default maximum size of /var/spool/squid and /skole/backup on the
-main server.</li>
-<li>A source DVD image containing all source packages is now available as well.</li>
-<li>Updates for chromium (29.0.1547.57-1~deb7u1), imagemagick
-(6.7.7.10-5+deb7u2), php5 (5.4.4-14+deb7u4), libmodplug
-(0.8.8.4-3+deb7u1+git20130828), tiff (4.0.2-6+deb7u2), linux-image
-(3.2.0-4-486_3.2.46-1+deb7u1).</li>
-
-</ul>
-
-<p>Where to get it:</p>
-
-<p>To download the multiarch netinstall CD release you can use</p>
-
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso .</li>
-</ul>
-
-<p>The SHA1SUM of this image is: 3a1c89f4666df80eebcd46c5bf5fedb866f9472f</p>
-
-<p>To download the multiarch USB stick ISO release you can use
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso">ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso">http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso .</li>
-</ul>
-
-<p>The SHA1SUM of this image is: 702d1718548f401c74bfa6df9f032cc3ee16597e</p>
-
-<p>The Source DVD image has the filename
-debian-edu-7.1+edu0~b2-source-DVD.iso and the SHA1SUM
-089eed8b3f962db47aae1f6a9685e9bb2fa30ca5 and is available the same way
-as the other isos.</p>
-
-<p>How to report bugs</p>
-
-<p>For information how to report bugs please see
-<br><a href="http://wiki.debian.org/DebianEdu/HowTo/ReportBugs">http://wiki.debian.org/DebianEdu/HowTo/ReportBugs</a></p>
-
-
-<p>About Debian Edu and Skolelinux</p>
-
-<p>Debian Edu, also known as Skolelinux, is a Linux distribution based
-on Debian providing an out-of-the box environment of a completely
-configured school network. Immediately after installation a school
-server running all services needed for a school network is set up just
-waiting for users and machines being added via GOsa², a comfortable
-Web-UI. A netbooting environment is prepared using PXE, so after
-initial installation of the main server from CD or USB stick all other
-machines can be installed via the network. The provided school server
-provides LDAP database and Kerberos authentication service,
-centralized home directories, DHCP server, web proxy and many other
-services. The desktop contains more than 60 educational software
-packages and more are available from the Debian archive, and schools
-can choose between KDE, Gnome, LXDE and Xfce desktop environment.</p>
-
-<p>This is the seventh test release based on Debian Wheezy. Basically
-this is an updated and slightly improved version compared to the
-Squeeze release.</p>
-
-<p>Notes for upgrades from Alpha Prereleases</p>
-
-<p>Alpha based installations should reinstall or downgrade the
-versions of gosa and libpam-mklocaluser to the ones used in this beta
-release. Both alpha and beta0 based installations should reinstall or
-deal with gosa.conf manually; there are two options: (1) Keep
-gosa.conf and edit this file as outlined on the mailing list. (2)
-Accept the new version of gosa.conf and replace both contained admin
-password placeholders with the password hashes found in the old one
-(backup copy!). In both cases all users need to change their password
-to make sure a password is set for CIFS access to their home
-directory.</p>
-
-
-<p>cheers,
-<br> Holger</p>
-</blockquote>
-</description>
- </item>
-
- <item>
- <title>Recipe to test the Freedombox project on amd64 or Raspberry Pi</title>
- <link>http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</guid>
- <pubDate>Tue, 10 Sep 2013 14:20:00 +0200</pubDate>
- <description><p>I was introduced to the
-<a href="http://www.freedomboxfoundation.org/">Freedombox project</a>
-in 2010, when Eben Moglen presented his vision about serving the need
-of non-technical people to keep their personal information private and
-within the legal protection of their own homes. The idea is to give
-people back the power over their network and machines, and return
-Internet back to its intended peer-to-peer architecture. Instead of
-depending on a central service, the Freedombox will give everyone
-control over their own basic infrastructure.</p>
-
-<p>I've intended to join the effort since then, but other tasks have
-taken priority. But this summers nasty news about the misuse of trust
