1
<?xml version="1.0" encoding="utf-8"?>
2
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
3
<!ENTITY % globalent SYSTEM "../../../libs/global.ent">
4
<!-- NAMES --><!ENTITY canonical-name "Canonical Ltd.">
5
<!ENTITY project-name "Ubuntu Documentation Project">
6
<!ENTITY ubuntu "<phrase>Ubuntu</phrase>">
7
<!-- VERSIONS --><!ENTITY distro-version "Gutsy Gibbon">
8
<!ENTITY distro-rev "7.10">
9
<!ENTITY distro-release-date "October 2007">
10
<!ENTITY linux-kernel-version "2.6.22">
11
<!ENTITY gcc-version "4.1.2">
12
<!ENTITY glibc-version "2.5">
13
<!ENTITY python-version "2.5">
14
<!-- AUTHORS --><!ENTITY author-ubuntu-documentation-project SYSTEM "../common/authors/ubuntu-documentation-project.xml">
15
<!ENTITY glossary SYSTEM "../common/C/glossary.xml">
16
<!-- LEGAL URLs --><!ENTITY gpl-url '<ulink url="http://www.gnu.org/licenses/gpl.html">GNU General Public License</ulink>'>
17
<!ENTITY cc "http://creativecommons.org/">
18
<!ENTITY cc-attrib '<ulink url="http://creativecommons.org/licenses/by-sa/2.5/">Attribution-ShareAlike 2.5</ulink>'>
19
<!ENTITY cc-fulldeed-url "http://creativecommons.org/licenses/by-sa/2.5/legalcode/">
20
<!ENTITY fdl-url '<ulink url="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</ulink>'>
21
<!ENTITY cc-disclaimer-url "http://creativecommons.org/licenses/disclaimer-popup?lang=en">
22
<!-- CANONICAL URL RESOURCES --><!ENTITY canonical-url "http://www.canonical.com">
23
<!-- OTHER UBUNTU RELATED RESOURCES --><!ENTITY upstart-url "http://upstart.ubuntu.com">
24
<!-- UBUNTU IRC INFORMATION --><!ENTITY irc-network "Freenode">
25
<!ENTITY irc-server "irc.ubuntu.com">
26
<!ENTITY ubuntu-irc "irc.ubuntu.com channel #ubuntu">
27
<!ENTITY kubuntu-irc "irc.ubuntu.com channel #kubuntu">
28
<!ENTITY xubuntu-irc "irc.ubuntu.com channel #xubuntu">
29
<!ENTITY edubuntu-irc "irc.ubuntu.com channel #edubuntu">
30
<!-- UBUNTU URL RESOURCES --><!ENTITY ubuntu-packages "http://packages.ubuntu.com">
31
<!ENTITY ubuntu-dpkgfile "ubuntu5.10.tar">
32
<!ENTITY ubuntu-web "http://www.ubuntu.com">
33
<!ENTITY ubuntu-main "http://www.ubuntu.com">
34
<!ENTITY ubuntu-download "http://www.ubuntu.com/download">
35
<!ENTITY ubuntu-forums "http://www.ubuntu.com/community/forums">
36
<!ENTITY ubuntu-components "http://www.ubuntu.com/ubuntu/components">
37
<!ENTITY ubuntu-lists "http://lists.ubuntu.com">
38
<!ENTITY ubuntu-wiki "http://wiki.ubuntu.com">
39
<!ENTITY ubuntu-bugzilla "https://launchpad.net/distros/ubuntu/+bugs">
40
<!ENTITY ubuntu-doc-bugs "https://launchpad.net/products/ubuntu-doc/+bugs">
41
<!ENTITY ubuntu-support "http://www.ubuntu.com/support">
42
<!ENTITY ubuntu-paidsupport "http://www.ubuntu.com/support/paid">
43
<!ENTITY ubuntu-freesupport "http://www.ubuntu.com/support/free">
44
<!ENTITY ubuntu-comments "http://www.ubuntuforums.org/showthread.php?p=21787">
45
<!ENTITY ubuntu-documentation "http://help.ubuntu.com">
46
<!ENTITY ubuntu-documentation-repos "https://docteam.ubuntu.com/repos/trunk">
47
<!ENTITY ubuntu-doc-team "https://wiki.ubuntu.com/DocumentationTeam">
48
<!ENTITY ubuntu-doc-list "http://lists.ubuntu.com/mailman/listinfo/ubuntu-doc">
49
<!ENTITY ubuntu-shipit "http://shipit.ubuntu.com">
50
<!ENTITY ubuntu-launchpad "https://launchpad.ubuntu.com">
51
<!ENTITY ubuntu-rosetta "https://launchpad.ubuntu.com/rosetta">
52
<!ENTITY ubuntu-planet "http://planet.ubuntu.com">
53
<!ENTITY ubuntu-philosophy "http://www.ubuntu.com/ubuntu/philosophy">
54
<!ENTITY ubuntu-participate "http://www.ubuntu.com/community/participate/">
55
<!ENTITY ubuntu-marketplace "http://www.ubuntu.com/support/marketplace">
56
<!ENTITY ubuntu-hwdb "http://hwdb.ubuntu.com">
57
<!-- UBUNTU WIKI RESOURCES --><!ENTITY wiki-UserDocumentation "https://help.ubuntu.com/community/UserDocumentation">
58
<!ENTITY restricted-formats "https://help.ubuntu.com/community/RestrictedFormats">
59
<!ENTITY wiki-RestrictedFormats "https://help.ubuntu.com/community/RestrictedFormats">
60
<!ENTITY wiki-XChatHowto "https://help.ubuntu.com/community/XChatHowto">
61
<!ENTITY wiki-RootSudo "https://help.ubuntu.com/community/RootSudo">
62
<!ENTITY wiki-HowToGetHelp "https://help.ubuntu.com/community/HowToGetHelp">
63
<!ENTITY transcode "https://help.ubuntu.com/community/DVDRippingandEncoding">
64
<!ENTITY wiki-Wine "https://help.ubuntu.com/community/Wine">
65
<!ENTITY wiki-Cedega "https://help.ubuntu.com/community/Cedega">
66
<!ENTITY wiki-Nano "https://help.ubuntu.com/community/NanoHowto">
67
<!ENTITY wiki-locoteams "https://wiki.ubuntu.com/LoCoTeamList">
68
<!ENTITY wiki-BasicCommands "https://help.ubuntu.com/community/BasicCommands">
69
<!ENTITY wiki-filepermissions "https://help.ubuntu.com/community/FilePermissions">
70
<!-- KUBUNTU URL RESOURCES --><!ENTITY kubuntu-web "http://www.kubuntu.org">
71
<!ENTITY kubuntu-main "http://www.kubuntu.org">
72
<!ENTITY kubuntu-download "http://releases.ubuntu.com/kubuntu/">
73
<!ENTITY kubuntu-packages "http://packages.ubuntu.com/edgy/">
74
<!ENTITY kubuntu-cdpackages-nodefault "http://people.ubuntu.com/~cjwatson/seeds/kubuntu-edgy/ship">
75
<!ENTITY kubuntu-lists "http://lists.ubuntu.com/archives/kubuntu-users/">
76
<!ENTITY kubuntu-lists-users "http://lists.ubuntu.com/mailman/listinfo/kubuntu-users/">
77
<!ENTITY kubuntu-lists-devel "http://lists.ubuntu.com/mailman/listinfo/kubuntu-devel/">
78
<!ENTITY kubuntu-mirrors "http://distrowatch.com/kubuntu">
79
<!ENTITY kubuntu-forums "http://kubuntuforums.net">
80
<!ENTITY kubuntu-wiki "https://wiki.kubuntu.org">
81
<!ENTITY kubuntu-documentation-site "http://www.kubuntu.org/documentation.php">
82
<!ENTITY kubuntu-wiki-UserDocumentation "https://help.ubuntu.com/community/UserDocumentation">
83
<!ENTITY kubuntu-support "http://www.kubuntu.org/support.php">
84
<!-- XUBUNTU URL RESOURCES --><!ENTITY xubuntu-web "http://www.xubuntu.org">
85
<!ENTITY xubuntu-main "http://www.xubuntu.org">
86
<!ENTITY xubuntu-web-help "http://www.xubuntu.org/help">
87
<!-- DEBIAN RESOURCES --><!ENTITY debian-apt "http://www.debian.org/doc/user-manuals#apt-howto">
88
<!-- EXTERNAL URL RESOURCES --><!ENTITY linmodem "http://www.linmodems.org/">
89
<!ENTITY gnome "http://www.gnome.org/">
90
<!ENTITY linuxorg "http://www.linux.org/">
91
<!ENTITY ooo "http://www.openoffice.org/">
92
<!ENTITY kde "http://www.kde.org/">
93
<!ENTITY lugww "http://lugww.counter.li.org/">
94
<!ENTITY ubuntu-watch "http://distrowatch.com/ubuntu/">
95
<!ENTITY realplayer-download "http://www.real.com/linux/">
96
<!ENTITY nvu-download "http://www.nvu.com/download.html">
97
<!ENTITY sunjava-download "http://java.sun.com/j2se/1.5.0/download.jsp">
98
<!ENTITY xorg "http://www.x.org">
99
<!ENTITY dyndns "http://www.dyndns.org">
100
<!ENTITY shoutcast "http://www.shoutcast.com/">
101
<!ENTITY freedomtoaster "http://www.freedomtoaster.org/">
102
<!ENTITY xfce "http://www.xfce.org/">
103
<!-- ubuntu-screenshots TODO --><!ENTITY kubuntu-screenshots "http://shots.osdir.com/">
104
<!ENTITY mozilla "http://www.mozilla.org/">
105
<!ENTITY mozilla-firefox "http://www.mozilla.org/products/firefox/">
106
<!ENTITY gnu "http://www.gnu.org/">
107
<!ENTITY gnu-philosophy "http://www.gnu.org/philosophy/">
108
<!ENTITY win4lin "http://www.win4lin.com">
109
<!ENTITY codeweavers "http://www.codeweavers.com">
110
<!ENTITY kernel "http://www.kernel.org">
111
<!ENTITY google "http://www.google.com">
112
<!ENTITY kdelook " http://www.kde-look.org">
113
<!ENTITY lulu-store "http://www.lulu.com/ubuntu-doc">
114
<!-- this entity controls the url for addons--><!ENTITY java-download "http://java.sun.com/j2se/1.5.0/download.jsp">
115
<!ENTITY skype-deb "skype_1.2.0.17-1_i386.deb">
116
<!ENTITY skype-download "http://www.skype.com/go/getskype-linux-deb">
117
<!ENTITY scanmodem-gz "scanModem.gz">
118
<!ENTITY scanmodem-url "http://linmodems.technion.ac.il/packages/scanModem.gz">
119
<!ENTITY ext2fs-url "http://www.fs-driver.org/index.html">
120
<!ENTITY mvb-tar "mvb_1.6.tgz">
121
<!ENTITY mvb-url "http://www.xscd.com/pub/mvb/&mvb-tar;">
122
<!-- TLDP --><!ENTITY ldp-pre-install-check "http://tldp.org/HOWTO/Pre-Installation-Checklist/">
123
<!-- LANGUAGES (sorted by two letter code)--><!ENTITY Afar "aa">
124
<!ENTITY Abkhazian "ab">
125
<!ENTITY Afrikaans "af">
126
<!ENTITY Amharic "af">
127
<!ENTITY Arabic "ar">
128
<!ENTITY Assamese "as">
129
<!ENTITY Aymara "ay">
130
<!ENTITY Azerbaijani "az">
131
<!ENTITY Bashkir "ba">
132
<!ENTITY Byelorussian "be">
133
<!ENTITY Bulgarian "bg">
134
<!ENTITY Bihari "bh">
135
<!ENTITY Bislama "bi">
136
<!ENTITY Bangla "bn">
137
