Differences between revisions 60 and 63 (spanning 3 versions)
Revision 60 as of 2018-11-13 00:02:38
Size: 8974
Editor: ?DominikGeorge
Comment:
Revision 63 as of 2018-11-15 01:15:32
Size: 9151
Editor: ?WolfgangSchweer
Comment: removable media mount fails on diskless workstations (unrelated to Xfce) due to LDM behaviour and changed security settings.
Deletions are marked like this. Additions are marked like this.
Line 43: Line 43:
 * Xfce is missing a volume control by default ([[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913610|#913610]])
 * Mounting devices (USB stivks) does not work in Xfce (to be verified)
 * Xfce is missing a volume control by default (in the panel) ([[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913610|#913610]])
 * Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see DebianBug:913774.
Line 58: Line 58:
  * How to persist packages to be installed in LTSP chroot
  * How to change only/default desktop used

Status of Debian Edu "Buster"

(development started in July 2017)

Installation

Please note: An installation including the Main-Server profile will now fail due to broken gosa installation; see 911632. This is a temporary issue caused by the ongoing PHP transition (7.2 -> 7.3).

A Debian Edu ISO for 64-bit PCs (both AMD and Intel processors) is available from the usual Debian places:

Instead of the default xfce, mate, gnome or kde could be used as value of the related kernel param desktop=xfce. See the Buster manual installation chapter how to set kernel command line parameters.

Please note:
Squid needs to be started manually after reboots due to 911325

Known problems we want to fix

  • the USB-offline installation media (also known as Bluray media) is still too big, see 846006

    • it's also single arch atm...
  • The non-free installation images with firmwares should be linked in the manual, however we should also explain there that non-free firmwares should best be avoided.
  • Buster artwork is still missing as it depends on currently still missing Debian artwork for Buster

  • The added LXQt desktop environment lacks education menu integration.
  • The added metapackages (video, primaryschool) are missing education menu integration.
  • The desktop profiles concept (kiosk) seems to be outdated since years.
  • The favorites configuration (most DEs?) needs love.
  • MATE is only translated (63%) to Nynorsk

  • Installation fails when network is configured manually (without DHCP) in the installer, even if all settings match the default settings 1:1. Having a DHCP server hand out the same settings works.
  • Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) (#902658)

  • Xfce is missing a volume control by default (in the panel) (#913610)

  • Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see 913774.

Manual

  • Our documentation could further be improved: eg by proof-reading and improving language+grammar used, by updating outdated entries, etc

  • Still to be documented:
    • standardskriver
    • desktop-autoloader
    • Kerberized NFS
    • LTSP Switch NBD <-> NFS

    • LTSP client setup configuration
    • PXE install configuration
    • Kerberized ssh
    • ?HowTo deal with cfengine configuration changes in case of upgrades.

    • How to persist packages to be installed in LTSP chroot
    • How to change only/default desktop used

Drafts

# Kerberized NFS.
pxeinstall workstation (s).
 - in case installed from cdrom/usb: login as root after first boot
 - run  'sitesummary-client' (needed to be able to use sitesummary2ldapdhcp on the main server). 
Main server:
 - login as root
 - run "ldapvi -ZD '(cn=admin)'" and replace 'sec=sys' with 'sec=krb5i'; the most
  secure setting 'sec=krb5p' works too, but the performance might suffer.
 - run 'sitesummary2ldapdhcp -a'. (default type workstations)
 - as first user edit *new* workstation(s) using GOsa² .
 - don't edit, remove duplicate gateway entry (IP 10.0.0.1 indicates it).

Workstation(s):
 - login as root.
 - run 'kinit' to get a TGT.
 - run 'scp tjener:/etc/debian-edu/host-keytabs/<hostname set via GOsa>.intern.keytab /etc/krb5.keytab'
 - reboot
 - login as first user and run 'mount|grep krb5' to see kerberized mount is used.

For systems already configured with GOsa², login on the main server as root and
run /usr/share/debian-edu-config/tools/gosa-modify-host <hostname> <IP>.
Please note: host keytab creation is possible for systems of type workstations, servers and terminals but not for those of type netdevices.

# Switch from NFS --> NBD:
ltsp-update-image 
sed -i 's/default ltsp-NFS/default ltsp-NBD' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
sed -i 's/ontimeout ltsp-NFS/ontimeout ltsp-NBD/' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
ltsp-update-kernels

# Switch from NBD --> NFS:
sed -i 's/default ltsp-NBD/default ltsp-NFS' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
sed -i 's/ontimeout ltsp-NBD/ontimeout ltsp-NFS/' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
ltsp-update-kernels
# optional: remove image file(s).
rm -f /opt/ltsp/images/$(dpkg --print-architecture).im*


Fixed in Git

  • nothing atm

Fixed + done (related packages migrated to buster or unstable)

  • *_proxy variables in /etc/environment for some reason do not make it into the LTSP squashfs image when this is built during installation. They appear in the chroot tree after installation and an ltsp-update-image correctly carries them to the squashfs.
  • we are able to install Debian Edu with d-i from cdimage.debian.org, see 846006

  • finish the SVN2Git Migration Status

  • Even if deselected, the LTSP installation step is reported as 'failed'; see: 888583. Workaround: When the Debian Edu profile screen is shown, open up a Debian Installer shell and run 'rm /var/lib/dpkg/info/kbd-chooser.*'

  • GOsa² access to LDAP is broken. This happens because password decryption doesn't work; see 892546. Workaround: After booting the main server for the first time, run:

cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf
cat /dev/null > /etc/gosa/gosa.secrets
service apache2 reload

Please note that this change disables gosa-admin password encryption (GOsa² -> LDAP connection); the generated (random) password is used in this case.

  • Installation is broken since PHP7.2 has entered testing. This happens because mcrypt support has been removed from PHP while gosa-encrypt-password depends on it; see 889811. Workaround: While the Debian Installer is busy installing software, open up a shell and use 'nano target/usr/bin/ldap-debian-edu-install' to replace gosa-encrypt-passwords > /dev/null with #gosa-encrypt-passwords > /dev/null and to add the line touch /etc/gosa/gosa.secrets below the commented one. Please note that this change disables password encryption to access the GOsa² web interface; use only for testing.

  • The usbstick ISO image should allow installations including the 'LTSP server' profile without internet connection; atm about 300 MiB need to be downloaded. This happens right after the base system has been installed successfully in the LTSP chroot, later in the process packages are fetched again from the mounted image. [Reason was that the first part (when the 'debian-edu-install' package gets installed) has been moved to LTSP client build stage 'install)' where the CDROM and required mounts are not yet available. Moving this part to 'after-install)' (or all parts to 'finalization)' like it has been before commit 57a5c24f) allows to use '/media/cdrom' throughout. Also, '-o acquire::check-valid-until=0' needs to be added to APT_GET_OPTS to be really able to use '/media/cdrom' as local file type repo.] See: 867271, fixed in Buster (d-e-c commits 2278d78b and 5c1b880d).

  • Fix personal web pages configuration; see 866228. As a workaround run these commands on the main server:

rm /etc/apache2/mods-available/userdir.load 
cp /etc/apache2/mods-available/status.load /etc/apache2/mods-available/userdir.load 
sed -i 's/status/userdir/g' /etc/apache2/mods-available/userdir.load 
ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-available/debian-edu-userdir.load 
a2enmod debian-edu-userdir
  • adjust the Samba configuration file to be able to join recent clients to the SKOLELINUX domain out-of-the-box; see 864663.