Changing subnet in Debian Edu / Skolelinux

Some times it is necessary to make a Skolelinux installation in a network with a fixed ip-structure. The default installation does a lot of preset choices for the network. So you have to make changes in quite a few files to get the installation to work as you would like, and at the same time get the machines to behave as wanted.

NB: The simplest solution is often to set up a router/firewall in front of the Skolelinux network. Set the firewall to NAT to the IP on the outside and let your fine Skolelinux network be left peacefully behind the firewall.

Most services and setup in Debian Edu is done using dynamically allocated IP information provided by DHCP or DNS. This is done to make it as easy as possible to change the hard coded IP subnet used. The IP subnet is hard coded to make it possible to get everything working out of the box when set up as intended, because some services do not support dynamically assigned IP information. To change the subnet, these services need to be reconfigured. This document contain instructions on how to locate them and how to change them.

NB! This is intended as help and a useful tool. If you follow the document and something breaks, I will not take any responsibility. Everything you do is at your own responsibility, but you can keep all the broken parts if anything breaks.

It is based on information from http://developer.skolelinux.no/dokumentasjon/skolelinux_endre_ipoppsett.txt and http://developer.skolelinux.no/dokumentasjon/skolelinux_change_ipsetup.txt

All configuration files with hard coded IP addresses are located in /etc/ on the individual machines. Only main-server and thin-client-server profiles contain services with hard coded IP information out of the box. To locate all files needing change, a search in /etc/ and /opt/ltsp/ is a good start:

grep -r "10\.0\." /etc/
grep -r "10\.0\." /opt/ltsp

In the etch version of Debian Edu, these files need to be modified:

/!\ If you do this on lenny, please check this list and remove this comment. Thank you! :-)

  /etc/network/interfaces
  /etc/powerdns/pdns.d/pdns-debian-edu-if.conf 
  /etc/hostname
  /etc/hosts
  /etc/exports
  /etc/cups/cupd.conf
  LDAP must be changed -> ldapvi 

Use a dummy interface for testing thin-clients

Another approach is use eth0 with your LANs network settings and use (in the case of the mainserver) 10.0.2.2 on a dummy interface:

To set up a dummy network dummy0 with an IP-address of 10.0.2.2 run this command as root:

ifconfig eth0 dummy0 netmask 255.255.255.255

To make it permanent add the following lines to /etc/network/interfaces

 auto dummy0
    address 10.0.2.2
    netmask 255.255.255.255

If you need to use the dns-server given by the dhcp-server on your network (inaddition to the locally on the main-server), you need to edit /etc/bind/debian-edu/named-bind9.conf, to include /var/run/bind/named.options instead of the default /etc/bin/debian-edu/named.conf.options.

/!\ This setup is mostly used for setting up a test-server for using thin clients. If you want to include workstations into your testnet, you really should set up a full Debian Edu test-network with a dedicated firewall etc. Or you need to change your DNS-server, so that the needed hostnames resolves to your mains-server.

Change IP on Lenny

If you are using subnet 10.100.32/23

Files to change in /etc /etc/ldap/dns_ranges.ldif Use the vim editor vi /etc/ldap/dns_range.ldif then:

:%s/2.0.10/32.100.10/g 
:%s/3.0.10/33.100.10/g
:%s/dc=3,dc=0,dc=10/dc=33,dc=100,dc=10/g
:%s/dc=2,dc=0,dc=10/dc=32,dc=100,dc=10/g

vi /etc/ldap/dns_skole.ldif

n: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: tjener
""arecord: 10.0.2.2 to arecord: 10.100.32.2"";
associateddomain: tjener.intern

n: dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: gateway
'''arecord: 10.0.2.1 to arecord: 10.100.32.1''';
associateddomain: gateway.intern

dn: dc=postoffice,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: postoffice
"arecord: 10.0.2.2 to arecord: 10.100.32.2"";
associateddomain: postoffice.intern


dn: dc=domain,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: domain
""arecord: 10.0.2.2 to arecord:10.100.32.2""
associateddomain: domain.intern

dn: dc=afsdb,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: afsdb
""arecord: 10.0.2.2  to arecord: 10.100.32.2""
associateddomain: afsdb.intern

Remember to change line 5 from 2 to 42

dn: dc=42,dc=100,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
""dc: 42""
associateddomain: 42.100.10.in-addr.arpa

vi /etc/ldap/dhcp.ldif

:%s/10.0.2/10.100.32/g
:%s/10.0.3/10.100.33/g

vi /etc/ldap/dns_arpa.ldif

:%s/dc=2,dc=0,dc=10/dc=32,dc=100,dc=10/g
:%s/dc=0,dc=10/dc=100,dc=10/g 
:%s/0.10.in-addr.arpa/100.10.in-addr.arpa/g
:%s/2.100.10.in-addr.arpa/32.100.10.in-addr.arpa/g
:%s/dc=3,dc=100,dc=10/dc=33,dc=100,dc=10/g 
:%s/3.100.10.in-addr.arpa/33.100.10.in-addr.arpa/g

vi /etc/network/interfaces

address 10.0.2.2 to address 10.100.32.2
broadcast 10.0.2.255 to broadcast 10.100.33.255
gateway 10.0.32.1 to gateway 10.100.32.1

vi /etc/hosts

10.0.2.2  to 10.100.32.2

vi /etc/hosts.allow

syslog: 10.0.2. to 10.100.32. 
syslog: 10.0.3. to 10.100.33.
in.tftpd: 10.0.2. to 10.100.32.
in.tftpd: 10.0.3. to 10.100.33.
portmap:  10.0.2. to 10.100.32.
portmap:  10.0.3. to 10.100.33.

vi /etc/nagios3/conf.d/host-gateway_nagios3.cfg /!\ Is this really needed? (Petter)

address 10.0.2.1  to  address 10.100.32.1

vi /etc/squid/squid.conf /!\ Is this really needed? (Petter)

type /10.0.2 to find the ip address
acl localnet src 10.0.2/23  to acl localnet src 10.100.32/23

vi /etc/exports

/opt/ltsp/i386     10.0.2.0/255.255.254.0 to /opt/ltsp/i386  10.100.32.0/255.255.254.0

vi /etc/powerdns/pdns.d/pdns-debian-edu.conf

ldap-host=10.0.2.2 to ldap-host=10.100.32.2
allow-recursion=10.0.2.0/23 to allow-recursion=10.100.32.0/23

vi /etc/samba/dhcp.conf Note: eth2 can be eth0 on your server. /!\ Is this really needed? (Petter)

  wins server = eth2:10.0.2.2 to   wins server = eth2:10.100.32.2

Then, take a backup of ldap datbase, genereate a new LDAP database, and make a new ssl certificate

cd /root/
mkdir ldap-backup
/etc/init.d/nscd stop
/etc/init.d/slapd stop
slapcat > ldap-backup.ldif
mv /var/lib/ldap/* ldap-backup/
/usr/bin/ldap-debian-edu-install
chown openldap:openldap /var/lib/ldap/* # Really needed?  If so, there is a bug in ldap-debian-edu-install
/etc/init.d/slapd start
/etc/init.d/nscd start
for a in  hosts passwd group services; do nscd -i $a; done
/etc/init.d/fetch-ldap-cert start

Remember to run samba-debian-edu-admin to get samba to work.

Changes needed to get diskless clients to work.

Edit /opt/ltsp/i386/etc/resolvconf/run/resolv.conf
Edit /opt/ltsp/i386/etc/resolvconf/resolv.conf.d/original
change this ip from 10.0.2.2 to 10.100.32.2