<!ENTITY Bengali "bn">
138
<!ENTITY Tibetan "bo">
139
<!ENTITY Breton "br">
140
<!ENTITY Catalan "ca">
141
<!ENTITY Corsican "co">
144
<!ENTITY Danish "da">
145
<!ENTITY German "de">
146
<!ENTITY Bhutani "dz">
148
<!-- <!ENTITY EnglishAmerican 'en'> --><!ENTITY EnglishAmerican "C">
149
<!ENTITY Esperanto "eo">
150
<!ENTITY Spanish "es">
151
<!ENTITY Estonian "et">
152
<!ENTITY Basque "eu">
153
<!ENTITY Persian "fa">
154
<!ENTITY Finnish "fi">
156
<!ENTITY Faeroese "fo">
157
<!ENTITY French "fr">
158
<!ENTITY Frisian "fy">
160
<!ENTITY Gaelic "gd">
161
<!ENTITY ScotsGaelic "gd">
162
<!ENTITY Galician "gl">
163
<!ENTITY Guarani "gn">
164
<!ENTITY Gujarati "gu">
167
<!ENTITY Croatian "hr">
168
<!ENTITY Hungarian "hu">
169
<!ENTITY Armenian "hy">
170
<!ENTITY Interlingua "ia">
171
<!ENTITY Interlingue "ie">
172
<!ENTITY Inupiak "ik">
173
<!ENTITY Indonesian "in">
174
<!ENTITY Icelandic "is">
175
<!ENTITY Italian "it">
176
<!ENTITY Hebrew "iw">
177
<!ENTITY Japanese "ja">
178
<!ENTITY Yiddish "ji">
179
<!ENTITY Javanese "jw">
180
<!ENTITY Georgian "ka">
181
<!ENTITY Kazakh "kk">
182
<!ENTITY Greenlandic "kl">
183
<!ENTITY Cambodian "km">
184
<!ENTITY Kannada "kn">
185
<!ENTITY Korean "ko">
186
<!ENTITY Kashmiri "ks">
187
<!ENTITY Kurdish "ku">
188
<!ENTITY Kirghiz "ky">
190
<!ENTITY Lingala "ln">
191
<!ENTITY Laothian "lo">
192
<!ENTITY Lithuanian "lt">
193
<!ENTITY Latvian "lv">
194
<!ENTITY Lettish "lv">
195
<!ENTITY Malagasy "mg">
197
<!ENTITY Macedonian "mk">
198
<!ENTITY Malayalam "ml">
199
<!ENTITY Mongolian "mn">
200
<!ENTITY Moldavian "mo">
201
<!ENTITY Marathi "mr">
203
<!ENTITY Maltese "mt">
204
<!ENTITY Burmese "my">
206
<!ENTITY Nepali "ne">
208
<!ENTITY Norwegian "no">
209
<!ENTITY Occitan "oc">
213
<!ENTITY Punjabi "pa">
214
<!ENTITY Polish "pl">
215
<!ENTITY Pushto "ps">
216
<!ENTITY Pashto "ps">
217
<!ENTITY Portuguese "pt">
218
<!ENTITY Quechua "qu">
219
<!ENTITY Rhaeto-Romance "rm">
220
<!ENTITY Kirundi "rn">
221
<!ENTITY Romanian "ro">
222
<!ENTITY Russian "ru">
223
<!ENTITY Kinyarwanda "rw">
224
<!ENTITY Sanskrit "sa">
225
<!ENTITY Sindhi "sd">
226
<!ENTITY Sangro "sg">
227
<!ENTITY Serbo-Croatian "sh">
228
<!ENTITY Singhalese "si">
229
<!ENTITY Slovak "sk">
230
<!ENTITY Slovenian "sl">
231
<!ENTITY Samoan "sm">
233
<!ENTITY Somali "so">
234
<!ENTITY Albanian "sq">
235
<!ENTITY Serbian "sr">
236
<!ENTITY Siswati "ss">
237
<!ENTITY Sesotho "st">
238
<!ENTITY Sudanese "su">
239
<!ENTITY Swedish "sv">
240
<!ENTITY Swahili "sw">
242
<!ENTITY Tegulu "te">
245
<!ENTITY Tigrinya "ti">
246
<!ENTITY Turkmen "tk">
247
<!ENTITY Tagalog "tl">
248
<!ENTITY Setswana "tn">
250
<!ENTITY Turkish "tr">
251
<!ENTITY Tsonga "ts">
254
<!ENTITY Ukrainian "uk">
257
<!ENTITY Vietnamese "vi">
258
<!ENTITY Volapuk "vo">
261
<!ENTITY Yoruba "yo">
262
<!ENTITY Chinese "zh">
264
<!ENTITY % cdo-C SYSTEM "../../../libs/cdo-C.ent">
265
<!-- COMMON DOC OBJECTS --><!ENTITY copyright SYSTEM "../common/C/copyright.xml">
266
<!ENTITY conventions SYSTEM "../common/C/conventions.xml">
267
<!ENTITY feedback SYSTEM "../common/C/feedback.xml">
268
<!ENTITY publisher SYSTEM "../common/C/publisher.xml">
269
<!ENTITY disclaimer SYSTEM "../common/C/disclaimer.xml">
270
<!ENTITY inline-ubuntu-icon SYSTEM "../common/C/inlinemediaobject-ubuntu-icon.xml">
271
<!ENTITY inline-ubuntu-icon-header SYSTEM "../common/C/inlinemediaobject-ubuntu-icon-header.xml">
272
<!ENTITY relative-ubuntu-icon SYSTEM "../common/C/mediaobject-relative-ubuntu-icon.xml">
273
<!ENTITY ubuntu-icon SYSTEM "../common/C/mediaobject-ubuntu-icon.xml">
274
<!ENTITY gpl SYSTEM "../common/C/gpl.xml">
275
<!ENTITY fdl SYSTEM "../common/C/fdl.xml">
276
<!ENTITY cc-by-sa SYSTEM "../common/C/ccbysa.xml">
277
<!ENTITY licenses SYSTEM "../common/C/licenses.xml">
278
<!ENTITY legalnotice SYSTEM "../common/C/legalnotice.xml">
279
<!ENTITY klegalnotice SYSTEM "../kubuntu/libs/legalnotice.xml">
280
<!ENTITY % gnome-menus-C SYSTEM "../../libs/edubuntu-menus-C.ent">
281
<!-- MENUS --><!ENTITY % edubuntuent SYSTEM "../../libs/edubuntu.ent">
282
<!-- AUTHORS --><!ENTITY author-edubuntu-documentation-project SYSTEM "../../common/authors/edubuntu-documentation-project.xml">
283
<!-- Edubuntu License --><!ENTITY educopy SYSTEM "../../common/C/educopy.xml">
284
<!ENTITY % xinclude SYSTEM "../../../libs/xinclude.mod">
285
<!ELEMENT xi:include (xi:fallback)?>
286
<!ATTLIST xi:include xmlns:xi CDATA #FIXED "http://www.w3.org/2001/XInclude">
287
<!ATTLIST xi:include href CDATA #REQUIRED>
288
<!ATTLIST xi:include parse (xml | text) "xml">
289
<!ATTLIST xi:include xpointer CDATA #IMPLIED>
290
<!ATTLIST xi:include encoding CDATA #IMPLIED>
291
<!ATTLIST xi:include accept CDATA #IMPLIED>
292
<!ATTLIST xi:include accept-charset CDATA #IMPLIED>
293
<!ATTLIST xi:include accept-language CDATA #IMPLIED>
294
<!ELEMENT xi:fallback ANY>
295
<!ATTLIST xi:fallback xmlns:xi CDATA #FIXED "http://www.w3.org/2001/XInclude">
296
<!ENTITY % local.preface.class "| xi:include">
297
<!ENTITY % local.part.class "| xi:include">
298
<!ENTITY % local.chapter.class "| xi:include">
299
<!ENTITY % local.divcomponent.mix "| xi:include">
300
<!ENTITY % local.para.char.mix "| xi:include">
301
<!ENTITY % local.info.class "| xi:include">
302
<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2001/XInclude'">
303
<!ENTITY language "en">
304
<!ENTITY edubuntu "<phrase>Edubuntu</phrase>">
306
<chapter id="server" status="review">
307
<title>Edubuntu Server and Thin Client Computing</title>
309
<para>Edubuntu Server is almost the same thing as Edubuntu Workstation. It
310
contains all the same great educational programs, and the same ease of use.
311
The only difference is that it also installs, by default, a thin
315
<para>The Edubuntu community has worked very closely with the Linux Terminal
316
Server Project (LTSP), to come up with the next generation thin client solution
317
for GNU/Linux. It comes automatically installed on an Edubuntu server, so
318
you can begin setting up a thin client school lab right out of the box.
321
<para>Thin client computing has been around for a long time in the
322
UNIX world. Although the implementation has evolved quite a bit, the
323
concept has remained the same:
329
<para>The thin client only takes care of the basic functions like
330
display, keyboard, mouse and sound.
336
<para>The server does the heavy weightlifting. All the applications
337
run on the server, and they simply display on the thin
344
<para>Because the thin clients have a limited number of tasks to
345
manage, the hardware for the thin client can be small and cheap.
346
The thin clients themselves are basically maintenance free. They
347
last longer because they have no storage with moving parts like
348
hard disks. If they break no data is lost since nothing is stored
349
on the client itself. Simply swap the client with another one and
350
go back to work. If your thin client is stolen or put in the
351
trash, no data ends up in the hands of unauthorized people.
354
<para>The terminal server runs all applications and contains all
355
the data. All the regular maintenance (software updates,
356
administration) takes place on the terminal server. The number of
357
thin clients that a terminal server can support is proportional to
358
the power of the server. Because GNU/Linux in general, and Edubuntu
359
in particular, make efficient use of resources, you can support a
360
surprising number of thin clients from a machine which might only
361
be considered a powerful single user system running other operating
362
systems. Please see <xref linkend="server-sizing"/> for more
366
<para>In a thin client computing environment, the stability of the
367
server is important. It's important to make sure that your server
368
has good power management, like installing a UPS, and depending on
369
how much availability is required, redundant power supplies may be
370
called for. As well, users who have the resources may decide to
371
invest in multiple disks for RAID support, and other options which
372
may be needed in a High Availability environment. However, you
373
certainly don't need them in all environments, and Edubuntu's high
374
quality means that in all but the most demanding environments, this
379
<sect1 id="server-hw">
380
<title>Hardware Requirements</title>
381
<para>A person setting up a LTSP thin client environment for the
382
first time, typically asks two questions:
386
<para>Will my existing machines work as terminals, or, what should
387
I buy to use as a terminal?
