Differences between revisions 24 and 25
Revision 24 as of 2012-04-07 08:07:24
Size: 4474
Editor: ?AndreasMundt
Comment: wording
Revision 25 as of 2012-04-08 14:10:32
Size: 4830
Editor: ?AndreasMundt
Comment: add *_GATEWAY variants
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
 * The mainserver with two network cards acts as a gateway to the external network. It serves the central services to the LAN and optionally the root file system for diskless machines. The clients mount their home directories via kerberized NFSv4. Two variants are available:
* The mainserver with two network cards acts as a gateway to the external network: Use the {{{INT_GATEWAY}}} class in {{{class/50-host-classes}}}.
 * The mainserver (at 10.0.0.10) takes part in a network with a dedicated gateway (10.0.0.1): Use the {{{EXT_GATEWAY}}} class in {{{class/50-host-classes}}}.
The mainserver
serves the central services to the LAN and optionally the root file system for diskless machines. The clients mount their home directories via kerberized NFSv4.
Line 10: Line 13:
 * '''mainserver''' (10.0.0.1)  * '''mainserver''' (10.0.0.1 (gateway version) or 10.0.0.10)
Line 25: Line 28:
'''After installation of the mainserver:''' Make sure your networks are connected to the right interfaces: Fixed IP address 10.0.0.1 to the internal network, DHCP to the outside world (internet/router). '''After installation of the mainserver (gateway version):''' Make sure your networks are connected to the right interfaces: Fixed IP address 10.0.0.1 to the internal network, DHCP to the outside world (internet/router).
Line 59: Line 62:
To use a RAID1 on the server, add the class RAID and replace LVM*_A with the corresponding RAIDLVM*_A class in {{{class/50-host-classes}}}. To use a RAID1 on the server, add the class {{{RAID}}} and replace {{{LVM*_A}}} with the corresponding {{{RAIDLVM*_A}}} class in {{{class/50-host-classes}}}.
Line 63: Line 66:
/!\ The FAI classes DISKLESS_* work only on the mainserver, making the classes independent has not been done yet. /!\ The FAI classes {{{DISKLESS_*}}} work only on the mainserver, making the classes independent has not been done yet.
Line 65: Line 68:
The mainserver might serve the root file system for diskless machines. To enable diskless machines, install the mainserver with the partitioning scheme LVM6_A replaced by LVM7_A in {{{class/50-host-classes}}}. This will add another partition for {{{/opt}}}. Add the class DISKLESS_SERVER to the mainserver's classes. After installation and the creation of the FAI nfsroot ({{{fai-setup}}}), execute: The mainserver might serve the root file system for diskless machines. To enable diskless machines, install the mainserver with the partitioning scheme {{{LVM6_A}}} replaced by {{{LVM7_A}}} in {{{class/50-host-classes}}}. This will add another partition for {{{/opt}}}. Add the class {{{DISKLESS_SERVER}}} to the mainserver's classes. After installation and the creation of the FAI nfsroot ({{{fai-setup}}}), execute:

Translation(s): none


Debian-LAN Setup_A

Network Topology

Two variants are available:

  • The mainserver with two network cards acts as a gateway to the external network: Use the INT_GATEWAY class in class/50-host-classes.

  • The mainserver (at 10.0.0.10) takes part in a network with a dedicated gateway (10.0.0.1): Use the EXT_GATEWAY class in class/50-host-classes.

The mainserver serves the central services to the LAN and optionally the root file system for diskless machines. The clients mount their home directories via kerberized NFSv4.

Machine Types

  • mainserver (10.0.0.1 (gateway version) or 10.0.0.10)

    • DNS and DHCP for the internal network.
    • Kerberos KDC
    • LDAP
    • Home directories distributed via NFSv4 (sec=krb5i by default for all clients as soon as 638157 is fixed)

    • Squid proxy
    • apt-cacher-ng
  • workstation (10.0.0.50 ... 10.0.0.149)

    • LXDE and Gnome desktop enviroment
    • customized package selection
  • diskless (workstation) (10.0.0.150 ... 10.0.0.249)

    • same features as workstation (see below on how to activate)

Details and Hints

After installation of the mainserver (gateway version): Make sure your networks are connected to the right interfaces: Fixed IP address 10.0.0.1 to the internal network, DHCP to the outside world (internet/router).

User and Machine Management

  • The script debian-lan is provided to manage users and groups in LDAP (using ldapscripts).

  • debian-lan also helps with adding machines to dhcpd.conf and copying the Kerberos keytabs to the machines (machine principals).

To install a client machine, you have to add the hardware MAC address to /etc/dhcp/dhcpd.conf. This can be done by hand or with help of the command:

debian-lan add2dhcp

The command lists all (non-local and not yet known) MAC addresses found in the syslog and prompts for skipping the address, adding it as workstation or as diskless machine.

Distributing Kerberos keytabs to clients: After the installation of a workstation from the mainserver, use the command:

debian-lan addmachine workstationXX

on the mainserver to copy the Kerberos keytab to workstationXX. Diskless clients do not need this procedure to be activated.

Adding users: Use the command:

debian-lan adduser <list of usernames separated by spaces>

or

debian-lan adduser <path to file>

to add users. The file is a simple text file containing on each line a single username and optionally the user's password separated by spaces. If you omit the password, debian-lan will create a random password and append it to the user's line in the file.

Removing users: Use the command deluser in the debian-lan script.

For more details take a look at the debian-lan script itself.

RAID1

To use a RAID1 on the server, add the class RAID and replace LVM*_A with the corresponding RAIDLVM*_A class in class/50-host-classes.

Diskless Clients

/!\ The FAI classes DISKLESS_* work only on the mainserver, making the classes independent has not been done yet.

The mainserver might serve the root file system for diskless machines. To enable diskless machines, install the mainserver with the partitioning scheme LVM6_A replaced by LVM7_A in class/50-host-classes. This will add another partition for /opt. Add the class DISKLESS_SERVER to the mainserver's classes. After installation and the creation of the FAI nfsroot (fai-setup), execute:

export LC_ALL=C
fai -vNu diskless dirinstall /opt/live/filesystem.dir/ |tee /var/log/fai/fai-diskless.log

The command will install the chroot of the diskless machines in /opt. In addition, swaping over the network is activated and the PXE configuration prepared. Unknown machines and the disklessXX hosts will be booted as diskless clients. To update the chroot, use the commands:

chroot /opt/live/filesystem.dir/
fai -vNu diskless softupdate

Known Issues and Work-Arounds

  • Installation of munin-node fails during the mainserver FAI-installation because of 612481 (still relevant on squeeze) → install munin-node after the FAI installation.

  • munin-node-configure does not link all available (i.e. working) plugins during installation → add missing links (use munin-node-configure --shell to get links for available plugins).

  • NFSv4 not kerberized: 638157 → apply patch.