Differences between revisions 4 and 8 (spanning 4 versions)
Revision 4 as of 2013-08-25 15:24:21
Size: 5156
Comment: Fits better because its more open to future enhancements
Revision 8 as of 2014-03-20 01:11:18
Size: 7925
Editor: HolgerLevsen
Comment: fix some spelling and formatting
Deletions are marked like this. Additions are marked like this.
Line 80: Line 80:
It is possible to have the default KDE file manager Dolphin showing up if KDE (or LDXE, if installed in parallel to KDE) is in use as desktop environment. To configure this, simply execute {{{/usr/share/debian-edu-config/ltspfs-mounter-kde enable}}} on the terminal server. (When using Gnome, device icons will be placed on the desktop allowing easy access). It is possible to have the default KDE "Plasma" file manager Dolphin showing up if KDE "Plasma" (or LDXE, if installed in parallel to KDE "Plasma") is in use as desktop environment. To configure this, simply execute {{{/usr/share/debian-edu-config/ltspfs-mounter-kde enable}}} on the terminal server. (When using GNOME, device icons will be placed on the desktop allowing easy access).
Line 109: Line 109:
== Use a dedicated storage server ==

Take these steps to set up a dedicated storage server for user home directories and possibly other data.
 
  * Add a new system of type server using GOsa² as outlined in the [[DebianEdu/Documentation/Wheezy/GettingStarted#Machine_Management_with_GOsa.2BALI- | Getting started]] chapter of this manual.

    This example uses 'nas-server.intern' as the server name.

    Once 'nas-server.intern' ist configured, check if the NFS export points on the new storage server are exported to the relevant
    subnets or machines:
    {{{
    root@tjener:~# showmount -e nas-server
    Export list for nas-server:
    /storage 10.0.0.0/8
    root@tjener:~#
    }}}
    Here everything on the backbone network is granted access to the /storage export. (This could be restricted to netgroup membership
    or single IP addresses to limit NFS access like it is done in the tjener:/etc/exports file.)

  * Add automount information about 'nas-server.intern' in LDAP to allow all clients to automatically mount the new export on request.

    This can't be done using GOsa², because a module for automount is missing. Instead, use ldapvi and add the required LDAP
    objects using an editor.

    {{{ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no}}}

    When the editor shows up, add the following LDAP objects at the bottom of the document. (The "/&" part in the last LDAP object is
    a wild card matching everything 'nas-server.intern' exports, removing the need to list individual mount points in LDAP.)

    {{{
    add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
    objectClass: automount
    cn: nas-server
    automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no

    add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
    objectClass: top
    objectClass: automountMap
    ou: auto.nas-server

    add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
    objectClass: automount
    cn: /
    automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
    }}}

  * Add the relevant entries in tjener.intern:/etc/fstab, because tjener.intern does not use automount to avoid mounting loops:

    Create the mount directories using {{{mkdir}}}, edit '/etc/fstab' as adequate and run {{{mount -a}}} to mount the new resources.

Now users should be able to access the files on 'nas-server.intern' directly by just visiting the '/tjener/nas-server/storage/' directory using any application on any workstation, LTSP client or LTSP server.

Advanced administration

In this chapter advanced administration tasks are described.

User Customisations with GOsa²

Create Users in Year Groups

In this example we want to create users in year groups, with common home directories for each group (home0/2014, home0/2015, etc.) We want to create the users by csv import.

(as root on Tjener)

  • Make the necessary year group directories

mkdir /skole/tjener/home0/2014

(as superuser in Gosa)

  • Department

Main menu: goto 'Directory structure', click the 'Students' department. The 'Base' field should show '/Students'. From the drop box 'Actions' choose 'Create'/'Department'. Fill in values for Name (2014) and Description fields (students graduating in 2014), leave the Base field as is (should be '/Students'). Save it clicking 'Ok'. Now the new department (2014) should show up below /Students. Click it.

  • Group

Choose 'Groups' from the main menu; 'Actions'/Create/Group. Enter group name (leave 'Base' as is, should be /Students/2014) and click the check box left of 'Samba group'. 'Ok' to save it.

  • Template

Choose 'users' from the main menu. Change to 'Students' in the Base field. An Entry 'NewStudent' should show up, click it. This is the 'students' template, not a real user. As you'll have to create such a template (to be able to use csv import for your structure) based on this one, notice all entries showing up in the Generic, POSIX and Samba tabs, maybe take screenshots. Now change to /Students/2014 in the Base field; choose Create/Template and start to fill in your desired values, first the Generic tab (add your new 2014 group under Group Membership, too), then add POSIX and Samba account.