-and privilege exercised by the "western" intelligence gathering
-communities increased my eagerness to contribute to a point where I
-actually started working on the project a while back.</p>
-
-<p>The <a href="https://alioth.debian.org/projects/freedombox/">initial
-Debian initiative</a> based on the vision from Eben Moglen, is to
-create a simple and cheap Debian based appliance that anyone can hook
-up in their home and get access to secure and private services and
-communication. The initial deployment platform have been the
-<a href="http://www.globalscaletechnologies.com/t-dreamplugdetails.aspx">Dreamplug</a>,
-which is a piece of hardware I do not own. So to be able to test what
-the current Freedombox setup look like, I had to come up with a way to install
-it on some hardware I do have access to. I have rewritten the
-<a href="https://github.com/NickDaly/freedom-maker">freedom-maker</a>
-image build framework to use .deb packages instead of only copying
-setup into the boot images, and thanks to this rewrite I am able to
-set up any machine supported by Debian Wheezy as a Freedombox, using
-the previously mentioned deb (and a few support debs for packages
-missing in Debian).</p>
-
-<p>The current Freedombox setup consist of a set of bootstrapping
-scripts
-(<a href="https://github.com/petterreinholdtsen/freedombox-setup">freedombox-setup</a>),
-and a administrative web interface
-(<a href="https://github.com/NickDaly/Plinth">plinth</a> + exmachina +
-withsqlite), as well as a privacy enhancing proxy based on
-<a href="http://packages.qa.debian.org/privoxy">privoxy</a>
-(freedombox-privoxy). There is also a web/javascript based XMPP
-client (<a href="http://packages.qa.debian.org/jwchat">jwchat</a>)
-trying (unsuccessfully so far) to talk to the XMPP server
-(<a href="http://packages.qa.debian.org/ejabberd">ejabberd</a>). The
-web interface is pluggable, and the goal is to use it to enable OpenID
-services, mesh network connectivity, use of TOR, etc, etc. Not much of
-this is really working yet, see
-<a href="https://github.com/NickDaly/freedombox-todos/blob/master/TODO">the
-project TODO</a> for links to GIT repositories. Most of the code is
-on github at the moment. The HTTP proxy is operational out of the
-box, and the admin web interface can be used to add/remove plinth
-users. I've not been able to do anything else with it so far, but
-know there are several branches spread around github and other places
-with lots of half baked features.</p>
-
-<p>Anyway, if you want to have a look at the current state, the
-following recipes should work to give you a test machine to poke
-at.</p>
-
-<p><strong>Debian Wheezy amd64</strong></p>
-
-<ol>
-
-<li>Fetch normal Debian Wheezy installation ISO.</li>
-<li>Boot from it, either as CD or USB stick.</li>
-<li><p>Press [tab] on the boot prompt and add this as a boot argument
-to the Debian installer:<p>
-<pre>url=<a href="http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat">http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat</a></pre></li>
-
-<li>Answer the few language/region/password questions and pick disk to
-install on.</li>
-
-<li>When the installation is finished and the machine have rebooted a
-few times, your Freedombox is ready for testing.</li>
-
-</ol>
-
-<p><strong>Raspberry Pi Raspbian</strong></p>
-
-<ol>
-
-<li>Fetch a Raspbian SD card image, create SD card.</li>
-<li>Boot from SD card, extend file system to fill the card completely.</li>
-<li><p>Log in and add this to /etc/sources.list:</p>
-<pre>
-deb <a href="http://www.reinholdtsen.name/freedombox/">http://www.reinholdtsen.name/freedombox</a> wheezy main
-</pre></li>
-<li><p>Run this as root:</p>
-<pre>
-wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
- apt-key add -
-apt-get update
-apt-get install freedombox-setup
-/usr/lib/freedombox/setup
-</pre></li>
-<li>Reboot into your freshly created Freedombox.</li>
-
-</ol>
-
-<p>You can test it on other architectures too, but because the
-freedombox-privoxy package is binary, it will only work as intended on
-the architectures where I have had time to build the binary and put it
-in my APT repository. But do not let this stop you. It is only a
