Differences between revisions 2 and 3
Revision 2 as of 2011-01-06 16:11:29
Size: 6894
Editor: JeanCharles
Comment:
Revision 3 as of 2013-09-04 13:24:30
Size: 0
Editor: ?David Prévot
Comment: Outdated, only a pair of titles translated anyway
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Changer le sous réseau dans Debian Edu / Skolelinux =

Some times it is necessary to make a Skolelinux installation in a
network with a fixed ip-structure. The default installation does a lot of
preset choices for the network. So you have to make changes in quite a few
files to get the installation to work as you would like, and at the same
time get the machines to behave as wanted.

NB: The simplest solution is often to set up a router/firewall in front
of the Skolelinux network. Set the firewall to NAT to the IP on the
outside and let your fine Skolelinux network be left peacefully behind
the firewall.

Most services and setup in Debian Edu is done using dynamically allocated IP
information provided by DHCP or DNS. This is done to make it as easy as
possible to change the hard coded IP subnet used. The IP subnet is hard coded
to make it possible to get everything working out of the box when set up as
intended, because some services do not support dynamically assigned IP information.
To change the subnet, these services need to be reconfigured. This document contain
instructions on how to locate them and how to change them.

NB! This is intended as help and a useful tool. If you follow the
document and something breaks, I will not take any responsibility.
Everything you do is at your own responsibility, but you can keep all the
broken parts if anything breaks.

It is based on information from
http://developer.skolelinux.no/dokumentasjon/skolelinux_endre_ipoppsett.txt and
http://developer.skolelinux.no/dokumentasjon/skolelinux_change_ipsetup.txt

All configuration files with hard coded IP addresses are located in /etc/ on
the individual machines. Only main-server and thin-client-server profiles
contain services with hard coded IP information out of the box. To locate
all files needing change, a search in /etc/ and /opt/ltsp/ is a good start:

{{{
grep -r "10\.0\." /etc/
grep -r "10\.0\." /opt/ltsp
}}}

In the etch version of Debian Edu, these files need to be modified:

/!\ If you do this on lenny, please check this list and remove this comment. Thank you! :-)

{{{
  /etc/network/interfaces
  /etc/powerdns/pdns.d/pdns-debian-edu-if.conf
  /etc/hostname
  /etc/hosts
  /etc/exports
  /etc/cups/cupd.conf
  LDAP must be changed -> ldapvi
}}}

== Utiliser une interface factice pour tester les clients légers ==

Another approach is use eth0 with your LANs network settings and use (in the case of the mainserver) 10.0.2.2 on a dummy interface:

Pour configurer une interface réseau factice '''dummy0''' avec une adresse IP en 10.0.2.2, lancez cette commande en root :

{{{
# ifconfig eth0 dummy0 netmask 255.255.255.255
}}}

Pour rendre cette configuration permanente, ajoutez les lignes suivantes dans {{{/etc/network/interfaces}}}
{{{
 auto dummy0
    address 10.0.2.2
    netmask 255.255.255.255
}}}


If you need to use the dns-server given by the dhcp-server on your network (inaddition to the locally on the main-server), you need to edit {{{/etc/bind/debian-edu/named-bind9.conf}}}, to include {{{/var/run/bind/named.options}}} instead of the default {{{/etc/bin/debian-edu/named.conf.options}}}.

/!\ This setup is mostly used for setting up a test-server for using thin clients. If you want to include workstations into your testnet, you really should set up a full Debian Edu test-network with a dedicated firewall etc. Or you need to change your DNS-server, so that the needed hostnames resolves to your mains-server.