391
<para>How big a server do I need?</para>
394
<para>Chances are, hardware that you already have is more than
395
sufficient for terminals. One of the great advantages of an Edubuntu
396
Server is that you can set up a high quality lab of terminals for your
397
students to use, by leveraging the machines you already have.
398
As for servers, usually, it's very easy
399
to turn any high-end single user desktop machine into a terminal
400
server capable of handling many thin clients. We'll present some
401
guidelines that should help in making the most of your
405
<title>LTSP Thin Client hardware requirements</title>
406
<para>A lot of Edubuntu deployments are in classroom environments,
407
and usually, in these situations, the primary goal is to re-use
408
existing hardware that the school already owns. However,
409
specifically designed thin clients can be used also.
412
<title>Clients</title>
414
<title>Older hardware</title>
415
<para>There are three things to consider when trying to re-use
426
<para>Video Card</para>
432
<para>For using the default, secure mode of LTSP, you'll need to
433
have a slightly faster CPU. Any 233 MHz or better CPU should
434
provide acceptable performance.
436
<para>If you have slower clients, in the range of 133 MHz to 233
437
MHz, you may be able to use them, if you're willing to reduce the
438
security of your thin client network. More information on this is available in
439
<xref linkend="customizing-thin-client"/>.
441
<para>For the best possible performance, a 533 MHz processor will
442
provide a first class thin client desktop experience.
446
<title>Network</title>
447
<para>A thin client boots over the network, using a small program
448
called a network boot loader. This network boot loader is sometimes
449
located on the card itself, or, for older cards without one, the
450
user can provide one on a floppy or CDRom which can be used to boot
453
<para>Three common network boot loaders which can be used
459
<emphasis role="bold">PXE:</emphasis> This one is the most common,
460
and many network cards and motherboards with built-in network cards
461
support this. If you have one of these, you'll be able to boot
462
without any problems.
467
<emphasis role="bold">Etherboot:</emphasis> For older cards that
468
don't have PXE included on them, you can use the Free Software
469
equivalent, Etherboot. This excellent alternative to PXE can either
470
be booted from a floppy, memory stick, or CDRom, or, if you're
471
handy with electronics, be burned onto a EPROM if your card has a
472
socket for one. More information on the project can be found at
473
http://www.etherboot.org, and you can download ready-to-use
474
Etherboot images at http://www.rom-o-matic.org.
479
<emphasis role="bold">Yaboot:</emphasis> For Macintosh PowerPC
480
machines (iMac's and later), you can use the built in Yaboot
487
<title>Video Card</title>
488
<para>Typically, any video card that uses the PCI bus and has 2 MB
489
or more of memory, should make a reasonable client.
495
<sect2 id="server-sizing">
496
<title>Edubuntu Server requirements</title>
497
<para>An Edubuntu/LTSP thin client network is quite scalable; a moderately
498
powerful machine can serve several thin clients, and if you need to
499
add more thin clients, you can either expand the capabilities of
500
the existing server, or, simply add more servers.
503
<title>Recommended specs</title>
504
<para>Server sizing in an LTSP network is more art than science.
505
Ask any LTSP administrator how big a server you need to use, and
506
you'll likely be told "It depends". How big a server you need does depend
508
what it is you're planning on doing with your thin client network.
509
The server requirements needed for a network where the only use
510
will be a little light web-browsing, with no Java or Flash, will be
511
greatly different from a network where you want to do heavy
512
graphics, interactive games, and Flash animation. Here are some
513
common guidelines that should fit most "average" cases.
517
<title>Memory</title>
518
<para>Edubuntu, being a GNU/Linux
519
based operating system, makes efficient use of memory. The usual
520
formula that's used for adding memory to a thin client server
523
<para>256 + (128 * users) MB</para>
524
<para>So, if your target is to have a server with 20 terminals,
527
<para>256 + (128 * 20) = 256 + 2560 = 2816 MB</para>
528
<para>Rounding up, you'll need 3 1 Gig simms. Making sure you've
529
got enough memory is the single most important thing you can do to
530
help the performance of an Edubuntu/LTSP thin client server. If you do not
531
have enough memory in your server, you'll find your server will
532
have to use the hard drive as an overflow "virtual" memory. Hard
533
drives are much slower than memory, so you'll find things getting
534
very slow if this happens.
536
<para>If you intend to make heavy use of graphics work in your curriculum, you
537
may want to add even more, perhaps doubling the previous estimate.
542
<title>Processors</title>
543
<para> How fast a processor you
544
need is entirely dependant on what programs you plan to use.
545
Interactive games require a bit more than say, a word processor. If
546
you plan to use Java and Flash plugins in your web browser, these
547
can consume a lot of processing power. For a "mixed" model, i.e.
548
some people playing TuxMath, a few people browsing the web, and a
549
few people typing in OpenOffice.org, a 2GHz or better processor
550
should be able to adequately handle 20 people with some minor
551
delays. A 3GHz processor would be better.
553
<para>For larger networks, moving to an SMP (Symetric Multi
554
Processing), or multiple CPU server may be advantageous. If you
555
plan to handle 30 or more clients, a newer dual-core Xenon server
556
or dual-core Opteron will provide good results.
558
<para>Remember, if you need to serve a large number of clients, it
559
will be worth your while to configure multiple Edubuntu servers,
560
each handling some of the terminals.
566
<para>It's advisable to use some
567
form of RAID in the terminal servers. Besides saving your data when
568
a single disks fails, it improves the performance (especially read
569
performance, which is the most common type of file access). For
570
people on a budget, setting up software RAID 1, with 2 ATA or SATA
571
disks with NCQ (Native Command Queueing) will provide good results.
572
If you have a bit more money, you might consider using a good SCSI
573
hardware raid controller, with SCSI disks. This will provide you
574
with top notch performance and reliability.
580
<title>Network</title>
581
<para>If you have more then 20 users, it is recommended to use
582
gigabit ethernet connected to a gigabit port on a switch for your LTSP servers. Although normal usage
583
ranges from 0.5 to 2mbit, clients can peak quite high (70mbit),
584
especially when watching multimedia content.
590
<sect1 id="ltsp-theory">
591
<title>Theory of operation</title>
592
<para>Booting a thin client involves several steps.
593
Understanding what is happening along the way will make it much
594
easier to solve problems, should they arise.
596
<para>There are four basic services required to boot an LTSP
597
thin client. They are:
607
<para>NFS or NBD</para>
614
<title>The LTSP chroot environment</title>
615
<para>In order to turn a computer into a thin client, we need to run a mini
616
version of GNU/Linux on the workstation. It needs to boot this mini version
617
of GNU/Linux over the network, since it probably won't have a hard drive on
618
it's own. This mini GNU/Linux installation needs to live somewhere, and the
619
best place for it is on the server.
622
<para>This scaled-down GNU/Linux installation, customized so that it's
623
efficient to boot over the network, is called a
624
<emphasis role="strong">chroot environment</emphasis>. You can have several
625
of them, based upon several different CPU architectures. They'll normally
626
live under <filename>/opt/ltsp</filename> on the server, with subdirectories
627
for each of the architectures. For instance, if you have a lab full of
628
old Power PC Macs, and older PC's, you'll have an
629
<filename>/opt/ltsp/ppc</filename> and an <filename>/opt/ltsp/i386</filename>
630
directory on the server.
632
<para>The reason why it is called a chroot environment is that to install it, the
633
GNU/Linux command <command>chroot</command> is called to actually set the
634
installation root to <filename>/opt/ltsp/</filename><emphasis role="strong">arch</emphasis>.
635
From there, a scaled-down version of the distribution is installed. What this
636
means is that for you to manage the chroot, performing such things as updates,
637
all you need to do is use the <command>chroot</command> command to change
638
the root of your installation. Then you can use all your tools like you
644
<title>The boot process of a thin client</title>
645
<orderedlist spacing="normal">
647
<para>Load the Linux kernel into the memory of the thin client.
648
This can be done several different ways, including:
652
<para>Bootrom (Etherboot,PXE)</para>
658
<para>Harddisk</para>
664
<para>USB Memory Device</para>
667
<para>Each of the above booting methods will be explained later in
672
<para>Once the kernel has been loaded into memory, it will begin
677
<para>The kernel will initialize the entire system and all of the
678
peripherals that it recognizes.
682
<para>This is where the fun really begins. During the kernel
683
loading process, an initramfs image will also be loaded into
688
<para>Normally, when the kernel is finished booting, it will launch
689
the new task launcher
690
<command>upstart</command>, which will handle starting up a server
691
or workstation. But, in this case, we've instructed the kernel to
692
load a small shell script instead. This shell script is called
693
<command>/init</command>, and lives in the root of the
699
<command>/init</command> script begins by mounting /proc and /sys,
701
<command>udev</command> to discover and initialize hardware,
702
especially the network card, which is needed for every aspect of
703
the boot from here on. As well, it creates a small ram disk, where
704
any local storage that is needed (to configure the
705
<filename>xorg.conf</filename> file, for instance) can be written
711
<emphasis role="strong">loopback</emphasis> network interface is
712
configured. This is the networking interface that has
713
<emphasis>127.0.0.1</emphasis> as its IP address.
717
<para>A small DHCP client called
718
<command>ipconfig</command> will then be run, to make another query
719
from the DHCP server. This separate user-space query gets
720
information supplied in the dhcpd.conf file, like the nfs root
721
server, default gateway, and other important parameters.
726
<command>ipconfig</command> gets a reply from the server, the
727
information it receives is used to configure the ethernet
728
interface, and determine the server to mount the root
733
<para>Up to this point, the root filesystem has been a ram disk.
735
<command>/init</command> script will mount a new root filesystem via
736
either NBD or NFS. In the case of NBD, the image that is normally
737
loaded is <filename>/opt/ltsp/images/i386.img</filename>. If the root is mounted
738
via NFS, then the directory that is exported from the server is typically
739
<filename>/opt/ltsp/i386</filename>. It can't just mount the new
740
filesystem as /. It must first mount it to a separate directory. Then,
742
<command>run-init</command>, which will swap the current root
743
filesystem for a new filesystem. When it completes, the
744
filesystem will be mounted on /. At this point, any directories
745
that need to be writable for regular startup to occur, like /tmp,
746
or /var, are mounted at this time.
750
<para>Once the mounting of the new root filesystem is complete, we
751
are done with the /init shell script and we need to invoke the real
752
<command>/sbin/init</command> program.
757
The <command>init</command> program will read the
758
<filename class="directory">/etc/event.d</filename> directory and
759
begin setting up the thin client environment. From there, upstart
760
will begin reading the startup commands in
761
<filename class="directory">/etc/rcS.d</filename>.
766
It will execute the <command>S32ltsp-client-setup</command> command
767
which will configure many aspects of the thin client environment, such as
768
checking if local devices need starting, loading any specified modules, etc.
773
Next, the <command>init</command> program will begin to execute commands
774
in the <filename class="directory">/etc/rc2.d</filename> directory
778
<para>One of the items in the
779
<filename class="directory">/etc/rc2.d</filename> directory is the
780
<command>S20ltsp-client-core</command>command that will be run while the
781
thin client is booting.
