~kjcole/edubuntu.cookbook-delete/wip : revision 17

1

Chapter 9. Server configuration

2

3

9.1. Wizzy configuration

4

5

A Wizzy server plays two roles. In the first place, it serves

6

as an internet proxy, serving cached pages to a lab without a

7

permanent internet connection. In the second place, it

8

connects to the internet and retrieves requested pages to

9

store them locally, sends queued email, and fetches received

10

mail.

11

12

These two roles don't have to be fulfilled by the same server:

13

they may be split across two servers, for example if the

14

school has no internet access. In this case, there will be a

15

Wizzy in the Edubuntu lab and another one at a remote location with

16

internet connectivity.

17

18

The hardware requirements for the Wizzy server are far less

19

than those of the classroom application server, since it has

20

to do far less work. All it needs to do most of the time is to

21

serve up saved pages from its hard disk. For this, a server

22

with a 200+MHz CPU, 256MB RAM, and a 40GB RAID 1 disk array is

23

adequate.

24

_________________________________________________________

25

26

9.1.1. Software used by the Wizzy server

27

28

* The Wizzy server uses DHCP ( Section 9.2) and TFTP for

29

booting, the same as the classroom server.

30

XXX: What does the Wizzy server use TFTP for? Does it also

31

boot from the classroom server?

32

* It uses the Lightweight Directory Access Protocol (LDAP)

33

for authentication. When users access their email on the

34

Wizzy server they will need to supply a username and

35

password. This information is kept by an LDAP server,

36

which maintains a directory where user information may be

37

looked up. It is analogous to a telephone directory.

38

Ideally, there should be only one directory for an Edubuntu lab,

39

which contains the information on all the users and

40

resources (such as printers) in the lab. Currently,

41

however, the directory maintained by the Wizzy server is

42

separate from the user database on the classroom server.

43

* The Unix-to-Unix Copy Protocol (UUCP) is used for all

44

email sending and receiving, as well as for fetching web

45

pages. As long as a service can be configured to use UUCP

46

for communication, it is possible to provide the service

47

without a permanent internet connection. For this reason,

48

Wizzy sticks to UUCP.

49

* The Wizzy server uses BIND (the Berkeley Internet Name

50

Daemon) for domain name services ( DNS), on the local

51

network. DNS is how IP addresses, such as 192.168.0.254,

52

are resolved to readable domain names, such as

53

server.myschool.Edubuntu lab.org.za.

54

XXX: I'm not sure what "on the local network" means here.

55

Does that mean it only resolves names that are local to

56

the Edubuntu lab?

57

XXX: What domain name does a classroom server get?

58

* For email, Wizzy uses the Courier IMAP server for inbound

59

mail and webmail.

60

IMAP (the Internet Mail Access Protocol) provides a way

61

for all kinds of mail clients (such as Thunderbird, or

62

Mozilla's email component) to access a mail store. In

63

Wizzy's case, the Courier package handles mail storage and

64

IMAP access. Wizzy also provides a webmail client to

65

access the mail store using a web browser.

66

* To send mail, Wizzy uses the exim program.

67

* As discussed in Section 7.2, one of the most important

68

jobs the Wizzy does is to provide a browsable offline copy

69

of all the web pages that interest Edubuntu lab users. It does

70

this using the wwwoffle program to provide a local web

71

cache. It augments wwwoffle (the World Wide Web Offline

72

Explorer) with some custom programs, since Wizzy's

73

disconnected mode of operation goes beyond the options

74

offered by wwwoffle on its own.

75

* The Wizzy server provides its administration functions as

76

well as webmail as web pages, and uses the apache

77

webserver to serve these pages. They may be accessed by

78

going to XXX http://wizzy/ on the Edubuntu lab LAN.

79

* For a local FTP server, Wizzy uses XXX: vsftpd (XXX: but

80

what is the local FTP server used for?)

