[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Buster/HowTo/NetworkClients" by WolfgangSchweer

Debian Wiki wiki at debian.org
Thu Apr 5 20:48:22 BST 2018 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Buster/HowTo/NetworkClients" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Buster/HowTo/NetworkClients?action=diff&rev1=8&rev2=9

Comment:
replace i386 w/ amd64 (default LTSP chroot arch in most cases for Buster); thanks to h01ger for the hint. 

  
  # Decide which package has to be installed for the network interface(s). 
  # Most probably this will be firmware-linux-nonfree.
- # Things have to take effect in the LTSP chroot for architecture i386.
+ # Things have to take effect in the LTSP chroot for architecture amd64.
- ltsp-chroot -a i386 apt-get update
+ ltsp-chroot -a amd64 apt-get update
- ltsp-chroot -d -a i386 apt-get -y -q install <package name>
+ ltsp-chroot -d -a amd64 apt-get -y -q install <package name>
  
  # copy the new initrd to the server's tftpboot directory and update the NBD image.
  ltsp-update-kernels
@@ -55, +55 @@

  
  Using the default PXE menu on the main subnet 10.0.0.0/8, a machine could be started as diskless workstation or thin client. By default clients in the separate subnet 192.168.0.0/24 will run as diskless workstations if the amount of RAM is sufficient. If all clients in this LTSP client subnet should run as thin clients, the following has to be done.
  {{{
- (1)Open the file /opt/ltsp/i386/etc/ltsp/update-kernels.conf with an editor
+ (1)Open the file /opt/ltsp/amd64/etc/ltsp/update-kernels.conf with an editor
  and replace the line
  CMDLINE_LINUX_DEFAULT="init=/sbin/init-ltsp quiet"
  with
  CMDLINE_LINUX_DEFAULT="init=/sbin/init-ltsp LTSP_FATCLIENT=False quiet"
- (2)Execute 'ltsp-chroot -a i386 /usr/share/ltsp/update-kernels'
+ (2)Execute 'ltsp-chroot -a amd64 /usr/share/ltsp/update-kernels'
  (3)Execute 'ltsp-update-kernels'
  (4)Execute 'ltsp-update-image'
  }}}   
@@ -126, +126 @@

   * copy {{{/var/lib/tftpboot/debian-edu/default-diskless.cfg}}} to the same directory on the main server.
   * edit {{{/var/lib/tftpboot/debian-edu/default-diskless.cfg}}} to use the IP address of ltspserver00; the following example uses 10.0.2.10 for the IP address of ltspserver00 on the main network:
  {{{
-  DEFAULT ltsp/i386/vmlinuz initrd=ltsp/i386/initrd.img nfsroot=10.0.2.10:/opt/ltsp/i386 init=/sbin/init-ltsp boot=nfs ro quiet ipappend 2
+  DEFAULT ltsp/amd64/vmlinuz initrd=ltsp/amd64/initrd.img nfsroot=10.0.2.10:/opt/ltsp/amd64 init=/sbin/init-ltsp boot=nfs ro quiet ipappend 2
  }}}
   * set the symlink in {{{/var/lib/tftpboot/pxelinux.cfg}}} on the main server to point to {{{/var/lib/tftpboot/debian-edu/default-diskless.cfg}}}.
  
@@ -159, +159 @@

  
  === LTSP client configuration in LDAP (and lts.conf) ===
  
- To configure specific LTSP clients with particular features, you can add settings in LDAP or edit the file {{{/opt/ltsp/i386/etc/lts.conf}}}. Please note that {{{ltsp-update-image}}} has to be run after each change to lts.conf. The image update isn't needed if lts.conf is copied to the /var/lib/tftpboot/ltsp/i386/ directory.
+ To configure specific LTSP clients with particular features, you can add settings in LDAP or edit the file {{{/opt/ltsp/amd64/etc/lts.conf}}}. Please note that {{{ltsp-update-image}}} has to be run after each change to lts.conf. The image update isn't needed if lts.conf is copied to the /var/lib/tftpboot/ltsp/amd64/ directory.
  
  /!\ We recommend to configure clients in LDAP (and not edit {{{lts.conf}}} directly, however, configuration webforms for LTSP are currently not available in GOsa², you have to use a plain LDAP browser/explorer or {{{ldapvi}}}), as this makes it possible to add and/or replace LTSP servers without loosing (or having to redo) configuration.
  
@@ -209, +209 @@

  === Load-balancing LTSP servers ===
  
  ==== Part 1 ====
- It is possible to set up the clients to connect to one of several LTSP servers for load-balancing. This is done by providing `/opt/ltsp/i386/usr/share/ltsp/get_hosts` as a script printing one or more servers for LDM to connect to. In addition to this, each LTSP chroot needs to include the SSH host key for each of the servers.
+ It is possible to set up the clients to connect to one of several LTSP servers for load-balancing. This is done by providing `/opt/ltsp/amd64/usr/share/ltsp/get_hosts` as a script printing one or more servers for LDM to connect to. In addition to this, each LTSP chroot needs to include the SSH host key for each of the servers.
  
  First of all, you must choose one LTSP server to be the load-balancing server. All the clients will PXE-boot from this server and load the Skolelinux image. After the image is loaded, LDM chooses which server to connect to by using the "get_hosts" script. You will decide later how this is done.
  