786
<filename>lts.conf</filename> file will be parsed, and all of the
787
parameters in that file that pertain to this thin client will be
788
set as environment variables for the
789
<command>S20ltsp-client-core</command> script to use.
793
<para>If Sound is configured at this point, the
794
<command>pulseaudio</command> daemon is started, to allow remote
795
audio connections from the server to connect and play on the
800
<para>If the thin client has local device support enabled, the
801
<command>ltspfsd</command> program is started to allow the server to
802
read from devices such as memory sticks or CD-Roms attached to the
807
<para>At this point, any of the screen sessions you've defined in your
808
<filename>lts.conf</filename> will be executed.
810
<para>Screen sessions are what you want to launch on all of the virtual
811
screens on your terminal. These are the standard virtual screens that
812
all GNU/Linux distros have, i.e. alt-F1, through alt-F10.
814
<para>By default, a standard character based getty will be run on
815
screen 1 (SCREEN_01 in the <filename>lts.conf</filename> file).
818
As well, if nothing else is specified in the <filename>lts.conf</filename>
819
file, an <command>ldm</command> screen script is run on SCREEN_07. The
820
LTSP Display Manager (<command>ldm</command>) is the default login manager
826
<emphasis role="strong">SCREEN_07</emphasis> is set to a value of
827
<emphasis role="strong">ldm</emphasis>, or
828
<emphasis role="strong">startx</emphasis>, then the
829
X Windows System will be launched, giving you a graphical user
832
<para>By default, the Xorg server will auto-probe the card, create
833
a default <filename>/etc/X11/xorg.conf</filename> file on the ramdisk
834
in the terminal, and start up xorg with that custom config.
839
The X server will either start an encrypted <command>ssh</command>
840
tunnel to the server, in the case of <command>ldm</command>, or an an
841
XDMCP query to the LTSP server, in the case of startx. Either way, a login
842
box will appear on the terminal.
846
<para>At this point, the user can log in. They'll get a session on
849
<para>This confuses a lot of people at first. They are sitting at a
850
thin client, but they are running a session on the server. All
851
commands they run will be run on the server, but the output will
852
be displayed on the thin client.
859
<title>Network booting the thin client</title>
861
<para>Getting the thin client to boot over the network can be
862
accomplished in a variety of ways:
867
<para>Boot ROM</para>
870
<para>Local media</para>
875
<title>Boot ROM</title>
877
<para>Depending on your network card, it may already contain a boot ROM, or
878
you may be able to use an EPROM programmer to create your own. Check the
879
hardware documentation for the network card in your thin client for details.
883
<title>Etherboot</title>
885
<para>Etherboot is a very popular open-source bootrom project. It
886
contains drivers for many common network cards, and works very well
890
<para>ROM images suitable for booting from floppy, CD-ROM, etc., can be
891
obtained from http://www.rom-o-matic.org
894
<para>Linux kernels must be tagged with the
895
<command>mknbi-linux</command>, which will prepare the kernel for
896
network booting, by prefixing the kernel with some additional code,
897
and appending the initrd to the end of the kernel.
899
<para>The kernels that are supplied with Edubuntu/LTSP are already tagged,
900
and ready to boot with Etherboot.
906
<para>Part of the 'Wired for Management' specification from the
907
late 1990's included a specification for a bootrom technology known
909
<emphasis>Pre-boot Execution Environment</emphasis> commonly
910
abbreviated as <emphasis role="strong">PXE</emphasis>.
912
<para>A PXE bootrom can load at most a 32 kilo-byte file. A Linux
913
kernel is quite a bit larger than that. Therefore, we setup PXE to
914
load a 2nd stage boot loader called
915
<emphasis role="strong">pxelinux</emphasis>, which is small
916
enough to be loaded. It knows how to load much larger files,
917
such as a Linux kernel.
923
<title>Local media</title>
924
<para>If your network card in the thin client doesn't have a boot ROM built
925
in, and you don't have access to an EPROM burner, have no fear! Chances
926
are, that old machine has a floppy drive, or CD-ROM in it. If so, then you
927
can use local media to boot the thin client.
931
<title>Floppy disk</title>
933
<para>Booting Etheboot from a floppy is an excellent way of booting
934
an LTSP thin client that doesn't have a boot ROM.
935
Etherboot is loaded in the boot sector of the floppy.
936
Then, it will act just like a bootrom. The boot code will be
937
executed, the network card will be initialized, and the kernel will
938
be loaded from the network server.
943
<title>Hard disk</title>
944
<para>The hard disk can be used with LILO or GRUB, to load the
945
Linux kernel and initrd. You can also load the Etherboot bootrom
946
image from the hard disk, and it will act like a bootrom.
951
<title>CD-ROM</title>
952
<para>A bootable CD-ROM can be loaded either with a Linux kernel,
953
or an Etherboot image.
958
<title>USB Memory device</title>
959
<para>Just like a CD-ROM, Floppy disk and Hard disk, you can use a
960
USB Memory device to boot an Etherboot module.
968
<sect1 id="customizing-thin-client">
969
<title>Customizing thin client behaviour</title>
970
<para>By default, most thin clients will automatically configure themselves
971
correctly, and just work when they're plugged in. However, sometimes you
972
may wish to customize their behavior. You would do this by editing the
973
<filename>lts.conf</filename> file.
976
<title>Format of the lts.conf file</title>
977
<para>When LTSP was designed, one of the issues that needed to be
978
dealt with was varying hardware configurations for the
979
thin client. Certainly, whatever combination of processor, network
980
card and video card available today would not be available in 3
981
months, when you want to add more thin clients to the
984
<para>So, LTSP.org devised a way of specifying the configuration of
985
each thin client. The configuration file is called
986
<filename>lts.conf</filename> and it lives in the
987
<filename class="directory">
992
<para>The format of the lts.conf allows for 'default' settings and
993
individual thin client settings. If all of your thin clients are
994
identical, you could specify all of the configuration settings in
995
the '[Default]' section.
998
<title>Section headings</title>
999
<para>Section headings begin with an identifier in square brackets.
1000
the identifier can be one of:
1004
<para>a mac address for a workstation, in the form of XX:XX:XX:XX:XX:XX,
1005
where X is the digits 0-9, or A-F. You can usually read the mac
1006
address for a network card from a sticker on the card itself, or
1007
use some kind of network tool to discover it. The <command>ifconfig</command>
1008
can tell you the mac address of your network cards.
1012
<para>an IP address. You'll need to statically assign host IP addresses
1013
for this to work, as by default, Edubuntu ships with a
1014
<filename>dhcpd.conf</filename> that hands out dynamic addresses.
1015
This means there's no guarantee which host will get what IP
1020
<para>a hostname. Same issue as an IP address, but additionally, you
1021
must have either defined the hostname in DNS, or in <filename>/etc/hosts</filename>.
1025
<para>The special section heading [Default]. This section can set defaults
1026
that apply to all terminals.
1032
<title>Variable Assignments</title>
1033
<para>After the section heading, you can then define variables. Variables are
1034
ether boolean values, requiring a True/False or Y/N answer. Note that you
1035
can either use True or False, Yes or No, or Y or N. Whichever you prefer.
1036
Other variables may simply be strings, supplied after the = sign. The general
1037
format of an assignment looks like:
1040
BOOLEAN_VARIABLE = True
1041
STRING_VARIABLE = Information
1043
<para>Comments can be inserted into the file for your documentation purposes.
1044
Comments start with a # character, and everything after the # for the
1045
rest of the line is considered a comment.
1049
<title>Location of the lts.conf filename</title>
1050
<para>In order to speed up LTSP, by default, we're using NBD (Network Block
1051
Devices) rather than NFS. The <filename class="directory">/opt/ltsp/i386</filename>
1052
still exists, but now, it's compressed into a squashfs image, so it's much
1053
smaller than simply exporting via NFS. This means that the client uses less
1054
network bandwidth than before. However, it would mean that every time you
1055
change the <filename>lts.conf</filename> file, you'd have to re-create this
1056
image using the command <command>ltsp-update-image</command>. This takes a while
1057
to do. So, in order to avoid this, we've moved the <filename>lts.conf</filename> file
1058
to the TFTP directory, in <filename class="directory">/var/lib/tftpboot/ltsp/i386</filename>.
1059
This means you can make changes to the file immediately, and simply reboot the terminal, without
1060
recompiling the image.
1064
<title>About using NBD instead of NFS</title>
1065
<para>Using NBD instead of NFS has several advantages:</para>
1068
<para>Using a squashfs image we can now merge that together in a unionfs to get writeable
1069
access which is a lot faster during bootup.
1073
<para>A squashed root filesystem uses less network bandwidth.
1077
<para>Many users and administrators have asked us to eliminate NFS, for reasons of
1078
site policy. Since the squashed image is now served out by <command>nbd-server</command>,
1079
which is an entirely userspace program, and is started as the user nobody, this
1080
should help to eliminate concerns over NFS shares.
1084
<para>However, some people still want to use NFS. Fortunately, it's easy to switch back to NFS, if it's
1089
<para>On the server, use the <command>chroot</command> command to maintain the LTSP chroot:
1091
sudo chroot /opt/ltsp/i386
1096
<para>Now edit <filename>/etc/default/ltsp-client-setup</filename>
1097
and change the value of the root_write_method variable to use bind mounts
1098
instead of unionfs, it should look like this afterwards:
1100
root_write_method="bind_mounts"
1105
<para>Next, create the file <filename>/etc/initramfs-tools/conf.d/ltsp</filename>
1106
and add the following line (set the value of the BOOT variable to nfs):
1113
<para>Regenerate the initramfs:
1120
<para>Hit CTRL-D to exit the chroot now. Make sure LTSP uses the new initramfs to boot:
1122
sudo ltsp-update-kernels
1129
<title>Sample lts.conf file</title>
1130
<para>Here is an example of the lts.conf file:
1133
# Global defaults for all clients
1134
# if you refer to the local server, just use the
1135
# "server" keyword as value
1136
# see lts_parameters.txt for valid values
1147
#[MAC ADDRESS]: Per thin client settings
1151
X_MOUSE_DEVICE=/dev/ttyS0
1152
X_MOUSE_PROTOCOL=intellimouse
1155
# A Thin Client Print server
1156
# (switch off X by pointing tty7 to shell,
1157
# to save ressources)
1160
PRINTER_0_DEVICE=/dev/usblp0
1164
# A workstation that executes a specific
1165
# command after login
1168
LDM_REMOTECMD=/usr/bin/myloginscript
1174
<title>The LDM display manager</title>
1175
<para>The LTSP Display Manager, or <command>ldm</command> is the display
1176
manager specifically written by the LTSP project to handle logins
1177
to a GNU/Linux server. It is the default display manager for LTSP thin
1178
clients running under Edubuntu, and has a lot of useful features:
1182
<para>It is written in C, for speed and efficiency on low end clients.
1186
<para>It supports logging in via either a greeter (a graphical login
1187
application) or autologin.
1191
<para>It can be configured to encrypt X Windows traffic, for increased
1192
security, or leave it unencrypted, for better performance on slower
1197
<para>It contains a simple load-balancing system, to allow the system
1198
administrator to allow load balancing across several servers.
1202
<para>We'll go over the <filename>lts.conf</filename> entries you'll need to
1203
control these features below.
