Differences between revisions 83 and 92 (spanning 9 versions)
Revision 83 as of 2021-08-02 07:56:22
Size: 8214
Editor: ?WolfgangSchweer
Comment: adjust information about isc-dhcp-server issue
Revision 92 as of 2021-12-18 21:50:38
Size: 10074
Editor: ?WolfgangSchweer
Comment: Update after 11.2 point release
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
 * This page is our main overview/tracker for the status of Debian Edu Bullseye. In addition to this we have a list of [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?usertag=debian-edu@lists.debian.org|all bugs user-tagged "debian-edu"]]. '''Released at the Debian 11 Bullseye release date (August 14 2021)'''<<BR>>
See the [[https://www.debian.org/News/2021/20210815|release announcement]].

'''Updated at Debian 11.1 Bullseye point release date (Oct 09 2021)'''
<<BR>>
Among others, the ''debian-edu-config'' package has been updated, see the related [[https://www.debian.org/News/2021/20211009|announcement]].
After having upgraded a system with ''LTSP server'' profile, run {{{debian-edu-ltsp-install --diskless_workstation yes}}} to update the SquashFS image for Diskless Workstations and {{{debian-edu-pxeinstall}}} to update the PXE installation environment.

'''Updated at Debian 11.2 Bullseye point release date (Dec 18 2021)'''
<<BR>>
Among others, the ''debian-edu-doc-*'' packages and the ''debian-edu-config'' package have been updated, see the related [[https://www.debian.org/News/2021/20211218|announcement]].
After having upgraded a system with ''LTSP server'' profile, run {{{debian-edu-ltsp-install --diskless_workstation yes}}} to update the SquashFS image for Diskless Workstations and {{{debian-edu-pxeinstall}}} to update the PXE installation environment.
<<BR>>
If prompted, choose ''no'' for an automatic ''smb.conf'' file update, and (later) ''keep the local version currently installed''.
<<BR>>
As an alternative for diskless workstations, '''it is now possible to install and maintain a dedicated LTSP chroot''' (instead of using the SquashFS image from the server filesystem); see the [[DebianMan:debian-edu-ltsp-install|debian-edu-ltsp-install manual page]] for details.
Line 27: Line 42:
Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places.

(Replace amd64 with i386 if an image is needed for very old 32-bit PCs.)
Debian Edu ISOs for 64-bit and very old 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places.
Line 33: Line 46:
Weekly builds using d-i from bullseye: The ''netinst iso image'' can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.
Line 35: Line 48:
    '''official images'''  * https://get.debian.org/cdimage/release/current/amd64/iso-cd/
 * https://get.debian.org/cdimage/release/current/i386/iso-cd/
Line 37: Line 51:
        https://get.debian.org/cdimage/weekly-builds/amd64/iso-cd/ The ''BD images'' are 5.8 GB (amd64) / 5.9 GB (i386) large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.
Line 39: Line 53:
        https://get.debian.org/cdimage/weekly-builds/amd64/iso-bd/

    '''unofficial images (including firmware, use only if really needed)'''

        https://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-cd/

        https://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-bd/

Daily iso-cd builds using d-i from unstable (iso-bd images are not built daily):

    '''official image'''

        https://get.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/

    '''unofficial image (including firmware, use only if really needed)'''

        https://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/daily-builds/sid_d-i/current/amd64/iso-cd/
 * https://get.debian.org/cdimage/release/current/amd64/iso-bd/
 * https://get.debian.org/cdimage/release/current/i386/iso-bd/
Line 61: Line 60:
   {{{rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/amd64/iso-cd/debian-edu-testing-amd64-netinst.iso debian-edu-testing-amd64-netinst.iso}}}   {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-11.2.0-amd64-netinst.iso debian-edu-11.2.0-amd64-netinst.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-11.2.0-i386-netinst.iso debian-edu-11.2.0-i386-netinst.iso}}}
Line 63: Line 63:
   {{{rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/i386/iso-cd/debian-edu-testing-i386-netinst.iso debian-edu-testing-i386-netinst.iso}}}   {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-11.2.0-amd64-BD-1.iso debian-edu-11.2.0-amd64-BD-1.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-11.2.0-i386-BD-1.iso debian-edu-11.2.0-i386-BD-1.iso}}}
Line 65: Line 66:
   {{{rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/amd64/iso-bd/debian-edu-testing-amd64-BD-1.iso debian-edu-testing-amd64-BD-1.iso}}}