81

* In its role as a connection to the internet, the Wizzy

82

server can connect to any ISP with which the school has an

83

account, in order to retrieve web pages. It does not,

84

however, use any email facilities that the ISP may

85

provide: all mail goes through Andy Rabagliati's server in

86

Cape Town using UUCP.

87

* For the sake of data integrity, Wizzy uses a RAID disk

88

system for storage. RAID is a Redundant Array of

89

Inexpensive Disks. It is a way to federate multiple hard

90

disk drives in such a way that the failure of any one disk

91

does not result in data loss.

92

_________________________________________________________

93

94

9.1.2. Wizzy as a classroom server

95

96

The Wizzy project predates Edubuntu labs. It can also be configured

97

to provide a similar range of application serving functions as

98

the Edubuntu lab classroom server provides. In this configuration,

99

it uses the following packages:

100

101

* Like the Edubuntu lab server, Wizzy uses the LTSP packages (

102

Section 6.2) for its thin-client NFS-mounted root

103

directory.

104

* It also uses NFS (the Network FileSystem) for home

105

directories that are NFS-mounted by the thin clients.

106

XXX: I don't know if I'm understanding this correctly.

107

Does Wizzy mount the users' home directories from the

108

classroom server, e.g. in order to server web pages from

109

them?

110

_________________________________________________________

111

112

9.2. Dynamic Host Configuration Protocol

113

114

Every computer on a local area network ( LAN) needs to have a

115

unique IP address (see Section 8.4) so that it may send and

116

receive data. The Dynamic Host Configuration Protocol ( DHCP)

117

is a networking protocol that allocates IP addresses

118

dynamically to computers on a LAN. Without it, an

119

administrator needs to give each client computer a static IP

120

address manually. This may seem simple enough to begin with,

121

but given time, it slowly turns into a nightmare: computers

122

are added, removed or moved about, and the number assignments

123

eventually become arbitrary and troublesome to keep track of.

124

On a network with manually assigned addresses, it's also

125

awkward to connect transient devices such as laptop computers

126

that are also used on many other networks. You have to talk to

127

the system administrator to find out the network

128

configuration, and then check the network to find a free

129

address. With DHCP, it's easy: just plug in an Ethernet cable

130

for the new device, and it will immediately request an IP

131

address from the classroom server, which will assign an unused

132

number to it.

133

134

In an Edubuntu lab, the classroom server is configured as a DHCP

135

server. A system administrator assigns a range of IP addresses

136

to the server. Each client computer on the LAN has its TCP/IP

137

software configured to request an IP address automatically

138

from the DHCP server when that client computer starts up. The

139

request-and-grant process uses a lease concept with a

140

controllable time period. This eases the network installation

141

procedure on the client computer side considerably.

142

143

In addition to the IP address, a DHCP server can set other

144

configuration information, such as the address of the DNS

145

server, the DNS domain of the client, and the gateway IP

146

address, so that the client computer can be fully functional.

147

148

Before I continue, let me explain the concepts I've just

149

introduced. First, the DNS domain: all Linux computers are

150

given a hostname upon installation of the OS, which is used in

151

system messages and configuration. When the computer joins a

152

network, its hostname and the domain of the network together

153

combine to form the Fully Qualified Domain Name ( FQDN) of the

154

computer. In the case of an Edubuntu lab, the FQDN of each

155

workstation will be something like XXX

156

client1.myschool.Edubuntu lab.org.za. The public DNS servers that

157

resolve the domain names of Edubuntu labs on the internet are

158

maintained by SchoolNet

159

http://www.schoolnet.org.za/schoolsurveys/suveys_index.htm

160

161

Secondly, the gateway IP address. In Section 8.3 I explained

162

that the internet is a network of networks. For data packets

163

from a computer on one network to reach a server on another

164

network, there needs to be a gateway that is connected to both

165

networks at once. Usually, the gateway computer will have a

166

network card for every network to which it is connected.

