Differences between revisions 61 and 175 (spanning 114 versions)
Revision 61 as of 2018-11-13 10:49:35
Size: 8989
Editor: ?DominikGeorge
Comment:
Revision 175 as of 2020-05-11 10:47:52
Size: 11918
Editor: ?WolfgangSchweer
Comment: wrong status page, should have been bullseye
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
{{attachment:i.png|Debian Edu Installer Logo|width=800}}
Line 7: Line 8:
'''Released at the Debian 10 Buster release date (July 06 2019)'''
<<BR>>
See the [[https://www.debian.org/News/2019/20190707|release announcement]].
Line 8: Line 12:
 * This page is our main overview/tracker for the status of Debian Edu Buster. In addition to this we have a list of [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?usertag=debian-edu@lists.debian.org|all bugs user-tagged "debian-edu"]]. '''Updated at Debian 10.1 Buster point release date (September 07 2019)'''
<<BR>>
Among others, the packages ''debian-edu-config'', ''gosa*'' and ''debian-edu-doc*'' have been updated.
It is recommended to update the main server first, then LTSP chroots (in case they exist) and other clients (like ''workstations'') in the Debian Edu network.
<<BR>>Please note that the updated ''debian-edu-config'' package includes CFengine configuration file changes, so {{{cf-agent -I -D installation}}} needs to be run after upgrading the package (see the [[https://wiki.debian.org/DebianEdu/Documentation/Buster/Maintenance|Buster manual Maintenance chapter]]).

'''Updated at Debian 10.2 Buster point release date (November 16 2019)'''
<<BR>>
Among others, the packages ''debian-edu-config'' and ''standardskriver'' have been updated, see the related [[https://www.debian.org/News/2019/20191116|announcement]].

'''Updated at Debian 10.3 Buster point release date (February 08 2020)'''
<<BR>>
Among others, the package ''debian-edu-config'' has been updated, see the related [[https://www.debian.org/News/2020/20200208|announcement]].

'''Updated at Debian 10.4 Buster point release date (May 09 2020)'''
<<BR>>
Among others, the package ''debian-edu-config'' has been updated, see the related [[https://www.debian.org/News/2020/20200509|announcement]]. New users are no longer forced to accept the self-signed certificate as an ''insecure'' one (Firefox-ESR and Thunderbird).
Line 12: Line 32:
'''Please note:''' An installation including the ''Main-Server'' profile will now fail due to broken gosa installation; see DebianBug:911632. This is a temporary issue caused by the ongoing PHP transition (7.2 -> 7.3). Instead of the default ''xfce'' desktop environment, ''mate'', ''gnome'', ''lxde'', ''lxqt'' or ''kde'' can be used by editing the kernel {{{desktop}}} parameter (default: {{{desktop=xfce}}}).
See the [[https://wiki.debian.org/DebianEdu/Documentation/Buster/Installation|Buster manual installation chapter]] how to edit kernel command line parameters.
Line 14: Line 35:
A Debian Edu ISO for 64-bit PCs (both AMD and Intel processors) is available from the usual Debian places:
 * http://get.debian.org/cdimage/weekly-builds/amd64/iso-cd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-cd/
 * http://get.debian.org/cdimage/weekly-builds/amd64/iso-bd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-bd/
 * Replace {{{amd64}}} with {{{i386}}} if you need an ISO for 32-bit PCs.
 * Note: the iso-bd images are broken in regards to ltsp installation (DebianBug:911380 and DebianBug:911382) and are not usable for real offline installation.
 * Note: there are also daily-builds, not just weekly-builds...
Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places ('''updated to Debian Edu 10.4'''):
Line 23: Line 37:
Instead of the default {{{xfce}}}, ''mate'', ''gnome'' or ''kde'' could be used as value of the related kernel param {{{desktop=xfce}}}.
See the [[https://wiki.debian.org/DebianEdu/Documentation/Buster/Installation|Buster manual installation chapter]] how to set kernel command line parameters.
=== Download using http ===
Line 26: Line 39:
'''Please note:''' <<BR>>
Squid needs to be started manually after reboots due to DebianBug:911325 <<BR>>
The ''netinst iso image'' can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.