-short "<tt>apt-get source -b freedombox-privoxy</tt>" away. :)</p>
-
-<p>Note that by default Freedombox is a DHCP server on the
-192.168.1.0/24 subnet, so if this is your subnet be careful and turn
-off the DHCP server by running "<tt>update-rc.d isc-dhcp-server
-disable</tt>" as root.</p>
-
-<p>Please let me know if this works for you, or if you have any
-problems. We gather on the IRC channel
-<a href="irc://irc.debian.org:6667/%23freedombox">#freedombox</a> on
-irc.debian.org and the
-<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss">project
-mailing list</a>.</p>
-
-<p>Once you get your freedombox operational, you can visit
-<tt>http://your-host-name:8001/</tt> to see the state of the plint
-welcome screen (dead end - do not be surprised if you are unable to
-get past it), and next visit <tt>http://your-host-name:8001/help/</tt>
-to look at the rest of plinth. The default user is 'admin' and the
-default password is 'secret'.</p>
+ <title>How to add extra storage servers in Debian Edu / Skolelinux</title>
+ <link>http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</guid>
+ <pubDate>Wed, 12 Mar 2014 12:50:00 +0100</pubDate>
+ <description><p>On larger sites, it is useful to use a dedicated storage server for
+storing user home directories and data. The design for handling this
+in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is
+to update the automount rules in LDAP and let the automount daemon on
+the clients take care of the rest. I was reminded about the need to
+document this better when one of the customers of
+<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am
+on the board of directors, asked about how to do this. The steps to
+get this working are the following:</p>
+
+<p><ol>
+
+<li>Add new storage server in DNS. I use nas-server.intern as the
+example host here.</li>
+
+<li>Add automoun LDAP information about this server in LDAP, to allow
+all clients to automatically mount it on reqeust.</li>
+
+<li>Add the relevant entries in tjener.intern:/etc/fstab, because
+tjener.intern do not use automount to avoid mounting loops.</li>
+
+</ol></p>
+
+<p>DNS entries are added in GOsa², and not described here. Follow the
+<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
+in the manual</a> (Machine Management with GOsa² in section Getting
+started).</p>
+
+<p>Ensure that the NFS export points on the server are exported to the
+relevant subnets or machines:</p>
+
+<p><blockquote><pre>
+root@tjener:~# showmount -e nas-server
+Export list for nas-server:
+/storage 10.0.0.0/8
+root@tjener:~#
+</pre></blockquote></p>
+
+<p>Here everything on the backbone network is granted access to the
+/storage export. With NFSv3 it is slightly better to limit it to
+netgroup membership or single IP addresses to have some limits on the
+NFS access.</p>
+
+<p>The next step is to update LDAP. This can not be done using GOsa²,
+because it lack a module for automount. Instead, use ldapvi and add
+the required LDAP objects using an editor.</p>
+
+<p><blockquote><pre>
+ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+</pre></blockquote></p>
+
+<p>When the editor show up, add the following LDAP objects at the
+bottom of the document. The "/&" part in the last LDAP object is a
+wild card matching everything the nas-server exports, removing the
+need to list individual mount points in LDAP.</p>
+
+<p><blockquote><pre>
+add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: nas-server
+automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+
+add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: automountMap
+ou: auto.nas-server
+
+add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: /
+automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+</pre></blockquote></p>
+
+<p>The last step to remember is to mount the relevant mount points in
+tjener.intern by adding them to /etc/fstab, creating the mount
+directories using mkdir and running "mount -a" to mount them.</p>
+
+<p>When this is done, your users should be able to access the files on
+the storage server directly by just visiting the
+/tjener/nas-server/storage/ directory using any application on any
+workstation, LTSP client or LTSP server.</p>
projects / homepage.git / blobdiff