HowTos for general administration

The Getting Started and DebianEdu/Documentation/Lenny/Maintainance chapters describe how to get started with Debian Edu and how to do the basic maintainance work. The howtos in this chapter have some more "advanced" tips and tricks.

Configuration history: tracking /etc/ using the svk version control system

With the introduction of the etcinsvk script in Debian Edu, all files in /etc/ are tracked using svk as a version control system.

This makes it possible to see when a file is added, changed and removed, as well as what was changed if the file is a text file. The svk repository is stored in ~root/.svk/. Every hour any changes are automatically recorded, allowing configuration history to be extracted and reviewed.

To look at the history, the command etcinsvk log is used. To check the differences between two points in time, a command like etcinsvk diff -r6:8 can be used. The numbers 6 and 8 here represent revision numbers, which can be found by using etcinsvk log. See below for some examples.

See the output of etcinsvk --help for verbose information.

List of useful commands:

etcinsvk diff
etcinsvk log
etcinsvk status
etcinsvk commit
etcinsvk ignore

Usage examples

In a freshly installed system try this to see all changes done since the system was installed:

etcinsvk diff -r6 | less

To see the list of changes done in /etc/, use this command:

etcinsvk log | less

Here check revision numbers by date and time. To see all changes done since revision N say:

etcinsvk diff -rN | less

To see the changes done to a specific file between specific revisions, specify the file and both revisions:

etcinsvk diff -r46 -r64 /etc/resolv.conf | less

To revert a change, use the diff command to look at the change, and edit the file to undo the change, or use a command like this to do it automatically:

( cd /etc && etcinsvk diff -r6 /etc/resolv.conf | patch -p0 -R )

To manually commit a file, because you don't want to wait up to an hour:

etcinsvk commit /etc/resolv.conf

If you don't want a specific file to be tracked in svk, you can tell to ignore it. But this is rarely useful :)

etcinsvk ignore /etc/path/to/file/to/be/ignored

For those who upgraded from Etch

debian-edu-etc-svk was moved to a separate package and renamed to etcinsvk for Lenny. Those used to using debian-edu-etc-svk should start to use etcinsvk instead.

Resizing Partitions

Most partitions in Debian Edu are logical LVM volumes. Only the /boot/ partition is not. With the Debian/Etch release of Debian Edu, it is possible to extend partitions while they are mounted. This is a feature of the Linux kernel since version 2.6.10. Shrinking partitions still need to happen while the partition is unmounted.

It is a good idea to avoid creating very large partitions, as large partitions will take a long time to restore from backup if the need should arise, and file system checks take a very long time for large partitions. A good limit can be 20 GiB. It is better, if possible, to create several smaller partitions than one very large one.

To make it easier to extend full partitions, the debian-edu-fsautoresize script is provided. When invoked, it reads the configuration from /usr/share/debian-edu-config/fsautoresizetab, /site/etc/fsautoresizetab and /etc/fsautoresizetab. It proposes to extend partitions with too little free space based on the rules provided in these files. Without any arguments, it will only show the commands needed to extend the file system. The argument -n is needed to actually execute this commands to extend the file systems.

The script is executed automatically every hour on every client listed in the fsautoresize-hosts netgroup.

When resizing the partition used by the Squid proxy, the cache size in etc/squid/squid.conf need to be updated as well. The helper script /usr/share/debian-edu-config/tools/squid-update-cachedir is provided to do this automatically, checking the current partition size of /var/spool/squid/ and configuring Squid to use 80% of this as its cache size.

Logical Volume Management

Logical Volume Management (LVM) enables resizing the partitions while they are mounted and in use. You can learn more about LVM in the LVM HowTo.

To extend a logical volume manually you simply tell the lvextend command how large you want it to grow to. For example, to extend home0 to 30GB you use the following commands:

lvextend -L30G /dev/vg_system/skole+tjener+home0
resize2fs /dev/vg_system/skole+tjener+home0

To extend home0 by 30G, you insert a '+' (-L+30G)

Using ldapvi

ldapvi is a tool to edit the LDAP database with a normal text editor on the commandline.

The following needs to be executed:

ldapvi --host ldap -ZZ --bind simple --tls allow -D 'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no'

Then make your changes, safe and quit the editor. That's it!

Alternatively, to save key-strokes try:

ldapvi --ldap-conf -ZD '(cn=admin)'

Note: ldapvi will use whatever is the default editor. By executing export EDITOR=vim in the shell prompt one can configure the environment to get a vi clone as editor.