167

168

By default, the LTSP server uses its first network card (

169

eth0, numbered from 0 like most things in the computer world)

170

for the classroom LAN. It runs DHCP on this card, and

171

automatically gives out IP numbers upon request. It then

172

accepts BootP (Boot Protocol) and PXE (Pre-boot eXecution

173

Environment) boot requests, and passes on the Linux kernel to

174

the client using TFTP for the transfer. Once the client has

175

received the kernel, it boots into Linux. The default

176

dhcpd.conf file will support over 200 clients. The LTSP server

177

will not answer DHCP requests over eth1 (with the default

178

settings.)

179

_________________________________________________________

180

181

9.2.1. Files

182

183

The configuration settings for the DHCP server are contained

184

in the /etc directory --- standard Linux location for

185

configuration data --- in the file /etc/dhcpd.conf. XXX which

186

settings in here should be explained?

187

_________________________________________________________

188

189

9.3. Network configuration

190

191

The first network card, eth0, is the interface on the

192

thin-client side of your LTSP server. This network card

193

connects to your terminal hub. The 192.168.0.x address range

194

is designated as a "private" IP range for internal networks.

195

It is not routed on the internet. IP traffic from your clients

196

are routed to the internet through eth1. (Note that if there

197

is a Wizzy server, it will be the one with the two network

198

cards.)

199

200

The classroom server has the last available address in this

201

range, namely 192.168.0.254 ( 192.168.0.255 is the broadcast

202

address: packets sent to this address reach all the computers

203

on the network). The first client will be assigned an IP

204

number of 192.168.0.253. [16]

205

206

(XXX: make a local one) Dialogue (screenshot):

207

http://www.k12ltsp.org/screen7.gif

208

_________________________________________________________

209

210

9.3.1. Wizzy network configuration

211

212

When the Edubuntu lab has a Wizzy server, there are a couple of

213

other aspects to network configuration.

214

215

* Protocols

216

Wizzy Digital Courier relies on standard networking

217

protocols for the interactive portions, linked by UUCP for

218

the intermittent sections.

219

* Mail configuration

220

During installation, you must choose a hostname for the

221

Wizzy server. This hostname will identify the server

222

within the mail domain, which is wizzy.org.za (because

223

Wizzy provides the email infrastructure), so that your

224

complete mail domain becomes myschool.wizzy.org.za (where

225

myschool is the hostname you chose). This means that all

226

the Edubuntu lab users will get email addresses like

227

user@myschool.wizzy.org.za.

228

You will also need to contact Andy Rabagliati at XXX, to

229

tell him your UUCP password, as he must set up mail

230

routing for you.

231

For Edubuntu labs, Wizzy servers have a special configuration

232

available --- accessible by typing the following at the

233

Syslinux boot prompt:

234

boot: linux ks=cdrom:/tsf-ks.cfg

235

_________________________________________________________

236

237

9.4. Network Filesystem

238

239

Edubuntu lab uses NFS, the Network Filesystem, to make the home

240

directories of lab users appear to be local to the client

241

workstations, even though they really reside on the classroom

242

server. The NFS configuration is specified in the file

243

/etc/exports on the classroom server.

244

_________________________________________________________

245

246

9.5. LTSP configuration

247

248

The LTSP configuration is specified in the file lts.conf on

249

the classroom server. For more detail about this file, see

250

Section 13.5.

251

_________________________________________________________

252

253

9.6. tftpboot

254

255

Upon power-up, the BIOS of each client workstation contacts

256

the classroom server, and retrieves the Linux kernel from it

257

via the TFTP protocol. XXX: more detail.

258

_________________________________________________________

259

260

9.7. Users and groups

261

262

All the users of the Edubuntu lab will have accounts on the

263

classroom server. (Additionally, if they have email they will

264

have accounts stored in the Wizzy server's LDAP directory.)

265

266

XXX: who adds them? Root? Using some RedHat config tool?

267

_________________________________________________________

268

269

9.7.1. Permissions

270

271

Access to directories, files and executable programs under

272

Linux is managed in terms of users, groups and permissions.

