Differences between revisions 13 and 14
Revision 13 as of 2009-11-11 23:08:57
Size: 14880
Editor: HolgerLevsen
Comment:
Revision 14 as of 2009-11-11 23:09:59
Size: 14880
Editor: HolgerLevsen
Comment:
No differences found!

HowTos for general administration

The Getting Started and DebianEdu/Documentation/Lenny/Maintainance chapters describe how to get started with Debian Edu and how to do the basic maintainance work. The howtos in this chapter are already "advanced" tipps and tricks.

Tracking /etc/ using the svk version control system

With the introduction of the debian-edu-etc-svk script in Debian Edu, all files in /etc/ are tracked using svk as a version control system. This make it possible to see when a file added, changed and removed, as well as what was changed if the file is a text file. The svk repository is stored in ~root/.svk/.

This feature is activated automatically in the Etch and Lenny based versions of Debian Edu, and all changes done during installation are registered. Changes in /etc/ are commited every hour.

List of useful commands:

 debian-edu-etc-svk diff
 debian-edu-etc-svk log
 debian-edu-etc-svk status
 debian-edu-etc-svk commit
 debian-edu-etc-svk ignore

Usage examples

In a freshly installed system try this to see all changes done since the system was installed:

debian-edu-etc-svk diff -r6 | less

To see the list of changes done in /etc/, use this command:

debian-edu-etc-svk log | less

Here check revision numbers by date and time, Then to see all changes done since revision N say:

debian-edu-etc-svk diff -rN | less

To see the changes done to a specific file between specific revisions, specify the file and both revisions:

debian-edu-etc-svk diff -r46 -r64 /etc/resolv.conf | less

To revert a change, use the diff command to look at the change, and edit the file to undo the change, or use a command like this to do it automatically:

( cd /etc && debian-edu-etc-svk diff -r6 /etc/resolv.conf | patch -p1 -R )

To manually commit a file, because you don't want to wait up to an hour:

debian-edu-etc-svk commit /etc/resolv.conf

If you don't want a specific file to be tracked in svk, you can tell to ignore it. But this is rarely useful :)

debian-edu-etc-svk ignore /etc/path/to/file/to/be/ignored

For those who upgraded from sarge/woody

/etc in svk was introduced with the etch based release of Debian Edu. If you installed your system prior to this, you need to initialize svk once with the following command run as root:

debian-edu-etc-svk init

This adds all files in /etc to svk and also activates the hourly commit cronjob.

Resizing Partitions

Most partitions in Debian Edu are logical LVM volumes. Only the /boot/ partition is not. With the Debian/Etch release of Debian Edu, it is possible to extend partitions while they are mounted. This is a feature of the Linux kernel since version 2.6.10. Shrinking partitions still need to happen while the partition is unmounted.

It is a good idea to avoid creating very large partitions, as large partitions will take a long time to restore from backup if the need should arise, and file system check take a very long time for large partitions. A good limit can be 20 GiB. It is better, if possible, to create several smaller partitions than one very large one.

To make it easier to extend full partitions, the debian-edu-fsautoresize script is provided. When invoked, it reads the configuration from /usr/share/debian-edu-config/fsautoresizetab, /site/etc/fsautoresizetab and /etc/fsautoresizetab, and based on the rules provided in these files propose to extend partitions with too little free space. Without any arguments, it will only write the commands needed to extend the file system, and the argument -n is needed to actually extend the file systems.

Logical Volumne Management

Logical Volumne Management (LVM) enables resizing the partitions while they are mounted and in use. You can learn more about LVM in the LVM HowTo.

To extend a logical volume manually you simply tell the lvextend command how large you want it to grow to.

For example, to extend home0 to 30GB you use the following commands:

lvextend -L30G /dev/vg_system/skole+tjener+home0
resize2fs /dev/vg_system/skole+tjener+home0

Using volatile.debian.org

Since volatile.debian.org is a relativly new service, introduced with Debian Etch, it's not enabled on default installations. FIXME: check if volatile is enabled on new installs automatically

What is debian-volatile?

Quoting from the webpage:

FIXME: isnt volatile enabled by default nowadays? Please confirm.

  • Some packages aim at fast moving targets, such as spam filtering and virus scanning, and even when using updated data patterns, they do not really work for the full time of a stable release. The main goal of volatile is allowing system administrators to update their systems in a nice, consistent way, without getting the drawbacks of using unstable, even without getting the drawbacks for the selected packages. So debian-volatile will only contain changes to stable programs that are necessary to keep them functional.

How to use volatile

Since the volatile archive key is included in the debian-archive-keyring package, which is installed by default, you do not have to add this key manually to roots keyring anymore. Just add the following line to /etc/apt/sources.list:

deb http://volatile.debian.org/debian-volatile lenny/volatile main

And run aptitude update && aptitude upgrade.

Using backports.org to install newer software

You are running Debian Edu, because you prefer the stability of Debian Edu. It runs great, there is just one problem: sometimes software is a little bit more outdated as you like. This is where backports.org steps in.

Backports are recompiled packages from Debian testing (mostly) and Debian unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever it is possible) on a stable Debian distribution like Debian Edu. We recommend you to pick out single backports which fits your needs, and not to use all backports available there. Please follow the instructions on http://www.backports.org to use these backports.