/!\ Warning: ldapvi is a very powerful tool. Be careful and don't mess up the LDAP database.

luma, an LDAP GUI

If you prefer a GUI to work with the LDAP database, check out the luma package.

Using volatile.debian.org

What is debian-volatile?

Quoting from the webpage:

How to use volatile

Since the Lenny release, the volatile archive is enabled and used by default.

Using backports.debian.org to install newer software

You are running Debian Edu, because you prefer the stability of Debian Edu. It runs great, there is just one problem: Sometimes software is a little bit more outdated as you like. This is where backports.debian.org steps in.

Backports are recompiled packages from Debian testing (mostly) and Debian unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever this is possible) on a stable Debian distribution like Debian Edu. We recommend you to pick out single backports which fits your needs, and not to use all backports available there.

Using backports.debian.org is simple:

echo "deb http://backports.debian.org/debian-backports lenny-backports main contrib non-free" >> /etc/apt/sources.list
apt-get update

Then you can either use aptitude -t lenny-backports install <packagename> to install or update packages once, or you can configure a package to be always installed from backports.debian.org though /etc/apt/preferences.

The latter is described in the instructions on backports.org and has the advantage, that updates to backports are installed automatically when they are available. With the first variant you need to update manually.

Upgrading with a CD or DVD ROM

If you want to upgrade from one version to another (for example from Lenny 5.0.4 to 5.0.6) but you do not have Internet connectivity, only a physical media, follow these steps:

Insert the CD/DVD-ROM in the drive, mount it and use apt-cdrom command:

mount /cdrom
apt-cdrom add -m

Quoting from apt-cdrom(8) man page:

Then run these two commands to upgrade the system:

apt-get update
apt-get upgrade

Java

running standalone Java applications

Standalone Java applications are supported out of the box by the OpenJDK Java runtime.

running Java applications in the webbrowser

The version of the OpenJDK Java runtime available in Debian Edu Lenny does not support to run Java applications in the webbrowser, this will be fixed in the next release. On Lenny, the non-free (but freely available) Java from Sun needs to be installed.

To install Java from Sun you need to edit the /etc/apt/sources.list first to make sure it will install packages from non-free. There needs to be a line like this:

deb http://ftp.debian.org/debian/ lenny main contrib non-free

Then do:

# apt-get update

Now you are ready to run this command:

# apt-get install sun-java6-plugin sun-java6-jre sun-java6-fonts

Creating folders in the home directories of all users

With this script the administrator can create a folder in each users home directory and set access permissions and ownership.

In the example shown below with group=teachers and permissions=2770 a user can hand in an assignment by saving the file to the folder "assignments" where teachers are given write access to be able to make comments.

home_path="/skole/tjener/home0";
 shared_folder="assignments";
 permissions="2770";
 created_dir=0;
        for home in $(ls $home_path);do
          if [ ! -d "$home_path/$home/$shared_folder" ]; then
          mkdir $home_path/$home/$shared_folder
        chmod $permissions $home_path/$home/$shared_folder
  #set the right owner and group
  #"username" = "group name" = "folder name"
        user=$home
        group=teachers
        chown $user:$group $home_path/$home/$shared_folder
        ((created_dir+=1))
 else
    echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
   fi
done
echo "$created_dir folders has been created"

Easy access to USB drives and CDROMs/DVDs

When users insert a USB drive or DVD/CDROM into a (diskless) workstation, there is a popup windows asking what to do with it, just like in any other normal installation.

When users insert a USB drive or DVD/CDROM into a thin client there is no popup window like they are used to from their usual Desktop. Instead it is automatically mounted and they have to browse to the /media/$user folder to access it.. This is quite difficult for many non experienced users.

With the following script the symlink "Media" is created for all users in the home folder for easy access to USB drives, CDROMs or whatever media is connected to the thin client.

home_path="/skole/tjener/home0"; shared_folder="Media"; permissions="775"; created_dir=0;
for home in $(ls $home_path); do
  if [ ! -d "$home_path/$home/$shared_folder" ]; then
    ln -s /media/$home $home_path/$home/$shared_folder ((created_dir+=1))
  else
    echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
  fi
done
echo "$created_dir folders has been created"

A warning about removable media on LTSP servers

/!\ Warning: When inserted into a LTSP server USB drives and other removable media cause popup messages on remote LTSP clients.