 * http://get.debian.org/cdimage/release/current/amd64/iso-cd/
 * http://get.debian.org/cdimage/release/current/i386/iso-cd/

The ''BD images'' are 5.3 GB (amd64) / 5.4 GB (i386) large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.

 * http://get.debian.org/cdimage/release/current/amd64/iso-bd/
 * http://get.debian.org/cdimage/release/current/i386/iso-bd/

=== Download using rsync ===

Also recommended to update an already existing image.

  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.4.0-amd64-netinst.iso debian-edu-10.4.0-amd64-netinst.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.4.0-i386-netinst.iso debian-edu-10.4.0-i386-netinst.iso}}}

  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.4.0-amd64-BD-1.iso debian-edu-10.4.0-amd64-BD-1.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.4.0-i386-BD-1.iso debian-edu-10.4.0-i386-BD-1.iso}}}

=== Unofficial images including non-free firmware - use only if really needed ===

 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.4.0+nonfree/amd64/iso-cd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.4.0+nonfree/amd64/iso-bd/

=== Verify the downloaded image file ===

Detailed instructions for verifying these images are part of the [[https://www.debian.org/CD/faq/index.en.html#verify|Debian-CD FAQ]].

----
Line 30: Line 71:
 * GOsa²: Fatal error when opening user list, see DebianBug:941165 (also for a possible workaround).
Line 31: Line 73:
== Known problems that can be fixed locally ==
 * Sending email inside the internal network doesn't work for users. This is due to exim4 changes shortly before the Buster release, breaking at least the Debian Edu specific setup. Installing exim4-daemon-heavy from buster-backports on the main server will allow one to send email. See the [[https://wiki.debian.org/DebianEdu/Documentation/Buster/HowTo/Administration#Using_backports_to_install_newer_software|related manual chapter]] for details about using backports.

== Known problems that need to be fixed elsewhere ==
 * !X2Go doesn't register users with utmp/wtmp, see DebianBug:890517. Remove the {{{killer}}} package (or disable the killer cron job) on the related LTSP server to avoid user sessions to be kicked out.

 * Icinga doesn't use authentication, see DebianBug:939056. [Unlikely to be fixed in Buster, Icinga is EOL]. As a workaround edit /etc/icinga/apache2.conf: drop the line containing ''Require all granted''.

== Known problems we fixed via workarounds, real fix needed elsewhere ==
 * Squid needs to be started manually after reboots due to DebianBug:911325 (patch available). [Unlikely to be fixed in Buster.]
 * Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see DebianBug:913774. [Unlikely to be fixed in Buster.]
 * Xfce is missing a volume control in the panel, see DebianBug:913610. [Unlikely to be fixed in Buster.]
 * Xfce is missing a screenserver if Lightdm isn't used (e.g. LTSP clients, remote sessions), see DebianBug:922718. [Unlikely to be fixed in Buster.]