   {{{rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/i386/iso-bd/debian-edu-testing-i386-BD-1.iso debian-edu-testing-i386-BD-1.iso}}}
=== Unofficial images including non-free firmware - use only if really needed ===
 * https://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/current/amd64/iso-cd/
 * https://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/current/amd64/iso-bd/
Line 77: Line 78:
 * isc-dhcp-server-ldap: fails to activate the service, see DebianBug:971275.<<BR>>After (re)booting the main server, it might take some minutes for the DHCP service to become available. This seems to happen randomly.<<BR>>In case the DHCP server doesn't work reliably, consider to use the DHCP server packages from Debian 10 (buster).
  1. Create the file ''/etc/apt/sources.list.d/buster.sources.list'' with the following content:
  {{{
  deb http://deb.debian.org/debian buster main
  deb http://deb.debian.org/debian-security buster/updates main
  }}}
   and run:
  {{{
  apt update
  apt install isc-dhcp-server/buster isc-dhcp-server-ldap/buster
  }}}
 * isc-dhcp-server-ldap: fails to activate the service, see DebianBug:971275. After (re)booting the main server, it might take some minutes for the DHCP service to become available. This seems to happen randomly.
Line 89: Line 80:
  1. To make DHCP downgrading permanent and to ensure security upgrades, create two files to pin the DHCP server packages to the Debian 10 (buster) version. ##<<BR>>In case the DHCP server doesn't work reliably, consider using the DHCP server packages from Debian 10 (buster).
## 1. Create the file ''/etc/apt/sources.list.d/buster.sources.list'' with the following content:
## {{{
## deb http://deb.debian.org/debian buster main
## deb http://deb.debian.org/debian-security buster/updates main
## }}}
## and run:
## {{{
## apt update
## apt install isc-dhcp-server/buster isc-dhcp-server-ldap/buster
## }}}
Line 91: Line 92:
  File ''/etc/apt/apt.conf.d/99-edu-default-release''; content:
  {{{
  APT::Default-Release "bullseye";
  }}}
## 1. To make DHCP downgrading permanent and to ensure security upgrades, create two files to pin the DHCP server packages to the Debian 10 (buster) version.
Line 96: Line 94:
  File ''/etc/apt/preferences.d/99-downgrade-dhcp-server''; content:
  {{{
  Package: isc-dhcp-server-ldap isc-dhcp-server
  Pin: version 4.4.1-2+deb10*
  Pin-Priority: 1001
  }}}
## File ''/etc/apt/apt.conf.d/99-edu-default-release''; content:
## {{{
## APT::Default-Release "bullseye";
## }}}
Line 103: Line 99:
  1. Once the bug has been fixed, remove the three created files and run {{{apt update && apt upgrade}}}. ## File ''/etc/apt/preferences.d/99-downgrade-dhcp-server''; content:
## {{{
## Package: isc-dhcp-server-ldap isc-dhcp-server
## Pin: version 4.4.1-2+deb10*
## Pin-Priority: 1001
## }}}

##
1. Once the bug has been fixed, remove the three created files and run {{{apt update && apt upgrade}}}.
Line 117: Line 120:
 * The {{{/usr/share/debian-edu-config/tools/pxe-addfirmware}}} script still uses the old /var/lib/tftpboot path and fails, see DebianBug:995610. As a workaround, replace {{{/var/lib/tftpboot}}} with {{{/srv/tftp}}}.

 * Real support for LTSP chroot creation and maintenance is missing, see DebianBug:996103 for details.

 * debian-edu-ltsp-install: Netboot image exposes private data and crypto keys, see DebianBug:993935.

Debian Edu Installer Logo

Status of Debian Edu "Bullseye"

(development started in July 2019)

Released at the Debian 11 Bullseye release date (August 14 2021)
See the release announcement.

Updated at Debian 11.1 Bullseye point release date (Oct 09 2021)
Among others, the debian-edu-config package has been updated, see the related announcement. After having upgraded a system with LTSP server profile, run debian-edu-ltsp-install --diskless_workstation yes to update the SquashFS image for Diskless Workstations and debian-edu-pxeinstall to update the PXE installation environment.

Updated at Debian 11.2 Bullseye point release date (Dec 18 2021)
Among others, the debian-edu-doc-* packages and the debian-edu-config package have been updated, see the related announcement. After having upgraded a system with LTSP server profile, run debian-edu-ltsp-install --diskless_workstation yes to update the SquashFS image for Diskless Workstations and debian-edu-pxeinstall to update the PXE installation environment.
If prompted, choose no for an automatic smb.conf file update, and (later) keep the local version currently installed.
As an alternative for diskless workstations, it is now possible to install and maintain a dedicated LTSP chroot (instead of using the SquashFS image from the server filesystem); see the debian-edu-ltsp-install manual page for details.

Installation

Changes

  • At first boot of a combined server the SquashFS image for diskless workstation support is generated. This will take quite some time.
  • In case of a separate or an additional LTSP server required information for setting up the LTSP client environment isn't complete during installation. Setup can be done once the system has been added with GOsa².