When a remote users acknowledges the popup or uses pmount from console, a remote user can even mount the removable devices and access the files.

This is being tracked as Debian Edu bug #1376.

Automatic cleanup of left-over processes

killer is is a perl script that gets rid of background jobs. Background jobs are defined as processes that belong to users who are not currently logged into the machine. It's run by cron job once an hour.

/!\ Due to 551753 (also documented as Debian Edu bug #1373) killer should not be installed on thin-client servers when long usernames are used!

To install it run the following command as root:

 apt-get install killer

Automatic shutdown of machines during the night

It is possible to save energy and money by turning off client machines at night, and turn them automatically on in the morning. The package will try to turn off the machine every hour on the hour from 16:00 in the afternoon, but not turn it off if the machine seems to have users. It will try to tell the bios to turn on the machine around 07:00 in the morning, and the main-server will try to turn on machines from 06:30 using wake-on-lan packages. These times can be changed in the crontabs of individual machines.

There are some considerations to make when doing this:

How to set up shutdown-at-night

On clients that should turn off at night, touch /etc/shutdown-at-night/shutdown-at-night, or add the hostname (ie the output from 'uname -n' on the client) to the netgroup "shutdown-at-night-hosts". Adding hosts to the netgroup in LDAP can be done using the lwat web tool. The clients might need to have wake-on-lan configured in the BIOS. It is also important that the switches and routers used between the wake-on-lan server and the clients will pass the WOL packages to the clients even if the clients are turned off. Some switches fail to pass on packages to clients that are missing in the ARP table on the switch, and this block the WOL packages.

To enable wake-on-lan on the server, add the clients to /etc/shutdown-at-night/clients, with one line per client, IP address first, and MAC address (ethernet address) next, with space between them, or create a script /etc/shutdown-at-night/clients-generator to generate the list of clients on the fly.

Here is an example /etc/shutdown-at-night/clients-generator for use with sitesummary:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  sitesummary-nodes -w

An alternative if the netgroup is used to activate shutdown-at-night on clients is this script using the netgroup tool from the ng-utils package:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  netgroup -h shutdown-at-night-hosts

/!\ This text was originally taken from this README.

Access to skolelinux server from outside a firewall

A boot script open-backdoor is provided in the debian-edu-config package to "break out" from behind a firewall. It is useful for system administrators responsible for several Debian Edu installations. It set up an SSH tunnel to another machine, allowing ssh login from the outside of the firewall.

To enable it, create a ssh key without a password, create a user on a remote host to use for ssh login, copy the public key into ~/.ssh/authorized_keys for the remote user used for and specify the login information in /etc/default/backdoor.

Content of /etc/default/backdoor should be similar to this:

RHOST=admin.example.net
RPORT=1234
RUSER=backdoor

FIXME: paragraph about access from outside need to be completed and tested.

Installing single service machines for spreading the load from main-server

FIXME: this is so generic its almost useless

Configuring the PXE menu

The PXE configuration is generated using the debian-edu-pxeinstall script. It allow some settings to be overriden by adding a file /etc/debian-edu/pxeinstall.conf with replacement values.

Configuring the PXE installation

The PXE installation option is by default available to anyone able to PXE boot a machine. To password protect the PXE installation options, a file /var/lib/tftpboot/menupassword.cfg can be created with content similar to this:

MENU PASSWD $4$NDk0OTUzNTQ1NTQ5$7d6KvAlVCJKRKcijtVSPfveuWPM$

The password hash should be replaced with a MD5 hash for the wanted password.

The PXE installation will inherit the language, keyboard layout and mirror settings from the settings used when installing the main-server, and the other questions will be asked during installation (profile, popcon participation, partitioning and root password). To avoid these questions, the file /etc/debian-edu/www/debian-edu-install.dat can be modified to provide preselected answers to debconf values. Some examples of available debconf values are already commented in /etc/debian-edu/www/debian-edu-install.dat. Your changes will be lost as soon as debian-edu-pxeinstall is used to recreate the PXE-installation environment. To append debconf values to /etc/debian-edu/www/debian-edu-install.dat during recreation with debian-edu-pxeinstall, add the file /etc/debian-edu/www/debian-edu-install.dat.local with your additional debconf values.

FIXME: Compare with DebianEdu/Documentation/Lenny/HowTo/NetworkClients and get rid of redundant information.

HowTos from wiki.debian.org

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

CategoryPermalink