X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/a937a00163a435e54fe2df902dd9da7fbf31f872..0eae61fd9783f8eadf6d9848106c6d24fb9ff838:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 7b9e288b0c..5d6e2cf92f 100644 --- a/blog/index.html +++ b/blog/index.html @@ -19,6 +19,232 @@ +
+
Automatic upgrade testing from Lenny to Squeeze
+
2010-06-11 22:50
+
+

The last few days I have done some upgrade testing in Debian, to +see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs +have been discovered and reported in the process +(#585410 in nagios3-cgi, +#584879 already fixed in +enscript and #584861 in +kdebase-workspace-data), and to get a more regular testing going on, I +am working on a script to automate the test.

+ +

The idea is to create a Lenny chroot and use tasksel to install a +Gnome or KDE desktop installation inside the chroot before upgrading +it. To ensure no services are started in the chroot, a policy-rc.d +script is inserted. To make sure tasksel believe it is to install a +desktop on a laptop, the tasksel tests are replaced in the chroot +(only acceptable because this is a throw-away chroot).

+ +

A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade +currently always fail because udev refuses to upgrade with the kernel +in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade +is created. The bug report +#566000 make me suspect +this problem do not trigger in a chroot, but I touch the file anyway +to make sure the upgrade go well. Testing on virtual and real +hardware have failed me because of udev so far, and creating this file +do the trick in such settings anyway. This is a +known +issue and the current udev behaviour is intended by the udev +maintainer because he lack the resources to rewrite udev to keep +working with old kernels or something like that. I really wish the +udev upstream would keep udev backwards compatible, to avoid such +upgrade problem, but given that they fail to do so, I guess +documenting the way out of this mess is the best option we got for +Debian Squeeze.

+ +

Anyway, back to the task at hand, testing upgrades. This test +script, which I call upgrade-test for now, is doing the +trick:

+ +
+#!/bin/sh
+set -ex
+
+if [ "$1" ] ; then
+    desktop=$1
+else
+    desktop=gnome
+fi
+
+from=lenny
+to=squeeze
+
+exec < /dev/null
+unset LANG
+mirror=http://ftp.skolelinux.org/debian
+tmpdir=chroot-$from-upgrade-$to-$desktop
+fuser -mv .
+debootstrap $from $tmpdir $mirror
+chroot $tmpdir aptitude update
+cat > $tmpdir/usr/sbin/policy-rc.d <<EOF
+#!/bin/sh
+exit 101
+EOF
+chmod a+rx $tmpdir/usr/sbin/policy-rc.d
+exit_cleanup() {
+    umount $tmpdir/proc
+}
+mount -t proc proc $tmpdir/proc
+# Make sure proc is unmounted also on failure
+trap exit_cleanup EXIT INT
+
+chroot $tmpdir aptitude -y install debconf-utils
+
+# Make sure tasksel autoselection trigger.  It need the test scripts
+# to return the correct answers.
+echo tasksel tasksel/desktop multiselect $desktop | \
+    chroot $tmpdir debconf-set-selections
+
+# Include the desktop and laptop task
+for test in desktop laptop ; do
+    echo > $tmpdir/usr/lib/tasksel/tests/$test <<EOF
+#!/bin/sh
+exit 2
+EOF
+    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
+done
+
+DEBIAN_FRONTEND=noninteractive
+DEBIAN_PRIORITY=critical
+export DEBIAN_FRONTEND DEBIAN_PRIORITY
+chroot $tmpdir tasksel --new-install
+
+echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
+chroot $tmpdir aptitude update
+touch $tmpdir/etc/udev/kernel-upgrade
+chroot $tmpdir aptitude -y dist-upgrade
+fuser -mv
+
+ +

I suspect it would be useful to test upgrades with both apt-get and +with aptitude, but I have not had time to look at how they behave +differently so far. I hope to get a cron job running to do the test +regularly and post the result on the web. The Gnome upgrade currently +work, while the KDE upgrade fail because of the bug in +kdebase-workspace-data