----

== Fixed + done (related packages migrated to buster or unstable) ==
 * Fix fetch-ldap-cert to improve security, see DebianBug:931413.
 * Fix sudo-ldap configuration, see DebianBug:929964.
 * Fix LTSP related PXE configuration, see DebianBug:928756.
 * Fix Firefox NFS related issue, see DebianBug:930122.
 * Fix krb5 related logging configuration, see DebianBug:931366.
 * Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see DebianBug:931680.
 * Include the LDAP server certificate in initial LTSP chroot image, see DebianBug:932828.
 * Provide Debian Edu RootCA certificate for download, see DebianBug:933183.
 * Fix loss of dynamically allocated v4 IP address, see DebianBug:933580.
 * LTSP code to detect the DIST value is broken, see DebianBug:925173.
 * GOsa (upgrade from Stretch): the password entry field is missing, see DebianBug:918578. The related [[https://wiki.debian.org/DebianEdu/Documentation/Buster/Upgrades#Upgrading_the_main_server|manual chapter]] contains information how to upgrade from Stretch despite this bug.
 * GOsa (upgrade from Stretch): crypto-transition not possible, see DebianBug:925138. The related [[https://wiki.debian.org/DebianEdu/Documentation/Buster/Upgrades#Upgrading_the_main_server|manual chapter]] contains information how to upgrade from Stretch despite this bug.
 * LTSP client boot is broken due to a new busybox version: DebianBug:924374. See the bug log for a temporary workaround.
 * Broken PXE installation framework, see DebianBug:924927.
 * Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) ([[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902658|#902658]]). [Real culprit is DebianBug:904808 ; as a workaround edit {{{/etc/logrotate.d/apache2}}} and replace {{{reload}}} with {{{restart}}}.]
 * The added LXQt desktop environment lacks desktop-base support, see DebianBug:914345.
Line 32: Line 107:
  * it's also single arch atm...
 * The non-free installation images with firmwares should be linked in the manual, however we should also explain there that non-free firmwares should best be avoided.
 * Buster artwork is still missing as it depends on currently still missing [[DebianDesktop/Artwork/Buster|Debian artwork for Buster]]
 * The added LXQt desktop environment lacks education menu integration.
 * Proper Buster artwork is still missing as it depends on currently still missing [[DebianDesktop/Artwork/Buster|Debian artwork for Buster]], for now the Debian Edu Buster artwork is based upon the futurePrototype proposal.
Line 39: Line 112:
 * MATE is only [[https://www.transifex.com/mate/MATE/|translated (63%) to Nynorsk]]

 * Installation fails when network is configured manually (without DHCP) in the installer, even if all settings match the default settings 1:1. Having a DHCP server hand out the same settings works.
 * Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) ([[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902658|#902658]])
 * Xfce is missing a volume control by default (in the panel) ([[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913610|#913610]])
 * Mounting devices (USB stivks) does not work in Xfce (to be verified)

== Manual ==

 * Our [[DebianEdu/Documentation/Buster|documentation]] could further be improved: eg by proof-reading and improving language+grammar used, by updating outdated entries, etc
 * Still to be documented:
  * standardskriver
  * desktop-autoloader
  * Kerberized NFS
  * LTSP Switch NBD <-> NFS
  * LTSP client setup configuration
  * PXE install configuration
  * Kerberized ssh
  * HowTo deal with cfengine configuration changes in case of upgrades.
''Drafts''
{{{
# Kerberized NFS.
pxeinstall workstation (s).
 - in case installed from cdrom/usb: login as root after first boot
 - run 'sitesummary-client' (needed to be able to use sitesummary2ldapdhcp on the main server).
Main server:
 - login as root
 - run "ldapvi -ZD '(cn=admin)'" and replace 'sec=sys' with 'sec=krb5i'; the most
  secure setting 'sec=krb5p' works too, but the performance might suffer.
 - run 'sitesummary2ldapdhcp -a'. (default type workstations)
 - as first user edit *new* workstation(s) using GOsa² .
 - don't edit, remove duplicate gateway entry (IP 10.0.0.1 indicates it).

Workstation(s):
 - login as root.
 - run 'kinit' to get a TGT.
 - run 'scp tjener:/etc/debian-edu/host-keytabs/<hostname set via GOsa>.intern.keytab /etc/krb5.keytab'
 - reboot
 - login as first user and run 'mount|grep krb5' to see kerberized mount is used.

For systems already configured with GOsa², login on the main server as root and
run /usr/share/debian-edu-config/tools/gosa-modify-host <hostname> <IP>.
Please note: host keytab creation is possible for systems of type workstations, servers and terminals but not for those of type netdevices.
}}}

{{{
# Switch from NFS --> NBD:
ltsp-update-image
sed -i 's/default ltsp-NFS/default ltsp-NBD' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
sed -i 's/ontimeout ltsp-NFS/ontimeout ltsp-NBD/' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
ltsp-update-kernels

# Switch from NBD --> NFS:
sed -i 's/default ltsp-NBD/default ltsp-NFS' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
sed -i 's/ontimeout ltsp-NBD/ontimeout ltsp-NFS/' /opt/ltsp/$(dpkg --print-architecture)/boot/pxelinux.cfg/ltsp
ltsp-update-kernels
# optional: remove image file(s).
rm -f /opt/ltsp/images/$(dpkg --print-architecture).im*
}}}

----

== Fixed in Git ==

 * nothing atm

== Fixed + done (related packages migrated to buster or unstable) ==

Debian Edu Installer Logo

Status of Debian Edu "Buster"

(development started in July 2017)

Released at the Debian 10 Buster release date (July 06 2019)
See the release announcement.

