Translation(s): none
Debian-LAN Setup_A
Network Topology
- The mainserver with two network cards acts as a gateway to the external network. It serves the central services to the LAN and optionally the root file system for diskless machines. The home directories are mounted via kerberized NFSv4.
Machine Types
mainserver (10.0.0.1)
- DNS and DHCP for the internal network.
- Kerberos KDC
- LDAP
- Home directories distributed via NFSv4 (sec=krb5i by default for all clients)
- Squid proxy
- apt-cacher-ng
workstation (10.0.0.50 ... 10.0.0.149)
- Minimalistic LXDE and Gnome Desktop enviroment
diskless (workstation) (10.0.0.150 ... 10.0.0.249)
- Same features as workstation (see below on how to activate)
User and Machine Management
The script debian-lan is provided to manage users and groups in LDAP (using ldapscripts).
debian-lan also helps with adding machines to dhcpd.conf and copying the Kerberos keytabs to the machines (machine principals).
Details
To install a machine, you have to add the hardware MAC address to /etc/dhcp/dhcpd.conf. This can be done by hand or with help of the command:
debian-lan add2dhcp workstation
The command adds all MAC addresses found in the syslog. If you replace workstation by diskless, the HW addresses are added as diskless clients. (So make sure you first connect only one type of machines and after adding these continue with the other type).
Distributing Kerberos keytabs to clients: After the installation of a workstation from the mainserver, use the command:
debian-lan addmachine workstationXX
on the mainserver to copy the Kerberos keytab to workstationXX. Diskless clients do not need this procedure to be activated.
Adding users: Use the command:
debian-lan adduser <list of usernames separated by spaces>
or
debian-lan adduser <path to file>
to add users. The file is a simple text file containing on each line a single username and optionally the user's password separated by spaces. If you omit the password, debian-lan will create a random password and append it to the user's line in the file.
Removing users: Use the command deluser in the debian-lan script.
For more details take a look at the debian-lan script itself.
Diskless Clients
The FAI classes DISKLESS_* work only on the mainserver, making the classes independent has not been done yet.
The mainserver might serve the root file system for diskless machines. To enable diskless machines, install the mainserver with the partitioning scheme LVM6_A replaced by LVM7_A in class/50-host-classes, which will add another partition for /opt, and add the class DISKLESS_SERVER. After installation and the creation of the FAI nfsroot (fai-setup), execute:
export LC_ALL=C fai -vNu diskless dirinstall /opt/live/filesystem.dir/ |tee /var/log/fai/fai-diskless.log
This will install the chroot of the diskless machines in /opt. In addition, swaping over the network is activated and the PXE configuration prepared. Unknown machines and the disklessXX hosts will be booted as diskless clients.
Known Issues and Work-Arounds
Installation of munin-node fails during the mainserver FAI-installation because of 612481 (still relevant on squeeze) → install munin-node after the FAI installation.
munin-node-configure does not link all available (i.e. working) plugins during installation → add missing links (use munin-node-configure --shell to get links for available plugins).