= Changer l'IP sur Lenny =

If you are using subnet 10.100.32/23

Files to change in /etc
/etc/ldap/dns_ranges.ldif
Use the vim editor
vi /etc/ldap/dns_range.ldif
then:
{{{
:%s/2.0.10/32.100.10/g
:%s/3.0.10/33.100.10/g
:%s/dc=3,dc=0,dc=10/dc=33,dc=100,dc=10/g
:%s/dc=2,dc=0,dc=10/dc=32,dc=100,dc=10/g
}}}

vi /etc/ldap/dns_skole.ldif

{{{


:%s/10.0.2.2/10.100.32.2/g
:%s/10.0.2.1/10.100.32.1/g



}}}



vi /etc/ldap/dhcp.ldif

{{{
:%s/10.0.2/10.100.32/g
:%s/10.0.3/10.100.33/g

if you are using 24 bit network you have to change dhcpNetMask to 24

}}}

vi /etc/ldap/dns_arpa.ldif

{{{
:%s/dc=2,dc=0,dc=10/dc=32,dc=100,dc=10/g
:%s/dc=0,dc=10/dc=100,dc=10/g
:%s/0.10.in-addr.arpa/100.10.in-addr.arpa/g
:%s/2.100.10.in-addr.arpa/32.100.10.in-addr.arpa/g
:%s/dc=3,dc=100,dc=10/dc=33,dc=100,dc=10/g
:%s/3.100.10.in-addr.arpa/33.100.10.in-addr.arpa/g

Remember to change line 5 from 2 to 32

dn: dc=32,dc=100,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
""dc: 32""
associateddomain: 32.100.10.in-addr.arpa


}}}

vi /etc/network/interfaces

{{{
address 10.0.2.2 to address 10.100.32.2
broadcast 10.0.2.255 to broadcast 10.100.33.255
gateway 10.0.32.1 to gateway 10.100.32.1
}}}

vi /etc/hosts

{{{
10.0.2.2 to 10.100.32.2
}}}

vi /etc/hosts.allow

{{{
syslog: 10.0.2. to 10.100.32.
syslog: 10.0.3. to 10.100.33.
in.tftpd: 10.0.2. to 10.100.32.
in.tftpd: 10.0.3. to 10.100.33.
portmap: 10.0.2. to 10.100.32.
portmap: 10.0.3. to 10.100.33.
}}}



vi /etc/exports

{{{
/opt/ltsp/i386 10.0.2.0/255.255.254.0 to /opt/ltsp/i386 10.100.32.0/255.255.254.0
}}}

vi /etc/powerdns/pdns.d/pdns-debian-edu.conf and /etc/powerdns/pdns.d/pdns-debian-edu-if.conf
 
{{{

allow-recursion=10.0.2.0/23 to allow-recursion=10.100.32.0/23
and
10.0.2.2 to 10.100.32.2 in pdns-debian-edu-if.conf

}}}


Then, take a backup of ldap datbase, genereate a new LDAP database, and make a new ssl certificate

{{{
cd /root/
mkdir ldap-backup
/etc/init.d/nscd stop
/etc/init.d/slapd stop
slapcat > ldap-backup.ldif
mv /var/lib/ldap/* ldap-backup/
/usr/bin/ldap-debian-edu-install
chown openldap:openldap /var/lib/ldap/* # Really needed? If so, there is a bug in ldap-debian-edu-install
/etc/init.d/slapd start
/etc/init.d/nscd start
for a in hosts passwd group services; do nscd -i $a; done
/etc/init.d/fetch-ldap-cert start
}}}

Remember to run samba-debian-edu-admin to get samba to work.

{{{
Changes needed to get diskless clients to work.

Edit /opt/ltsp/i386/etc/resolvconf/run/resolv.conf
Edit /opt/ltsp/i386/etc/resolvconf/resolv.conf.d/original
edit /opt/ltsp/i386/etc/resolv.conf
change this ip from 10.0.2.2 to 10.100.32.2


Known problem:
After changing to new ip addres, the nameserver under resolv.conf in chroot change back to nameserver 127.0.0.1 everytime you reboote server,
and diskless stop working untill you manually change it back to the ip it should be.

To fix this problem you have to add $SERVER to trunk/src/debian-edu-config/share/debian-edu-config/default-ltsp-client-setup
Go to: https://init.linpro.no/pipermail/skolelinux.no/commits/2010-June/105499.html to read more about this problem

}}}