+ +

I am not quite sure what kind of extract from the huge upgrade logs +(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog +post, so I will refrain from trying. I can report that for Gnome, +aptitude report 760 packages upgraded, 448 newly installed, 129 to +remove and 1 not upgraded and 1024MB need to be downloaded while for +KDE the same numbers are 702 packages upgraded, 507 newly installed, +193 to remove and 0 not upgraded and 1117MB need to be downloaded

+ +

I am very happy to notice that the Gnome desktop + laptop upgrade +is able to migrate to dependency based boot sequencing and parallel +booting without a hitch. Was unsure if there were still bugs with +packages failing to clean up their obsolete init.d script during +upgrades, and no such problem seem to affect the Gnome desktop+laptop +packages.

+
+
+ + + + Tags: bootsystem, debian, debian edu, english. + +
+
+
+ +
+
Skolelinux er laget for sentraldrifting, naturligvis
+
2010-06-09 12:30
+
+

Det er merkelig hvordan myter om Skolelinux overlever. En slik +myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte +tjenermaskiner. I siste Computerworld Norge er +IT-sjef +Viggo Billdal i Steinkjer intervjuet, og forteller uten +blygsel:

+ +

Vi hadde Skolelinux, men det har vi sluttet med. Vi testet +om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at +Microsoft egentlig var totalt sett bedre egnet. Det var store +driftskostnader med Skolelinux, blant annet på grunn av +desentraliserte servere. Det var komplisert, så vi gikk vekk fra det +og bruker nå bare Windows.

+ +

En rask +sjekk mot den norske brukerlista i Skolelinuxprosjektet forteller +at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole +i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen +overkjørte skolen og krevde at de gikk over til Windows. Et søk på +nettet sendte meg til +Dagens +IT nr. 18 2005 hvor en kan lese på side 18:

+ +

Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå +Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke +var så stor. ­ Jeg syntes Skolelinux var utrolig lett å drifte uten +forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse +til installasjoner og maskinvarefeil, sier Tømmerås.

+ +

Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet +over påstanden om at Skolelinux krever desentraliserte tjenere. +Skolelinux-arkitekturen er laget for sentralisert drift og plassering +av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet. +Den er modellert på nettverks- og tjenerløsningen som brukes på +Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av +driftstjenester. Dette er det heldigvis noen som har fått med seg, og +jeg er glad for å kunne sitere fra en kommentar på den overnevnte +artikkelen. Min venn og gamle kollega Sturle Sunde forteller der: + +

+

I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til +meir enn 500 elevar. Dei store skulane har eigen tenar, for det er +mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser +sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre +avhengige av eksterne linjer som er trege eller dyre. Dei minste +skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje +noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein +sentral tenar eller tenaren på ein større skule.

+ +

Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje +harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer +programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har +mykje meir CPU og RAM totalt enn nokon moderne tenar til under +millionen. Det trengst to kommandoar på den sentrale tenaren for å +oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen +problem med diskar som ryk heller, som var eit problem før fordi +elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i +nettet, so det er fullt mogleg å køyre slike på småskular med trege +linjer mot tenaren på ein større skule.

+ +

Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og +ein person som tek seg av drift av heile nettet, inkludert tenarar, +klientar, operativsystem, programvare, heimekontorløysing og +administrasjon av brukarar.

+ +

No skal det seiast at vi ikkje køyrer rein Skulelinux ut av +boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som +var der frå før, og som har komplisert installasjonen vår. Etter at +oppsettet var gjort har løysinga vore stabil og kravd minimalt med +arbeid.

+
+ +

Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux +sentraldriftes med sentrale tjenere. Det forteller meg at Steinkjers +IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle +minner.

+
+
+ + + + Tags: debian edu, norsk, nuug. + +
+
+
+
Upstart or sysvinit - as init.d scripts see it
2010-06-06 23:55
@@ -58,7 +284,7 @@ runlevel=S

The RUNLEVEL and PREVLEVEL environment variables passed on from -sysvinit is not set by upstart. Not sure if it is intentional or not +sysvinit are not set by upstart. Not sure if it is intentional or not to not be compatible with sysvinit in this regard.