  • Import users

Choose your new template when doing csv import; testing it with a few users recommended.

Other User Customisations

Creating folders in the home directories of all users

With this script the administrator can create a folder in each user's home directory and set access permissions and ownership.

In the example shown below with group=teachers and permissions=2770 a user can hand in an assignment by saving the file to the folder "assignments" where teachers are given write access to be able to make comments.

 #!/bin/bash
 home_path="/skole/tjener/home0"
 shared_folder="assignments"
 permissions="2770"
 created_dir=0
 for home in $(ls $home_path); do
    if [ ! -d "$home_path/$home/$shared_folder" ]; then
        mkdir $home_path/$home/$shared_folder
        chmod $permissions $home_path/$home/$shared_folder
        #set the right owner and group
        #"username" = "group name" = "folder name"
        user=$home
        group=teachers
        chown $user:$group $home_path/$home/$shared_folder
        ((created_dir+=1))
    else
        echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
    fi
 done
 echo "$created_dir folders have been created"

Easy access to USB drives and CDROMs/DVDs

When users insert a USB drive or a DVD / CDROM into a (diskless) workstation, a popup window appears asking what to do with it, just like in any other normal installation.

When users insert a USB drive or a DVD / CDROM into a thin client there is only a notify-window showing up for a few seconds. The media is automatically mounted and it is possible to access it browsing to the /media/$user folder. This is quite difficult for many non experienced users.

It is possible to have the default KDE "Plasma" file manager Dolphin showing up if KDE "Plasma" (or LDXE, if installed in parallel to KDE "Plasma") is in use as desktop environment. To configure this, simply execute /usr/share/debian-edu-config/ltspfs-mounter-kde enable on the terminal server. (When using GNOME, device icons will be placed on the desktop allowing easy access).

In addition the following script could be used to create the symlink "media" for all users in their home folder for easy access to USB drives, CDROM / DVD or whatever media is connected to the thin client. This might come in handy if users want to edit files directly on their plugged in media.

 #!/bin/bash
 home_path="/skole/tjener/home0"
 shared_folder="media"
 permissions="775"
 created_dir=0;
 for home in $(ls $home_path); do
    if [ ! -d "$home_path/$home/$shared_folder" ]; then
        ln -s /media/$home $home_path/$home/$shared_folder
        ((created_dir+=1))
    else
        echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
    fi
 done
 echo "$created_dir folders has been created"

A warning about removable media on LTSP servers

/!\ Warning: When inserted into an LTSP server USB drives and other removable media cause popup messages on remote LTSP clients.

If remote users acknowledge the popup or use pmount from the console, they can even mount the removable devices and access the files.

This is being tracked as Debian Edu bug #1376.

Use a dedicated storage server

Take these steps to set up a dedicated storage server for user home directories and possibly other data.

  • Add a new system of type server using GOsa² as outlined in the Getting started chapter of this manual.

    • This example uses 'nas-server.intern' as the server name. Once 'nas-server.intern' ist configured, check if the NFS export points on the new storage server are exported to the relevant subnets or machines:
          root@tjener:~# showmount -e nas-server
          Export list for nas-server:
          /storage         10.0.0.0/8
          root@tjener:~#
      Here everything on the backbone network is granted access to the /storage export. (This could be restricted to netgroup membership or single IP addresses to limit NFS access like it is done in the tjener:/etc/exports file.)
  • Add automount information about 'nas-server.intern' in LDAP to allow all clients to automatically mount the new export on request.
    • This can't be done using GOsa², because a module for automount is missing. Instead, use ldapvi and add the required LDAP objects using an editor.

      ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no

      When the editor shows up, add the following LDAP objects at the bottom of the document. (The "/&" part in the last LDAP object is a wild card matching everything 'nas-server.intern' exports, removing the need to list individual mount points in LDAP.)

          add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
          objectClass: automount
          cn: nas-server
          automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
      
          add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
          objectClass: top
          objectClass: automountMap
          ou: auto.nas-server
      
          add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
          objectClass: automount
          cn: /
          automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
  • Add the relevant entries in tjener.intern:/etc/fstab, because tjener.intern does not use automount to avoid mounting loops:
    • Create the mount directories using mkdir, edit '/etc/fstab' as adequate and run mount -a to mount the new resources.

Now users should be able to access the files on 'nas-server.intern' directly by just visiting the '/tjener/nas-server/storage/' directory using any application on any workstation, LTSP client or LTSP server.