@@ -223, +223 @@

  ==== Part 2 ====
  Now you have to make a "get_hosts" script which generates a list of server names for LDM to connect to. The parameter LDM_SERVER overrides this script. In consequence, this parameter must not be defined if the get_hosts is going to be used. The get_hosts script writes on the standard output each server IP address or host name, in random order.
  
- Edit "/opt/ltsp/i386/etc/lts.conf" and add something like this:
+ Edit "/opt/ltsp/amd64/etc/lts.conf" and add something like this:
  
  {{{
  MY_SERVER_LIST = "xxxx xxxx xxxx"}}}
- Replace xxxx with either the IP addresses or hostnames of the servers as a space-separated list. Then, put the following script in `/opt/ltsp/i386/usr/lib/ltsp/get_hosts` on the server you chose to be the load-balancing server.
+ Replace xxxx with either the IP addresses or hostnames of the servers as a space-separated list. Then, put the following script in `/opt/ltsp/amd64/usr/lib/ltsp/get_hosts` on the server you chose to be the load-balancing server.
  
  {{{
   #!/bin/bash
@@ -248, +248 @@

  ## why isn't this a oneliner calling the /usr/bin/shuf in coreutils?
  
  ==== Part 3 ====
- Now that you've made the "get_hosts" script, it's time to make the SSH host key for the LTSP chroots. This can be done by making a file containing the content of `/opt/ltsp/i386/etc/ssh/ssh_known_hosts` from all the LTSP servers that will be load-balanced. Save this file as `/etc/ltsp/ssh_known_hosts.extra` on all load-balanced servers. The last step is very important because ltsp-update-sshkeys runs every time a server is booted, and `/etc/ltsp/ssh_known_hosts.extra` is included if it exists.
+ Now that you've made the "get_hosts" script, it's time to make the SSH host key for the LTSP chroots. This can be done by making a file containing the content of `/opt/ltsp/amd64/etc/ssh/ssh_known_hosts` from all the LTSP servers that will be load-balanced. Save this file as `/etc/ltsp/ssh_known_hosts.extra` on all load-balanced servers. The last step is very important because ltsp-update-sshkeys runs every time a server is booted, and `/etc/ltsp/ssh_known_hosts.extra` is included if it exists.
  
- /!\ If you save your new host file as `/opt/ltsp/i386/etc/ssh/ssh_known_hosts`, it will be erased when you reboot the server.
+ /!\ If you save your new host file as `/opt/ltsp/amd64/etc/ssh/ssh_known_hosts`, it will be erased when you reboot the server.
  
  There are some obvious weaknesses with this setup. All clients get their image from the same server, which causes high loads on the server if many clients are booted at the same time. Also, the clients require that server to be always available; without it they cannot boot or get an LDM server. Therefore this setup is very dependent on one server, which isn't very good.
  
@@ -266, +266 @@

  
   * Attach the printer to the LTSP client machine (both USB and parallel port are supported). 
  
-  * Configure this machine to run a printer in lts.conf (default location: {{{/opt/ltsp/i386/etc/lts.conf}}}), see the LTSP manual {{{/usr/share/doc/ltsp/LTSPManual.html#printer}}} for details.
+  * Configure this machine to run a printer in lts.conf (default location: {{{/opt/ltsp/amd64/etc/lts.conf}}}), see the LTSP manual {{{/usr/share/doc/ltsp/LTSPManual.html#printer}}} for details.
  
   *  Configure the printer using the web interface {{{https://www:631}}} on the main server; choose network printer type {{{AppSocket/HP JetDirect}}} (for all printers regardless of brand or model) and set {{{socket://<LTSP client ip>:9100}}} as connection URI.
  
@@ -275, +275 @@

  It is useful to upgrade the LTSP environment with new packages fairly often, to make sure security fixes and improvements are made available.  To upgrade, run these commands as user root on each LTSP server:
  
  {{{
- ltsp-chroot -a i386  # this does "chroot /opt/ltsp/i386" and more, ie it also prevents daemons from being started
+ ltsp-chroot -a amd64  # this does "chroot /opt/ltsp/amd64" and more, ie it also prevents daemons from being started
  apt update
  apt upgrade
  apt full-upgrade
@@ -288, +288 @@

  To install additional software for an LTSP client you must perform the installation inside the chroot of the LTSP server. 
  
  {{{
- ltsp-chroot -a i386
+ ltsp-chroot -a amd64
  ## optionally, edit the sources.list:
  #editor /etc/apt/sources.list
  apt update
@@ -299, +299 @@

  
  === Slow login and security ===
  
- Skolelinux has added several security features on the client network preventing unauthorised superuser access, password sniffing, and other tricks which may be used on a local network. One such security measure is secure login using SSH, which is the default with LDM. This can slow down some client machines which are more than about fifteen years old, with as little as a 160 MHz processor and 32 MB RAM. Although it's not recommended, you can add a line to {{{/opt/ltsp/i386/etc/lts.conf}}} containing:
+ Skolelinux has added several security features on the client network preventing unauthorised superuser access, password sniffing, and other tricks which may be used on a local network. One such security measure is secure login using SSH, which is the default with LDM. This can slow down some client machines which are more than about fifteen years old, with as little as a 160 MHz processor and 32 MB RAM. Although it's not recommended, you can add a line to {{{/opt/ltsp/amd64/etc/lts.conf}}} containing:
  
  {{{
  LDM_DIRECTX=True

More information about the debian-edu-commits mailing list