1206
<title>Theory of operation</title>
1207
<para>To help understand the following sections, a bit of an explanation
1208
of how <command>ldm</command> does it's work is needed. Most thin
1209
client display managers tend to run up on the server. The
1210
<command>ldm</command> display manager is unique in that it runs on
1211
the thin client itself. This allows the thin client to have a lot
1212
of choice as to how it will set up the connection. A typical login
1213
session goes as follows:
1217
<para><command>ldm</command> launches and starts up the X Windows
1218
display on the thin client.
1222
<para><command>ldm</command> starts up the greeter, which is a
1223
graphical program which presents the user with a nice login
1224
display and allows them to select their session, language,
1225
and host they'd like to log into.
1229
<para><command>ldm</command> collects the information from the greeter,
1230
and starts an ssh session with the server. This ssh connection
1231
is used to create an ssh master socket, which is used by all
1232
subsequent operations.
1236
<para>Now, the users selected session is started via the master
1237
socket. Depending on whether or not an encrypted connection
1238
has been requested, via the LDM_DIRECTX parameter, the session
1239
is either connected back to the local display via the ssh tunnel,
1240
or via a regular TCP/IP connection.
1244
<para>During the session, any memory sticks, or other local devices
1245
that are plugged in, communicate their status to the server via
1246
the ssh control socket.
1250
<para>When the user exits the session, the ssh connection is closed
1251
down, the X server is stopped, and <command>ldm</command> restarts
1252
itself, so everything starts with a clean slate.
1258
<title>Encrypted versus unencrypted sessions</title>
1259
<para>By default, LTSP5 encrypts the X session between the server. This
1260
makes your session more secure, but at the cost of increased processing
1261
power required on the thin client and on the server. If processing
1262
power is a concern to you, it's very easy to specify that the connection
1263
for either an individual workstation, or the default setting should use
1264
an unencrypted connection. To do so, simply specify:
1269
<para>in your <filename>lts.conf</filename> file in the appropriate stanza.
1273
<title>Auto login features</title>
1274
<para>This new version of LDM supports auto login of accounts, if
1275
specified in the <filename>lts.conf</filename> file. Simply
1276
create a config stanza for each of the terminals you want to log
1277
in automatically (you can use either MAC address, IP address, or
1278
hostname) and specify the variable <command>LDM_USERNAME</command>
1279
and <command>LDM_PASSWORD</command>. Note that you must have created
1280
these accounts on the server, with the passwords specified. An example
1281
will serve to illustrate how to use this:
1285
LDM_USERNAME=station1
1286
LDM_PASSWORD=sekrit1
1289
LDM_USERNAME=station2
1290
LDM_PASSWORD=sekrit2
1294
<title>Load balancing features</title>
1295
<para>In this version of LTSP, there's a simple load-balancing solution
1296
implemented that allows administrators to have multiple Edubuntu
1297
servers on the network, and allow the thin client to pick which
1298
one of the servers it would like to log into.
1300
<para>The host selection system is simple and flexible enough to allow
1301
administrators to implement their own policy on how they want
1302
the load balancing to happen: either on a random, load-based, or
1303
round robin system. See <xref linkend="multiple-server-setup"/>
1309
<title>General thin client parameters</title>
1310
<para>There are several variables that one can define in the lts.conf file
1311
which control how the thin client interacts with the server. These
1317
<command>SERVER</command>
1320
<para>This is the server that is used for the XDM_SERVER,
1321
TELNET_HOST, XFS_SERVER and SYSLOG_HOST, if any of those are not
1322
specified explicitly. If you have one machine that is acting as the
1323
server for everything, then you can just specify the address here
1324
and omit the other server parameters. If this value is not set, it
1325
will be auto detected.
1331
<command>SYSLOG_HOST</command>
1334
<para>If you want to send logging messages to a machine other than
1335
the default server, then you can specify the machine here. If this
1336
parameter is NOT specified, then it will use the 'SERVER' parameter
1343
<command>NBD_SWAP</command>
1347
<command>Y</command> if you want to turn on NBD swap. The default is
1348
<command>Y</command>.
1354
<command>SWAP_SERVER</command>
1357
<para>The NBD swap server can exist on any server on the network
1358
that is capable of handling it. You can specify the IP address of
1359
that server. The default is whatever the value of SERVER set
1366
<command>NBD_PORT</command>
1369
<para>The port on which NBD swapping will occur. This is set to
1376
<command>USE_LOCAL_SWAP</command>
1379
<para>If you have a hard drive installed in the thin client, with a
1380
valid swap partition on it, this parameter will allow the thin
1381
client to swap to the local hard drive. The default is
1382
<command>N</command>.
1388
<command>DNS_SERVER</command>
1391
<para>Used to build the resolv.conf file. Not needed by
1398
<command>SEARCH_DOMAIN</command>
1401
<para>Used to build the resolv.conf file.</para>
1406
<command>SOUND</command>
1409
<para>This parameter enables sound for the thin client. The default is
1410
<command>Y</command>.
1416
<command>LOCALDEV</command>
1419
<para>This parameter enables local devices support, like CD's and
1420
USB sticks. Users plugging them in should see them on the desktop,
1421
after they've been added to the fuse group on the server. You can do
1424
<guimenu>System</guimenu>
1425
<guisubmenu>Administration</guisubmenu>
1426
<guimenuitem>Users and Groups</guimenuitem>
1428
selecting the user, clicking on "Properties", the going into the
1429
"User Privileges" tab, and making sure the "Allow use of FUSE filesystems..."
1430
box is checked. The default is:
1431
<command>Y</command>.
1438
<title>Screen Scripts</title>
1439
<para>Screen scripts are how LTSP determines what type of login will run
1440
on what virtual screen. Most GNU/Linux machines have 12 virtual consoles,
1441
which you can access by pressing Control-Alt-F1, through Control-Alt-F12.
1442
There is a text based getty that is started on screen 1, but you normally
1443
can't log into it, as there are no local users on the thin client.
1446
However, for debugging purposes, you may want to set up root to log in
1447
on the thin client. You may need to do this if you're debugging problems
1448
with local devices, for example. Fortunately, it's easy to do: on the server,
1449
just chroot into the LTSP chroot, and set the password with passwd.
1452
sudo chroot /opt/ltsp/i386
1455
<para>By default, if there's nothing else mentioned in <filename>lts.conf</filename>,
1456
an LDM session will be started on screen 7.
1459
<title>Parameters relating to screen scripts</title>
1462
<command>SCREEN_01</command> thru
1463
<command>SCREEN_12</command>
1466
<para>Up to 12 screen scripts can be specified for a thin client.
1467
This will give you up to 12 sessions on the thin client, each
1468
accessible by pressing the Ctrl-Alt-F1 through Ctrl-Alt-F12 keys.
1474
<para>Currently, possible values include:
1478
<emphasis role="bold">ldm</emphasis>: This is the default display
1479
manager. It collects a username and password, and then establishes
1480
a secure, encrypted tunnel to the server via
1481
<command>ssh</command>. This should be good for most environments.
1482
Edubuntu deployments with lower-powered clients or servers
1483
may find that the extra overhead involved in encrypting the X
1484
traffic might slow their sessions, and may wish to enable the
1485
<command>LDM_DIRECTX</command> parameter described in <xref linkend="ldm"/>
1490
<emphasis role="bold">sdm</emphasis>: Similar in functionality to
1491
ldm, but a little less graphically intensive.
1496
<emphasis role="bold">startx</emphasis>: Older X connection requiring
1497
the use of XDMCP to connect to the server. Some legacy installations
1498
may want to use it, however, the intruduction of the <command>LDM_DIRECTX</command>
1499
parameter has eliminated much of the need to run it.
1500
Enabling this will require you to turn on XDMCP for the
1501
<command>gdm</command> login manager. As an administrative user, go
1504
<guimenu>System</guimenu>
1505
<guisubmenu>Administration</guisubmenu>
1506
<guimenuitem>Login Window</guimenuitem>
1508
and in the "Remote" tab, change the drop down to
1509
"Same as local". Additionally, you may wish to click on the
1510
"Configure XDMCP" button on the lower corner, and increase the
1511
"Maximum remote sessions" to something a little higher than the
1512
number of thin clients you have.
1513
<emphasis role="bold">Please note that doing this means local
1514
devices will not work for you, as they rely on the ssh
1515
tunnel that ldm provides.
1521
<emphasis role="bold">telnet</emphasis>: Text screen telnet into
1522
whatever host TELNET_HOST is set to. See below for an explanation.
1527
<emphasis role="bold">shell</emphasis>: spawns a shell on the thin
1528
client. Useful for testing.
1533
<emphasis role="bold">rdesktop</emphasis>: spawns an rdesktop session
1534
to a remote windows server. Note that you must have the <command>rdeskop</command>
1535
package installed in the chroot.
1539
Look in the <filename class="directory">/opt/ltsp/i386/usr/lib/ltsp/screen.d</filename>
1540
directory for more scripts, or write your own, and put them there.
1546
<command>TELNET_HOST</command>
1549
<para>If the thin client is setup to have a character based
1550
interface, then the value of this parameter will be used as the
1551
host to telnet into. If this value is NOT set, then it will use the
1553
<command>SERVER</command> above.
1561
<title>Modules and startup scripts</title>
1562
<para>For the most part, LTSP does a very good job of detecting what hardware's on
1563
your thin client. However, it's possible that you may want to manually specify
1564
a kernel module to load after boot. Alternatively, you may have a script you've
1565
written that you've put in the chroot, and want to make sure gets run at startup.
1566
LTSP provides some hooks to allow you to do this.
1571
<command>MODULE_01</command> thru
1572
<command>MODULE_10</command>
1575
<para>Up to 10 kernel modules can be loaded by using these
1576
configuration entries. The entire command line that you would use
1577
when running insmod can be specified here. For example:
1579
MODULE_01 = uart401.o
1580
MODULE_02 = "sb.o io=0x220 irq=5 dma=1"
1584
<para>If the value of this parameter is an absolute pathname, then
1585
<command>insmod</command> will be used to load the module.
1587
<command>modprobe</command> will be used.
1589
<para>In normal circumstances, you shouldn't need to specify
1590
anything here, as most hardware will be auto-detected.
1596
<command>RCFILE_01</command> thru
1597
<command>RCFILE_10</command>
1600
<para>Additional RC scripts can be executed by the
1601
<command>ltsp-client-setup</command> script. Just put the script in the
1602
<filename>/opt/ltsp/i386/etc/init.d</filename> directory, and
1603
specify the name of the script in one of these entries.
1610
<title>X-Windows parameters</title>
1611
<para>Setting up X windows on the thin client's normally a pretty easy operation.
1612
The thin client uses X.org's own auto configuration mode to let X determine
1613
what it thinks is installed in the box. The thin client just runs the command
1614
<command>Xorg -configure</command>, and then uses that output, slightly
1615
modified, for the X config file.
1617
<para>However, sometimes, this doesn't always work. Either due to strange/buggy
1618
hardware, or buggy drivers in X.org, or because X detects default settings that
1619
you don't want. For instance, it may detect that your monitor is capable of doing
1620
1280x1024, but you'd prefer it to come up in 1024x768 resolution. Fortunately,
1621
you can tweak individual X settings, or, alternatively, simply provide your own
1622
<filename>xorg.conf</filename> to use.