Updated at Debian 10.1 Buster point release date (September 07 2019)
Among others, the packages debian-edu-config, gosa* and debian-edu-doc* have been updated. It is recommended to update the main server first, then LTSP chroots (in case they exist) and other clients (like workstations) in the Debian Edu network.
Please note that the updated debian-edu-config package includes CFengine configuration file changes, so cf-agent -I -D installation needs to be run after upgrading the package (see the Buster manual Maintenance chapter).

Updated at Debian 10.2 Buster point release date (November 16 2019)
Among others, the packages debian-edu-config and standardskriver have been updated, see the related announcement.

Updated at Debian 10.3 Buster point release date (February 08 2020)
Among others, the package debian-edu-config has been updated, see the related announcement.

Updated at Debian 10.4 Buster point release date (May 09 2020)
Among others, the package debian-edu-config has been updated, see the related announcement. New users are no longer forced to accept the self-signed certificate as an insecure one (Firefox-ESR and Thunderbird).

Installation

Instead of the default xfce desktop environment, mate, gnome, lxde, lxqt or kde can be used by editing the kernel desktop parameter (default: desktop=xfce). See the Buster manual installation chapter how to edit kernel command line parameters.

Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places (updated to Debian Edu 10.4):

Download using http

The netinst iso image can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.

The BD images are 5.3 GB (amd64) / 5.4 GB (i386) large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.

Download using rsync

Also recommended to update an already existing image.

  • rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.4.0-amd64-netinst.iso debian-edu-10.4.0-amd64-netinst.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.4.0-i386-netinst.iso debian-edu-10.4.0-i386-netinst.iso

    rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.4.0-amd64-BD-1.iso debian-edu-10.4.0-amd64-BD-1.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.4.0-i386-BD-1.iso debian-edu-10.4.0-i386-BD-1.iso

Unofficial images including non-free firmware - use only if really needed

Verify the downloaded image file

Detailed instructions for verifying these images are part of the Debian-CD FAQ.


Known problems we want to fix

  • GOsa²: Fatal error when opening user list, see 941165 (also for a possible workaround).

Known problems that can be fixed locally

  • Sending email inside the internal network doesn't work for users. This is due to exim4 changes shortly before the Buster release, breaking at least the Debian Edu specific setup. Installing exim4-daemon-heavy from buster-backports on the main server will allow one to send email. See the related manual chapter for details about using backports.

Known problems that need to be fixed elsewhere

  • X2Go doesn't register users with utmp/wtmp, see 890517. Remove the killer package (or disable the killer cron job) on the related LTSP server to avoid user sessions to be kicked out.

  • Icinga doesn't use authentication, see 939056. [Unlikely to be fixed in Buster, Icinga is EOL]. As a workaround edit /etc/icinga/apache2.conf: drop the line containing Require all granted.

Known problems we fixed via workarounds, real fix needed elsewhere

  • Squid needs to be started manually after reboots due to 911325 (patch available). [Unlikely to be fixed in Buster.]

  • Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see 913774. [Unlikely to be fixed in Buster.]

  • Xfce is missing a volume control in the panel, see 913610. [Unlikely to be fixed in Buster.]

  • Xfce is missing a screenserver if Lightdm isn't used (e.g. LTSP clients, remote sessions), see 922718. [Unlikely to be fixed in Buster.]


Fixed + done (related packages migrated to buster or unstable)

  • Fix fetch-ldap-cert to improve security, see 931413.

  • Fix sudo-ldap configuration, see 929964.

  • Fix LTSP related PXE configuration, see 928756.

  • Fix Firefox NFS related issue, see 930122.

  • Fix krb5 related logging configuration, see 931366.

  • Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see 931680.