For scripts needing to behave differently when upstart is used, @@ -69,7 +295,7 @@ choice.

- Tags: debian, debian edu, english. + Tags: bootsystem, debian, english.
@@ -197,7 +423,7 @@ but I am pretty sure that waiting for each other is not it.

- Tags: debian, debian edu, english. + Tags: bootsystem, debian, debian edu, english. @@ -251,7 +477,7 @@ list of usertagged bugs related to this.

- Tags: debian, debian edu, english. + Tags: bootsystem, debian, debian edu, english. @@ -382,113 +608,6 @@ ser jeg mye korrespondanse mellom påtrykk og magnetstripe.

-
-
Pieces of the roaming laptop puzzle in Debian
-
2010-05-19 19:00
-
-

Today, the last piece of the puzzle for roaming laptops in Debian -Edu finally entered the Debian archive. Today, the new -libpam-mklocaluser -package was accepted. Two days ago, two other pieces was accepted -into unstable. The -pam-python -package needed by libpam-mklocaluser, and the -sssd package -passed NEW on Monday. In addition, the -libpam-ccreds -package we need is in experimental (version 10-4) since Saturday, and -hopefully will be moved to unstable soon.

- -

This collection of packages allow for two different setups for -roaming laptops. The traditional setup would be using libpam-ccreds, -nscd and libpam-mklocaluser with LDAP or Kerberos authentication, -which should work out of the box if the configuration changes proposed -for nscd in BTS report -#485282 is implemented. The alternative setup is to use sssd with -libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take -care of the caching of passwords and group information.

- -

I have so far been unable to get sssd to work with the LDAP server -at the University, but suspect the issue is some SSL/GnuTLS related -problem with the server certificate. I plan to update the Debian -package to version 1.2, which is scheduled for next week, and hope to -find time to make sure the next release will include both the -Debian/Ubuntu specific patches. Upstream is friendly and responsive, -and I am sure we will find a good solution.

- -

The idea is to set up the roaming laptops to authenticate using -LDAP or Kerberos and create a local user with home directory in /home/ -when a usre in LDAP logs in via KDM or GDM for the first time, and -cache the password for offline checking, as well as caching group -memberhips and other relevant LDAP information. The -libpam-mklocaluser package was created to make sure the local home -directory is in /home/, instead of /site/server/directory/ which would -be the home directory if pam_mkhomedir was used. To avoid confusion -with support requests and configuration, we do not want local laptops -to have users in a path that is used for the same users home directory -on the home directory servers.

- -

One annoying problem with gdm is that it do not show the PAM -message passed to the user from libpam-mklocaluser when the local user -is created. Instead gdm simply reject the login with some generic -message. The message is shown in kdm, ssh and login, so I guess it is -a bug in gdm. Have not investigated if there is some other message -type that can be used instead to get gdm to also show the message.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

-
-
- - - - Tags: debian edu, english, nuug. - -
-
-
- -
-
Parallellized boot is now the default in Debian/unstable
-
2010-05-14 22:40
-
-

Since this evening, parallel booting is the default in -Debian/unstable for machines using dependency based boot sequencing. -Apparently the testing of concurrent booting has been wider than -expected, if I am to believe the -input -on debian-devel@, and I concluded a few days ago to move forward -with the feature this weekend, to give us some time to detect any -remaining problems before Squeeze is frozen. If serious problems are -detected, it is simple to change the default back to sequential boot. -The upload of the new sysvinit package also activate a new upstream -version.

- -More information about -dependency -based boot sequencing is available from the Debian wiki. It is -currently possible to disable parallel booting when one run into -problems caused by it, by adding this line to /etc/default/rcS:

- -
-CONCURRENCY=none
-
- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

-
-
- - - - Tags: debian, debian edu, english. - -
-
-
-

RSS feed