1625
<title>X.org configuration</title>
1628
<command>X_CONF</command>
1631
<para>If you want to create your own complete X.org config file, you
1632
can do so and place it in the
1633
<filename class="directory">/opt/ltsp/i386/etc/X11</filename> directory. Then, whatever you
1634
decide to call it needs to be entered as a value for this
1635
configuration variable. For example:
1637
X_CONF = /etc/X11/my-custom-xorg.conf
1639
Note that for the thin client, you reference it from <filename class="directory">/etc/X11</filename>.
1645
<command>X_RAMPERC</command>
1648
<para>Some programs allocate a large amount of ram in the X.org server running on your thin
1649
client. Programs like <command>Firefox</command> and <command>Evince</command> can use
1650
up so much ram, that they eventually exhaust all your physical ram, and NBD swap, causing
1651
your thin client to crash. If you find your clients being booted back to a login prompt,
1652
or freezing up when viewing certain PDF's or web pages, this may be the problem.
1654
<para>The X_RAMPERC variable stands for X RAM PERCent, and is a number between 0 and 100 that
1655
specifies how much of the free space on your thin client X.org is allowed to consume. You'll
1656
generally want to set it at something lower than 100 percent, if you're having problems.
1657
Experimentation has shown a value between 80 and 90 will usually keep the terminal alive.
1658
What will then happen is the program consuming the memory will die, as opposed to the thin client
1659
itself. If you're having unexplained terminal problems, specifying:
1663
in your <filename>lts.conf</filename> file may improve things.
1669
<command>XDM_SERVER</command>
1672
<para>If you're using the older <command>startx</command> screen script, and need to specify a different
1673
server, then you can specify the server here. If this parameter is
1674
NOT specified, then it will use the 'SERVER' parameter described
1681
<command>XSERVER</command>
1684
<para>You can use this parameter to override which X server the thin client will run. For PCI
1685
and AGP video cards, this parameter should not be required. The
1686
thin client should normally be able to
1687
auto-detect the card.
1689
<para>If, for some reason you do need to manually set it, here are
1700
<para>atimisc</para>
1706
<para>cirrus_alpine</para>
1712
<para>cirrus_laguna</para>
1745
<para>neomagic</para>
1748
<para>newport</para>
1763
<para>rendition</para>
1766
<para>riva128</para>
1772
<para>s3virge</para>
1778
<para>siliconmotion</para>
1793
<para>trident</para>
1821
<command>X_MOUSE_DEVICE</command>
1824
<para>This is the device node that the mouse is connected to. If it
1825
is a serial mouse, this would be a serial port, such as
1826
<command>/dev/ttyS0</command> or
1827
<command>/dev/ttyS1</command>. This is not needed for PS/2 or USB
1828
mice, as they are auto-detected.
1834
<command>X_MOUSE_PROTOCOL</command>
1837
<para>Should be auto-detected. However, valid entries
1848
<para>vsxxxaa</para>
1851
<para>spaceorb</para>
1854
<para>spaceball</para>
1857
<para>magellan</para>
1860
<para>warrior</para>
1863
<para>stinger</para>
1866
<para>mousesystems</para>
1869
<para>sunmouse</para>
1872
<para>microsoft</para>
1878
<para>mouseman</para>
1881
<para>intellimouse</para>
1884
<para>mmwheel</para>
1890
<para>h3600ts</para>
1893
<para>stowawaykbd</para>
1896
<para>ps2serkbd</para>
1899
<para>twiddler</para>
1902
<para>twiddlerjoy</para>
1909
<command>X_MOUSE_EMULATE3BTN</command>
1912
<para>Normally unset, may need to be set to
1913
<command>Y</command> for certain 2 button mice.
1919
<command>X_COLOR_DEPTH</command>
1922
<para>This is the number of bits to use for the color depth.
1924
<command>8</command>,
1925
<command>16</command>,
1926
<command>24</command> and
1927
<command>32</command>. 8 bits will give 256 colors, 16 will give
1928
65536 colors, 24 will give 16 million colors and 32 bits will give
1929
4.2 billion colors! Not all X servers support all of these values.
1930
The default value for this is
1931
<command>24</command>.
1937
<command>USE_XFS</command>
1940
<para>You have a choice of running the X Font Server (XFS) or
1941
reading the fonts through the file system. XFS has been pretty much
1942
superceeded by the RENDER extention of X.org, but for special cases, you
1944
The 2 values for this option are
1945
<command>Y</command> and
1946
<command>N</command>. The default value is
1947
<command>N</command>. If you do want to use a font server, then you
1949
<command>XFS_SERVER</command> entry to specify which host will act
1956
<command>XFS_SERVER</command>
1959
<para>If you are using an X Font Server to serve fonts, then you
1960
can use this entry to specify the IP address of the host that is
1961
acting as the font server. If this is not specified, it will use
1962
the default server, which is specified with the
1963
<command>SERVER</command> entry described above.
1969
<command>X_HORZSYNC</command>
1972
<para>This sets the X.org
1973
<command>HorizSync</command> configuration parameter. This should be
1974
auto-detected for your monitor, however, if you want to force a
1975
lower resolution, use this parameter to do so.
1981
<command>X_VERTREFRESH</command>
1984
<para>This sets the X.org
1985
<command>VertRefresh</command> configuration parameter. This should
1986
be auto-detected for your monitor. If you need to force a
1987
lower resolution, use this parameter to do so.
1993
<command>X_VIDEORAM</command>
1996
<para>This sets the X.org
1997
<command>VideoRam</command> configuration parameter. This should
1998
be auto-detected for your monitor. If you need to force a
1999
different video ram setting, use this parameter to do so.
2005
<command>X_OPTION_01 through X_OPTION_12</command>
2008
<para>This allows you to specify
2009
<command>Option</command> settings in the <filename>xorg.conf</filename> file, to
2010
add options to the video driver. A common use for this will be to test
2011
turning off accelleration in your driver, if you're having trouble. An example usage
2014
X_OPTION_01 = "\"NoAccel\""
2015
X_OPTION_02 = "\"AnotherOption\" \"True\""
2016
</screen>. You probably won't need these except in special circumstances.
2022
<command>X_MODE_0, X_MODE_1, and X_MODE_2</command>
2025
<para>These sets the X.org
2026
<command>ModeLine</command> configuration. For example, if your
2027
thin client comes up in a higher resolution than what you want,
2028
say, 1280x1024, specifying:
2032
should get your desired resolution on startup.
2039
<title>Printer configuration parameters</title>
2040
<para>Sometimes, it's convenient to hang a printer off of a thin
2041
client in a lab, so that the computer lab has access to local
2042
printing resources. Fortunately, LTSP can accomodate printing
2045
<para>LTSP can connect up to 3 printers per workstation to the network
2046
via a small daemon called JetPipe. Both parallel and USB printers
2047
are supported. JetPipe makes the printer
2048
look like a standard HP Jet Direct printer interface. You can then
2049
create any cups printer on your server, and point it at the printer
2050
via a Jet Direct connection.
2052
<para>In your <filename>dhcpd.conf</filename> file that controls your
2053
thin client IP assignments, you'll want to assign a static IP
2054
for the terminal with the printers, to guarentee that it gets
2055
the same IP address every time it boots. Otherwise, your printing
2056
won't work if the terminal leases a different IP address.
2059
<title>Printing related parameters</title>
2062
<command>PRINTER_0_DEVICE</command>
2065
<para>The device name of the printer. Names such as
2066
<command>/dev/lp0</command>, or
2067
<command>/dev/usblp0</command> are allowed.
2073
<command>PRINTER_0_PORT</command>
2076
<para>The TCP/IP Port number to use. By default, it will use '
2077
<command>9100</command>', for PRINTER_0_DEVICE, '<command>9101</command>' for PRINTER_1_DEVICE, and
2078
'<command>9102</command>' for PRINTER_2_DEVICE.
2085
<title>Keyboard parameters</title>
2086
<para>All of the keyboard support files are copied into the
2087
/opt/ltsp/i386 hierarchy, so configuring international keyboard
2088
support is simply a matter of configuring X.org. There are several
2089
configuration parameters for this.
2091
<para>The values for the above parameters are from the X.org
2092
documentation. Whatever is valid for X.org is valid for these
2095
<para>We would like to add documentation to show what values are
2096
needed for each type of international keyboard. If you work with
2097
this and can configure your international keyboards, feedback to
2098
Edubuntu would be greatly appreciated.
2103
<command>CONSOLE_KEYMAP</command>
2106
<para>Allows you to specify a valid console keymap for TELNET_HOST
2107
sessions. Default is
2108
<command>en</command>.
2114
<command>XKBLAYOUT</command>
2117
<para>Consult the X.org documentation for valid settings.</para>
2122
<command>XKBMODEL</command>
2125
<para>Consult the X.org documentation for valid settings.</para>
2130
<command>XKBVARIANT</command>
2133
<para>Consult the X.org documentation for valid settings.</para>
2138
<command>XKBRULES</command>
2141
<para>Consult the X.org documentation for valid settings.</para>
2146
<command>XKBOPTIONS</command>
2149
<para>Consult the X.org documentation for valid settings.</para>
2157
<!--multiple-server-setup-->
2158
<sect1 id="multiple-server-setup">
2159
<title>Multiple server setup</title>
2161
A multiple server setup is useful for larger thin client networks. Instead of using one big server,
2162
it makes it possible to use smaller servers, and dispatch users on them. You can adjust computing
2163
resources as the demand grows simply by adding a new server.
2164
To make sure that every server behaves the same from the users point of view, new services and
2165
configurations that are required will be discussed. In addition, some configurations specific
2166
to thin clients will be presented.
2168
<sect2 id="multiple-server-setup-common-services">
2169
<title>Infrastructure setup</title>
2171
<title>Network topology</title>
2173
The network topology is the same as a standalone server setup, except that
2174
there are more than one server on the thin client lan.
2177
You will need to select one server to behave as the primary server. This server
2178
will be used to run additional services, hold users files, and network boot thin clients.
2181
Secondary servers will be used only to run desktop sessions. They are simpler, and will
2182
be configured to use the central services from the primary server. Installing the package
2183
<command>ltsp-server</command> will install required software.
2186
<sect3><title>Common authentication</title>
2188
A user should be able to start a session with the same login and password, no matter
2189
which server it connects to. For this purpose, a central authentication mechanism must
2190
be used. There are many possibilities offered. Here are the major technologies:
2194
<para>LDAP authentication: On the master server, setup an OpenLDAP server.
2195
Configure each servers to use this LDAP server as the authentication base,
2196
with the pam_ldap plugin.
2200
<para>NIS authentication: On the master server, setup a NIS server. Configure
2201
each server to use this NIS server for the authentication.
2205
<para>Winbind authentication: Useful if you already have an Active Directory server.
2209
<para>The smbldap-installer offers system administrators an easy way to set up a Samba/LDAP server which can authenticate both Windows and non-Windows (Linux, Mac OS X, and others) clients. Home directories can be centrally located on one server and shared with other servers. For more information: <ulink url="http://www.majen.net/smbldap">http://www.majen.net/smbldap</ulink>
2214
For detailed instructions, see their respective manuals.