  • Include the LDAP server certificate in initial LTSP chroot image, see 932828.

  • Provide Debian Edu RootCA certificate for download, see 933183.

  • Fix loss of dynamically allocated v4 IP address, see 933580.

  • LTSP code to detect the DIST value is broken, see 925173.

  • GOsa (upgrade from Stretch): the password entry field is missing, see 918578. The related manual chapter contains information how to upgrade from Stretch despite this bug.

  • GOsa (upgrade from Stretch): crypto-transition not possible, see 925138. The related manual chapter contains information how to upgrade from Stretch despite this bug.

  • LTSP client boot is broken due to a new busybox version: 924374. See the bug log for a temporary workaround.

  • Broken PXE installation framework, see 924927.

  • Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) (#902658). [Real culprit is 904808 ; as a workaround edit /etc/logrotate.d/apache2 and replace reload with restart.]

  • The added LXQt desktop environment lacks desktop-base support, see 914345.

  • the USB-offline installation media (also known as Bluray media) is still too big, see 846006

  • Proper Buster artwork is still missing as it depends on currently still missing Debian artwork for Buster, for now the Debian Edu Buster artwork is based upon the futurePrototype proposal.

  • The added metapackages (video, primaryschool) are missing education menu integration.
  • The desktop profiles concept (kiosk) seems to be outdated since years.
  • The favorites configuration (most DEs?) needs love.
  • *_proxy variables in /etc/environment for some reason do not make it into the LTSP squashfs image when this is built during installation. They appear in the chroot tree after installation and an ltsp-update-image correctly carries them to the squashfs.
  • we are able to install Debian Edu with d-i from cdimage.debian.org, see 846006

  • finish the SVN2Git Migration Status

  • Even if deselected, the LTSP installation step is reported as 'failed'; see: 888583. Workaround: When the Debian Edu profile screen is shown, open up a Debian Installer shell and run 'rm /var/lib/dpkg/info/kbd-chooser.*'

  • GOsa² access to LDAP is broken. This happens because password decryption doesn't work; see 892546. Workaround: After booting the main server for the first time, run:

cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf
cat /dev/null > /etc/gosa/gosa.secrets
service apache2 reload

Please note that this change disables gosa-admin password encryption (GOsa² -> LDAP connection); the generated (random) password is used in this case.

  • Installation is broken since PHP7.2 has entered testing. This happens because mcrypt support has been removed from PHP while gosa-encrypt-password depends on it; see 889811. Workaround: While the Debian Installer is busy installing software, open up a shell and use 'nano target/usr/bin/ldap-debian-edu-install' to replace gosa-encrypt-passwords > /dev/null with #gosa-encrypt-passwords > /dev/null and to add the line touch /etc/gosa/gosa.secrets below the commented one. Please note that this change disables password encryption to access the GOsa² web interface; use only for testing.

  • The usbstick ISO image should allow installations including the 'LTSP server' profile without internet connection; atm about 300 MiB need to be downloaded. This happens right after the base system has been installed successfully in the LTSP chroot, later in the process packages are fetched again from the mounted image. [Reason was that the first part (when the 'debian-edu-install' package gets installed) has been moved to LTSP client build stage 'install)' where the CDROM and required mounts are not yet available. Moving this part to 'after-install)' (or all parts to 'finalization)' like it has been before commit 57a5c24f) allows to use '/media/cdrom' throughout. Also, '-o acquire::check-valid-until=0' needs to be added to APT_GET_OPTS to be really able to use '/media/cdrom' as local file type repo.] See: 867271, fixed in Buster (d-e-c commits 2278d78b and 5c1b880d).

  • Fix personal web pages configuration; see 866228. As a workaround run these commands on the main server:

rm /etc/apache2/mods-available/userdir.load 
cp /etc/apache2/mods-available/status.load /etc/apache2/mods-available/userdir.load 
sed -i 's/status/userdir/g' /etc/apache2/mods-available/userdir.load 
ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-available/debian-edu-userdir.load 
a2enmod debian-edu-userdir
  • adjust the Samba configuration file to be able to join recent clients to the SKOLELINUX domain out-of-the-box; see 864663.