Hints

  • Instead of the default xfce desktop environment, mate, gnome, lxde, lxqt, cinnamon or kde can be used by editing the kernel desktop parameter (default: desktop=xfce).

  • Dropping the modules= and desktop= items from the kernel command line completely allows one to use all ISO images for stock Debian installations.

    See the Bullseye manual installation chapter how to edit kernel command line parameters.

Installation media

Debian Edu ISOs for 64-bit and very old 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places.

Download using HTTPS

The netinst iso image can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.

The BD images are 5.8 GB (amd64) / 5.9 GB (i386) large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.

Download using rsync

Also recommended to update an already existing image.

  • rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-11.2.0-amd64-netinst.iso debian-edu-11.2.0-amd64-netinst.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-11.2.0-i386-netinst.iso debian-edu-11.2.0-i386-netinst.iso

    rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-11.2.0-amd64-BD-1.iso debian-edu-11.2.0-amd64-BD-1.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-11.2.0-i386-BD-1.iso debian-edu-11.2.0-i386-BD-1.iso

Unofficial images including non-free firmware - use only if really needed

Verify the downloaded image file

Detailed instructions for verifying these images are part of the Debian-CD FAQ.


Known problems that need to be fixed elsewhere

  • isc-dhcp-server-ldap: fails to activate the service, see 971275. After (re)booting the main server, it might take some minutes for the DHCP service to become available. This seems to happen randomly.

  • libpam-python: porting to python3 needed, see 937234.

  • X2Go doesn't register users with utmp/wtmp, see 890517.

  • ldapvi sorts entries alphabetically which can break specific modifications where the order of the definitions is important, see 820790.

Manual

  • Our documentation could further be improved: eg by proof-reading and improving language+grammar used, by updating outdated entries, etc


Fixed and done

  • The /usr/share/debian-edu-config/tools/pxe-addfirmware script still uses the old /var/lib/tftpboot path and fails, see 995610. As a workaround, replace /var/lib/tftpboot with /srv/tftp.

  • Real support for LTSP chroot creation and maintenance is missing, see 996103 for details.

  • debian-edu-ltsp-install: Netboot image exposes private data and crypto keys, see 993935.

  • Sending system emails from machines inside the internal network is broken, see 989338.

  • DHCP configuration is broken, see 989340.

  • The debian-edu-ltsp-install script fails to setup thin client support if used outside d-i, see 989342.

  • Automatic partitioning fails on UEFI systems, see 988396.

  • The first user doesn't have a Samba account, see 987632.

    • As a workaround, run smbpasswd -a <firstusername> as root on the main server.

  • Thin client support is broken if a combined server is installed in offline mode, see 987633.

    • As a workaround, run as root on the main server once Internet connection is available:

      rm -rf /srv/ltsp/thin
      debian-edu-ltsp-install --diskless_workstation no --thin_type bare

  • Diskless workstation support is broken in case of a 32-bit combined server installation, see 987634.

    • As a workaround, run mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/x86_32/ltsp.img as root on the main server.
      Choose x86_32 from the iPXE menu to start a diskless workstation.

  • major manual update due to LTSP and Samba changes, minor one for CUPS; also document the (optional) freeRADIUS setup.
  • add Bullseye artwork Homeworld.
  • GOSa²: deprecated implode() function usage with PHP 7.4 messes up GUI items, see 964600.

  • GOsa²: Fatal error when opening user list, see 941165 (also for a possible workaround).

  • GOSa²: password encryption/decryption broken with PHP 7.4, see 964318.

  • Mail server configuration is broken after Exim upgrade to exim4 4.94
  • major LTSP update in bullseye, see https://lists.debian.org/debian-edu/2019/11/msg00037.html

  • LTSP 19.x: 'ltsp image /' fails to generate usable image, see 946946. For a workaround see the bugreport. [The command stills fails but LTSP 20.x now provides a way to generate the image in case of advanced partitioning.]

  • integrate icingaweb2
  • Xfce is missing a volume control in the panel, see 913610. [Unlikely to be fixed in Buster.]

  • fetch-ldap-cert should have independent conditions for host and LTSP chroot, see 934380.

  • Fix fetch-ldap-cert to improve security, see 931413.

  • Drop obsolete code in d-i/finish-install, see 923675.

  • Fix sudo-ldap configuration, see 929964.

  • Fix LTSP related PXE configuration, see 928756.

  • Fix Firefox NFS related issue, see 930122.

  • Fix krb5 related logging configuration, see 931366.

  • Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see 931680.

  • Include the LDAP server certificate in initial LTSP chroot image, see 932828.

  • Provide Debian Edu RootCA certificate for download, see 933183.

  • Fix loss of dynamically allocated v4 IP address, see 933580.