2218
<title>Shared home directories</title>
2220
Shared home directories are easy to setup using an NFS server on the primary server.
2221
To configure the share, install the package <command>nfs-kernel-server</command>.
2222
Then, edit the file <filename class="directory">/etc/exports</filename> and add the following line,
2223
by replacing <command>secondary_server_ip</command> by the real IP address of the server.
2225
/home secondary_server_ip(rw,no_root_squash)
2227
After this modification, the service needs to be restarted.
2229
sudo invoke-rc.d nfs-kernel-server restart
2231
You can define the mount point on each secondary servers, by editing the file
2232
<filename>/etc/fstab</filename> and adding the following line:
2234
192.168.0.1:/home /home nfs hard,intr,rsize=8192,wsize=8192,bg 0 0
2238
With the default setup, the home directory of the user must exist before the
2239
first login. To create the home directory on the fly on the first login,
2240
you can use the pam_mkhomedir plugin. The NFS export option
2241
<command>no_root_squash</command> allows any secondary server to create
2242
directories on the primary server.
2246
<title>Shared printers</title>
2247
<para>For printers to be accessible on each server, the cups server must be
2248
configured to share printers. Refer to the CUPS manual for detailed instructions.
2252
<title>Synchronization of packages</title>
2253
<para>Once you install one desktop application on one server, then you must
2254
install it on all the other servers, as well. Otherwise, users may not be able to
2255
use the same set of applications. First, make sure that
2256
<command>/etc/apt/sources.list</command> file is the same on each server.
2257
Then, list packages of the reference server. Using the primary server for
2258
this purpose is not recommended, since it may install other server packages
2259
that are not necessary on secondary servers. To build the package list:
2260
<screen>dpkg --get-selections > deblist </screen>
2261
Then, copy this file on the target server you want to sync applications,
2262
and perform the following steps:
2264
sudo dpkg --set-selections < deblist
2265
sudo apt-get dselect-upgrade
2267
Apt will install additional packages that are not already installed on the target machine.
2271
<title>Managing the SSH known hosts file</title>
2273
For security reasons, a thin client won't connect to an untrusted server. You
2274
must add the keys of secondary servers inside the client root on the primary
2275
server. To do this, first export the key file of the secondary server to add:
2277
sudo ltsp-update-sshkeys --export ssh_known_hosts.myhostname
2279
Then, copy the file on the primary server, in the directory
2280
<filename class="directory">/etc/ltsp/</filename>, and run <command>ltsp-update-sshkeys</command>
2281
on the primary server. Then, thin clients will trust the freshly added server,
2282
and will be able to connect to it.
2285
If a secondary server changes it's IP address, then this procedure must be repeated.
2289
<title>Setting network forwarding</title>
2290
<para>Primary server will act as an network gateway for other servers. With this
2291
configuration, other workstations will be able to access the network behind
2292
the primary server. Here is an example of script that setup the network forwarding.
2293
We put it in <command>/etc/network/if-up.d/forward.sh</command>, and make it
2294
executable. The script will run at each network start. In this example, the
2295
primary server private IP is <command>192.168.0.1</command>. It must be
2296
adapted for the IP address used.
2301
echo 1 > /proc/sys/net/ipv4/ip_forward
2303
echo Setting up the forwarding
2305
LAN_IP_NET="192.168.0.1/24"
2309
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -o $OUT_NIC -j MASQUERADE
2310
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
2311
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
2315
<title>Replication of desktop profiles</title>
2316
<para>If you customize user's desktop, then custom desktop profiles should be
2317
copied to every server. Gnome desktop profiles created with Sabayon are
2318
located in <command>/etc/desktop-profiles</command>
2322
<sect2 id="multiple-server-setup-config">
2323
<title>Session dispatching</title>
2325
<title>Define the server list</title>
2327
LDM is a login manager for thin clients. Users can select a server
2328
from the available ones in the host selection dialog box.
2331
The displayed server list is defined by the <command>LDM_SERVER</command>
2332
parameter. This parameter accepts a list of server IP address or host names,
2333
separated by space. If you use host names, then your DNS resolution must work
2334
on the thin client. If defined in the <filename>lts.conf</filename> file, the
2335
list order will be static, and the first server in the list will be selected
2339
You can also compute a new order for the server list, by creating the script
2340
<command>/opt/ltsp/i386/usr/lib/ltsp/get_hosts</command>. The parameter
2341
<command>LDM_SERVER</command> overrides the script. In consequence, this
2342
parameter must not be defined if the <command>get_hosts</command> is going
2343
to be used. The <command>get_hosts</command> script writes on the standard
2344
output each server IP address or host names, in the chosen order.
2348
<title>Dispatching method</title>
2350
You can change this behavior by using a script to rearrange the
2351
list. The simplest way to do it is by randomizing the list. First, define
2352
a custom variable in the file <command>lts.conf</command>, for example
2353
<command>MY_SERVER_LIST</command>, that will contain the list of servers,
2354
the same way as <command>LDM_SERVER</command> Then, put the following
2355
script in <command>/opt/ltsp/i386/usr/lib/ltsp/get_hosts</command>.
2358
# Randomize the server list contained in MY_SERVER_LIST parameter
2363
for i in $MY_SERVER_LIST; do
2366
TMP_LIST="$TMP_LIST\n${rank}_$i"
2369
TMP_LIST=$(echo -e $TMP_LIST | sort)
2370
for i in $TMP_LIST; do
2371
SHUFFLED_LIST="$SHUFFLED_LIST $(echo $i | cut -d_ -f2)"
2378
More advanced load balancing algorithms can be written. For example,
2379
load balancing can be done by querying ldminfod for the server rating.
2380
By querying ldminfod, you can get the current rating state of the server.
2381
This rating goes from 0 to 100, higher is better. Here is an example of
2384
nc localhost 9571 | grep rating | cut -d: -f2
2391
<!-- Network Swap -->
2393
<title>Network Swap</title>
2394
<subtitle>Helping thin clients with smaller amounts of ram</subtitle>
2395
<para>Just like on a full fledged workstation, it helps to have swap defined
2396
for your thin client. "Swap" is an area of disk space set aside to allow
2397
you to transfer information out of ram, and temporarily store it on a hard
2398
drive until it's needed again. It makes the workstation look like it has
2399
more memory than it actually does. For instance, if your workstation has
2400
64 Megabytes of ram and you configure 64 Megabytes of swap, it's theoretically
2401
possible to load a 128 Megabyte program.
2403
<para>I say, "theoretically", because in practice, you want to avoid swapping
2404
as much as possible. A hard drive is several orders of magnatude slower
2405
than ram, and, of course, on a thin client, you don't even have a hard drive!
2406
You have to first push the data through the network to the server's hard drive,
2407
thus making your swapping even slower. In practice, it's best to make sure
2408
you have enough ram in your thin client to handle all your average memory
2411
<para>However, sometimes that's not possible. Sometimes, you're re-using old
2412
hardware, or you've simply got a program that isn't normally used, but does
2413
consume a lot of ram on the thin client when it does. Fortunately, LTSP
2414
supports swapping over the network via NBD, or Network Block Devices. We include
2415
a small shell script called nbdswapd, which is started via inetd. It handles
2416
creating the swap file, and setting up the swapping, and removing the swap file
2417
when it's no longer needed, after the terminal shuts down.
2419
<para>By default, swap files are 32 Megabytes in size. This was chosen to give your
2420
workstation a little extra ram, but not use up too much disk space. If you get some
2421
random odd behaviour, such as Firefox crashing when viewing web pages with a lot
2422
of large pictures, you may want to try increasing the size of the swap files. You can
2423
do so by creating a file in the directory <filename class="directory">/etc/ltsp</filename>
2424
on the Edubuntu server, called <filename>nbdswapd.conf</filename>. In it, you can set the
2425
SIZE variable to the number of Megabytes you wish the file to be sized to. For instance,
2426
to create 128 Megabyte files, you'll want:
2430
in the <filename>nbdswapd.conf</filename> file.
2432
<para>Please note that this is a global setting for all swap files. If your server has 40 thin
2433
clients, each using 128 Megs of memory, you'll need 128 * 40 = 5120, or a little over 5
2434
Gigabytes of space in your <filename class="directory">/tmp</filename> directory, where
2435
the swapfiles are stored.
2441
<title>Managing DHCP</title>
2442
<para>DHCP stands for Dynamic Host Configuration Protocol and is the very first thing your
2443
thin client uses to obtain an IP address from the network, in order to allow it to start
2444
booting. In Edubuntu, the dhcpd file is located in <filename class="directory">/etc/ltsp</filename>. Any changes
2445
you want to make to booting behaviour should be made there.
2447
<para>By default, Edubuntu ships a <filename>dhcpd.conf</filename> that serves thin clients
2448
in a dynamic range (i.e. it will hand out ip addresses to anyone who asks for them) from
2449
192.168.0.20 to 192.168.0.250. The default dhcpd.conf file looks like:
2452
# Default LTSP dhcpd.conf config file.
2457
subnet 192.168.0.0 netmask 255.255.255.0 {
2458
range 192.168.0.20 192.168.0.250;
2459
option domain-name "example.com";
2460
option domain-name-servers 192.168.0.1;
2461
option broadcast-address 192.168.0.255;
2462
option routers 192.168.0.1;
2463
# next-server 192.168.0.254;
2464
# get-lease-hostnames true;
2465
option subnet-mask 255.255.255.0;
2466
option root-path "/opt/ltsp/i386";
2467
if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
2468
filename "/ltsp/i386/pxelinux.0";
2470
filename "/ltsp/i386/nbi.img";
2474
This <filename>dhcpd.conf</filename> should handle most situations.
2476
<para>By default, Edubuntu will detect an unused network interface and configure it to be 192.168.0.254.
2477
Edubuntu's recommended single server installation is to use a separate network interface for the thin
2478
clients. If, however, you're not using two network interfaces, or you already have an interface
2479
in the 192.168.0 range, then you might have to configure the thin client interface differently, which
2480
means you may have to adjust the <filename>dhcpd.conf</filename> accordingly.
2482
<para>If the network interface that you're going to connect the thin clients to has, say, a TCP/IP address
2483
of 10.0.20.254, you'll want to replace every occurance of 192.168.0 with 10.0.20 in the
2484
<filename>dhcpd.conf</filename> file.
2486
<para>Always remember, you'll need to re-start the dhcp server if you make any changes. You can do this
2487
by issuing the command:
2489
sudo invoke-rc.d dhcp3-server restart
2491
at the command prompt.
2494
<title>Adding static entries to the dhcpd.conf</title>
2495
<para>Sometimes, you may need to have a certain terminal boot with a guaranteed fixed TCP/IP address
2496
every time. Say, if you're connecting a printer to the terminal, and need to make sure the
2497
print server can find it at a fixed address. To create a fixed address, use a low number
2498
in the range of 2-19, or otherwise, if you change the range statement in the <filename>dhcpd.conf</filename>.
2500
<para>To create a static entry, simply add the following after the "option root-path" line:
2503
hardware ethernet MA:CA:DD:RE:SS:00;
2504
fixed-address 192.168.0.2;
2507
Substitude the mac address for the mac address of the thin client you wish to fix the address of. The
2508
fixed-addres will be the TCP/IP address you want, and "hostname" is the name you wish to give the host.