You will need to add the backports.org archive key to root's gpg keyring, so that apt can use this repository securily. This is done by running these commands as root:

# install the debian-keyring securily:
aptitude install debian-keyring
# fetch the backports.org key insecurily:
gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 16BA136C
# check securily if the key is correct and add it the keyring used by apt if it is:
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs 16BA136C && gpg --export 16BA136C | apt-key add -
# add backports.org repo to /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
# update the list of available packages:
aptitude update

Then you can either use aptitude -t lenny-backports install <packagename> to install or update packages once, or you can configure a package to be always installed from backports.org though /etc/apt/preferences which is described in the instructions on backports.org.

The second variant has the advantage, that updates to backports are installed automatically when they are available. With the first variant you need to update manually.

JAVA from Sun

/!\ FIXME: Should we recommend openjdk-6-* from main instead documenting sun-java6-jre? Not sure if a plugin is available...

To install JAVA from Sun run this command:

apt-get install sun-java6-plugin sun-java6-jre sun-java6-fonts

Creating folders in the home directories of all users

With this script the administrator can create a folder in each users home directory and set access permissions and ownership.

In the example shown below with group=teachers and permissions=2770 a user can hand in an assignment by saving the file to the folder "assignments" where teachers are given write access to be able to make comments.

home_path="/skole/tjener/home0";
 shared_folder="assignments";
 permissions="2770";
 created_dir=0;
        for home in $(ls $home_path);do
        . if [ ! -d "$home_path/$home/$shared_folder" ]; then
        . mkdir $home_path/$home/$shared_folder
        chmod $permissions $home_path/$home/$shared_folder
. #set the right owner and group
  #"username" = "group name" = "folder name"
        user=$home
        group=teachers
        chown $user:$group $home_path/$home/$shared_folder
        ((created_dir+=1))
 else
  . echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
 . fi
done
echo "$created_dir folders has been created"

Easy access to USB and CDROM

When users insert a usb or cdrom into a ?ThinClient there is no popup window like they are used to from their usual Desktop. Instead they have to browse to the /media/$user folder. This is too difficult for non experienced users.

With the following script the symlink "Media" is created for all users in the home folder for easy access to USB-keys, CDROM or whatever media is connected to the thin client.

home_path="/skole/tjener/home0"; shared_folder="Media"; permissions="775"; created_dir=0;
for home in $(ls $home_path); do
  if [ ! -d "$home_path/$home/$shared_folder" ]; then
    ln -s /media/$home $home_path/$home/$shared_folder ((created_dir+=1))
  else
    echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
  fi
done
echo "$created_dir folders has been created"

Automatic cleanup of left-over processes

killer is is a perl script that gets rid of background jobs. Background jobs are defined as processes that belong to users who are not currently logged into the machine. It's run by cron job once an hour.

/!\ Due to (551753) (also documented as http://bugs.skolelinux.org/show_bug.cgi?id=1373) killer should not be installed on thin-client servers when long usernames are used!

To install it run the following command as root:

 apt-get install killer

Automatic shutdown of machines during the night

It is possible to save energy and money by turning off client machines at night, and turn them automatically on in the morning.

There are some considerations to make when doing this:

  • The clients should not be shut down when someone is using them. This is done by checking the output from who, and as a special case, checking for the LDM ssh connection command to work with LTSP thin clients.

  • To avoid breaking electrical fuses, it is a good idea to make sure all clients do not start at the same time.
  • There are two different methods available to wake up clients. One
    • uses a BIOS feature and require a working and correct hardware clock, as well as a motherboard and BIOS version supported by

      nvram-wakeup, The other require a server with knowledge about all the clients to wake up and for all the clients to have support for wake-on-lan.

How to set it up

On clients that should turn off at night, touch /etc/shutdown-at-night/shutdown-at-night, or add the hostname (ie the output from 'uname -n' on the client) to the netgroup "shutdown-at-night-hosts". The clients might need to have wake-on-lan configured in the BIOS. It is also important that the switches and routers used between the wake-on-lan server and the clients will pass the WOL packages to the clients even if the clients are turned off. Some switches fail to pass on packages to clients that are missing in the ARP table on the switch, and this block the WOL packages.

To enable wake-on-lan on the server, add the clients to /etc/shutdown-at-night/clients, with one line per client, IP address first, and MAC address (ethernet address) next, with space between them, or create a script /etc/shutdown-at-night/clients-generator to generate the list of clients on the fly.

Here is an example /etc/shutdown-at-night/clients-generator for use with sitesummary:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  sitesummary-nodes -w

An alternative if the netgroup is used to activate shutdown-at-night on clients is this script using the netgroup tool from the ng-utils package:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  netgroup -h shutdown-at-night-hosts

/!\ This text was originally taken from README.

Access to skolelinux server from outside a firewall

A boot script open-backdoor is provided in the debian-edu-config package to "break out" from behind a firewall. It is useful for system administrators responsible for several Debian Edu installations. It set up an SSH tunnel to another machine, allowing ssh login from the outside of the firewall.

To enable it, create a ssh key without a password, create a user on a remote host to use for ssh login, copy the public key into ~/.ssh/authorized_keys for the remote user used for and specify the login information in /etc/default/backdoor.

Content of /etc/default/backdoor should be similar to this:

RHOST=admin.example.net
RPORT=1234
RUSER=backdoor

FIXME: paragraph about access from outside need to be completed and tested.

Installing single service machines for spreading the load from main-server

FIXME: this is so generic its almost useless

  • barebone install using debian-edu-expert
  • install the packages for the service
  • configure the service
  • disable the service on main-server
  • update DNS on main-server

HowTos from wiki.debian.org

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

CategoryPermalink