273

Every user belongs to a group, and every file belongs to a

274

user and a group. The basic permissions are read, write and

275

execute. For every file and directory, these permissions can

276

be set for the user who owns the file, the group, and for all

277

others (i.e. everyone but the owner or the group). For

278

example, here are the permissions of a user's home directory:

279

jean@klippie jean $ ls -ld /home/jean

280

drwxr-xr-x 112 jean users 6664 Des 26 17:31 /home/jean

281

282

The permissions are shown by the string drwxr-xr-x. The first

283

character, d, indicates that this is a directory. You should

284

read the following 9 characters in groups of three, that show

285

the permissions for the owner jean ( rwx), the group users (

286

r-x), and all others ( r-x). In this case, the owner has read

287

( r), write ( w) and execute ( x) permissions, while the group

288

and others only have read and execute permissions. In the case

289

of a directory, execute permissions means that you are allowed

290

to access the contents of the directory. This home directory

291

may therefore be read by everyone, but only the user may

292

change it.

293

294

Here are the permissions on the file that contains the system

295

user database:

296

jean@klippie jean $ ls -l /etc/passwd

297

-rw-r--r-- 1 root root 2118 Des 1 05:32 /etc/passwd

298

299

These indicate firstly that this is a regular file, not a

300

directory (the leading -), and that the owner root has read

301

and write permissions ( rw-), and everyone else have only read

302

permissions ( r--). In effect, this means that only the root

303

user may add, modify or delete users.

304

305

You may further note that the group to which this file belongs

306

is also root. This group only has one member (the root user),

307

and is used for files that are under control of only this

308

unique user.

309

_________________________________________________________

310

311

9.7.1.1. The superuser

312

313

Every Linux machine normally has a user called root, who has

314

all permissions. When a system administrator needs to do

315

maintenance, they log in as root only to make the necessary

316

changes, and then switch to their regular user again.

317

_________________________________________________________

318

319

9.7.2. Retiring users

320

321

XXX: what happens when a user is retired? Is the password just

322

reset, or is the whole home directory and all email deleted?

323

_________________________________________________________

324

325

9.8. Printing

326

327

XXX: Cups ...

328

_________________________________________________________

329

330

9.9. Developing a backup procedure

331

332

The importance of backing up a system can never be stressed

333

enough. You never know when the power may cut out or the hard

334

drive may crash. Even though you can restore the operating

335

system from the distribution CD-ROM, there are other files

336

that you need to consider. What about the configuration

337

changes that you made? There are also files created by users,

338

what about those?

339

340

Follow these steps to create a backup plan:

341

342

1. Make a list of the files and directories that you need

343

backups of. You'll always want to backup system

344

configuration files in the /etc directory, other

345

configuration files may be found in /usr/lib. In addition,

346

you may want to backup user files in the /home directory

347

as well as the superuser ( root) files in /root.

348

2. Find a few tools to use when backing up and archiving

349

files and directories. Several tools are available that

350

will archive a group of files, and there are tools that

351

will compress files and archives.

352

3. Decide how often the system and individual files need to

353

be backed up. How often do your files change? If files

354

change frequently, the your backup frequency should match

355

the change frequency. So, you may need to perform a backup

356

every day. If you only make one or two configuration

357

changes on occasion, you can easily backup the

358

configuration files only when the changes is made.

359

4. Select a storage medium that will store the backup file.

360

If you have a few files to backup, you could just store

361

them on a floppy disk. If you have more files, or larger

362

files, you can consider using a zip drive or a CD-RW

363

drive.

364

5. Store the files in a safe place. The safest place to store

365

the backup media is at a location different from where the

366

computer is located. To be really safe, this location

367

needs to be protected from fire and other hazards. You may

368

also want to keep a copy of the backup files close by so

369

that you can quickly restore lost files.

370

371

Tip: Always make a copy of configuration files before you make

372

any configuration changes. That way, should your new settings

373

not work, you can restore the old configuration files.

374

_________________________________________________________