2512
<title>DHCP failover loadbalancing</title>
2513
<para>Another common method of loadbalancing is to use DHCP loadbalancing. There's an excellent writeup on the topic at:
2514
<ulink url="https://wiki.edubuntu.org/EdubuntuDHCPload-balancingFailover">https://wiki.edubuntu.org/EdubuntuDHCPload-balancingFailover</ulink>
2520
<title>Lockdown with Sabayon and Pessulus</title>
2521
<para>A common requirement in both schools and businesses is having the ability to lock down the desktop
2522
and provide certain default configurations.
2524
<para>In Edubuntu, the applications you'll want to use are Sabayon and Pessulus. You'll want to add them from
2525
the <command>synaptic</command> package manager. After you've added them both, then you can start them from
2527
<guimenu>System</guimenu>
2528
<guisubmenu>Administration</guisubmenu>
2529
<guimenuitem>User Profile Editor</guimenuitem>
2532
<para>The Sabayon profile editor looks like a window that contains a smaller sized picture of your desktop. Within
2533
this window, you can create a default layout: add icons to panels and the desktop, lock down the panels
2534
so they can't be modified, remove access to the command line, etc.
2536
<para>Once you're done, you can save your profile. You have the option of applying your profile to either individual
2537
users, or all users on the system. Please consult the manual included with Sabayon for all the details.
2541
<!-- Thin Client Manager -->
2542
<sect1 id="ltsp-tcm">
2543
<title>Edubuntu Thin Client Manager</title>
2545
<title>Using Thin Client Manager</title>
2546
<subtitle>Managing an LTSP setup effectivly</subtitle>
2547
<para>Thin Client Manager (TCM) is a system administration utility to
2548
enable a teacher to easily control the machines in their class, by
2549
utilising the following features:
2553
<para>Remote program execution</para>
2556
<para>Simple message sending</para>
2559
<para>Remote application closure</para>
2562
<para>Quick access to the lockdown editor</para>
2565
<para>Remote logout execution</para>
2568
<para>Process listings for each user</para>
2571
<para>Plugin framework to expand functionality</para>
2574
<para>When first loaded, TCM shows the clients currently logged
2575
onto the server on the right hand side, along with their IP address
2576
and username, as in Fig 1. This list is dynamically updated and
2577
will change as users log into and out of the system. Clicking on an
2578
entry in this list will highlight it, and enable certain functions
2579
in the user interface. Clicking on a user will also fill the window
2580
on the right with all the processes that are running in that users
2586
<imagedata fileref="../../images/C/scpmain.png" format="PNG"/>
2589
<phrase>Main Window</phrase>
2591
</inlinemediaobject>
2595
<title>Operations</title>
2597
<title>Process Management</title>
2598
<para>You can end a users applications by first choosing a user,
2599
selecting a process from the right hand side, and then clicking on
2600
the "End Process" button. You will then be asked to confirm your
2601
actions and, upon confirmation, a message is sent to the clients
2602
session asking for the program to terminate. (Note: You can select
2603
multiple users here)
2608
<imagedata fileref="../../images/C/scpprocs.png" format="PNG"/>
2611
<phrase>Processes Window</phrase>
2613
</inlinemediaobject>
2617
<title>Logging Users Out</title>
2618
<para>If desired, you can log a user out of their session, by first
2619
selecting a user and click on the "Disconnect" button. You will
2620
then be asked to confirm your actions and, upon confirmation, a
2621
message is sent to end the users session. This will log the user
2622
out of their current session. (Note: You can select multiple users
2627
<title>Sending A Message</title>
2628
<para>You are able to send short messages to users, for example,
2629
"You have 5 minutes left of this lesson". To do this, first select
2630
a user and then click on the send message button. You will then be
2631
presented with a box to type in your message. Upon clicking "Ok",
2632
the message will be sent to the selected user. (Note: You can
2633
select multiple users here)
2638
<imagedata fileref="../../images/C/scpmess.png" format="PNG"/>
2641
<phrase>Message Window</phrase>
2643
</inlinemediaobject>
2647
<title>Starting A Program</title>
2648
<para>It is also possible to start an application or process in a
2649
clients session from TCM. To do this simply select the user, and
2650
click on the "Execute" button. You will then be presented with a
2651
dialog box to enter a command to be run in the users session. Upon
2652
clicking "Ok", a message will be sent to the users session asking
2653
for the chosen command to be run. (Note: You can select multiple
2659
<imagedata fileref="../../images/C/scpexec.png" format="PNG"/>
2662
<phrase>Execute Window</phrase>
2664
</inlinemediaobject>
2668
<title>Lockdown Editor</title>
2669
<para>By choosing a single user and right clicking on that users name, you will open up the context menu. From here you can choose "Lockdown", which will allow you to set options to restrict a particular user. Clicking this menu item will invoke the "Pessulus" program, which is the Gnome lockdown editor. Ticking and unticking options in Pessulus will enable and disable certain functions for that particular user. There is a padlock next to each option in Pessulus. Ticking this will make the option unchangeable by the user. This is called a mandatory setting. Pessulus has been altered for integration with Thin Client Manager so that mandatory keys are now per user, instead of per system. For further help with Pessulus, please refer to the Pessulus documentation.</para>
2672
<title>Managing users with groups</title>
2673
<para>The latest version of Thin Client Manager comes with a user group and filtering system. Right clicking in the user list, will present you with a menu which has an option called Groups. From this menu you can create new groups, delete old groups and assign users to groups.</para>
2675
To assign users to a group simply select the users required from the user list and then right click to enter context menu. Now you can move through the menu,
2677
<guimenu>Groups</guimenu>
2678
<guisubmenu>Add user to group</guisubmenu>
2679
<guimenuitem>Group Name</guimenuitem>
2681
The process for removing members from a group is exceedingly similar.
2684
Once you have assigned your users into groups, you can use the filter combo box above the user list to show only members of that particular group. Groups and members are persistent across Thin Client Manager sessions and are automatically saved once you have altered them. If you ever need to manually access the file which stores this information, it is located at <filename>/etc/tcm/users.conf</filename>.
2688
<title>Plugins</title>
2690
The plugin framework allows you to expand the way TCM works. By selecting one or more users in the left hand panel you can right click in the left hand area and be presented with the context menu. This menu has an option called "Plugins" and from that there is a list of all the plugins installed in TCM. On a fresh installation, this will consist of a single plugin, which is used purely as an example. For the more advanced user, please see the example plugin file located at <filename>/usr/lib/python2.4/site-packages/studentcontrolpanel/plugins/cheap_plugin</filename>. A plugin consists simply of a class and a registration function. The plugin is provided with a list of users, which you can use to write a code to perform functions based on that list.
2694
<title>Screen Viewing</title>
2696
<emphasis role="bold">This functionality requires some set up by the system administrator, please see the Ubuntu wiki for more information.</emphasis>
2698
<para>By clicking on the Screen Viewer tab, you can view four client screens at a time. By using the buttons at the bottom of the screen you can move between the currently logged in users. If a user becomes disconnected, you can use the refresh option to reconnect all screens. Connections are closed when switching to the Process Viewer to save bandwidth, but are reconnected again upon switching to the Screen Viewer tab.</para>
2703
<sect1 id="ltsp-updates">
2704
<title>Keeping your Edubuntu server in shape</title>
2705
<para>Security, as it's often been said, is a process, and not an
2706
end result. Fortunately, Ubuntu makes it easy to keep up to date
2707
with the latest security patches.
2710
<title>Edubuntu Server Management</title>
2711
<para>When logging onto the LTSP network as an administrator you
2712
will sometimes find a bubble appear in the top right informing you
2713
that there are updates available for your computer.
2720
<imagedata fileref="../../images/C/updateavailable.png" format="PNG"/>
2726
<para> Any updates you
2727
apply here will automatically be applied to all clients, though
2728
they may require a reboot. This is because LTSP clients all use the
2729
same set of applications on the server. When this prompt appears
2730
click the small red icon, and enter your password
2731
to display the following application.
2737
<imagedata fileref="../../images/C/updatemanager.png" format="PNG"/>
2742
<para>This application allows you to apply all available updates
2743
for your computer quickly and easily. Clicking on the <emphasis role="bold">Check</emphasis>
2744
button, checks to see if there are any more updates since the
2745
computer last checked. If you are going to perform the updates,
2746
it's a good idea to click this button. Once the check is completed,
2747
you are ready to update your system.
2749
<para>Be sure to check how much information is going to be
2750
downloaded, if you are low on bandwidth, or using a slow
2751
connection. Click on the <emphasis role="bold">Update</emphasis> button, to set the computer
2752
downloading and installing updates. Once clicked, if there are any
2753
verification issues, these will be shown. If you are happy that the
2754
packages come from a trusted source, you can click <keycap>OK</keycap> to continue.
2755
First, your computer will download all available packages and
2756
display a screen similar to that below.
2762
<imagedata fileref="../../images/C/updatedownload.png" format="PNG"/>
2767
<para>After all packages have finished downloading, you will be
2768
presented with the progress box, which shows how far the computer
2769
has come in updating. If you wish you can click the word
2770
<emphasis role="bold">terminal</emphasis> to show more detailed information about the updates
2774
<informalfigure float="left">
2777
<imagedata fileref="../../images/C/updateinstall.png" format="PNG"/>
2782
<para>After the updates have completed, the computer will inform
2783
you if you need to restart in order for the updates to come into
2784
effect. You can either shutdown when you wish, or click the small
2785
blue icon in the top righthand corner, and you will
2786
be presented with this question.
2790
<para>If you restart your computer without shutting down your
2791
clients, their computers will stop responding and they may lose
2792
data. Be sure all clients are logged out before restarting the
2799
<title>Updating your LTSP chroot</title>
2800
<para>At some point in the future, updates will become available
2801
for your LTSP server. You must remember that altough you may have
2802
applied all the updates to the server itself, as in the
2803
instructions....HERE it is likely that the LTSP chroot will also
2804
need updating. To do this you must open up a terminal and use the
2807
<para>First make sure the Client environment has the same Package
2808
lists as the Server, to achieve that, you will copy the
2809
sources.list file from the Server to the Client environment.
2812
sudo cp /etc/apt/sources.list /opt/ltsp/i386/etc/apt/
2814
<para>Now issue the command below.</para>
2815
<screen>sudo chroot /opt/ltsp/i386</screen>
2816
<para>This will change your root directory to be the LTSP clients
2817
root directory. In essence, anything you now do inside here, will
2818
be applied to the LTSP clients NFS root. This is a separate small
2819
set of files that are used to boot the clients into a usable, and
2820
enable them to contact the LTSP server. Once inside this shell, we
2821
must type the following command to obtain the latest list of
2822
packages from the apt servers.
2824
<screen>apt-get update</screen>
2825
<para>Once this has completed you will have to upgrade the software
2826
in the chroot by running the following command:
2828
<screen>apt-get upgrade</screen>
2829
<para>Once all upgrades have finished, you must leave the chroot by
2830
either typing <emphasis role="bold">exit</emphasis> or by using the key combination Ctrl+D.
2831
This will return you to the root of the server.
2833
<para>If your kernel has been upgraded you must run the LTSP kernel
2834
upgrade script, to ensure that your LTSP chroot uses the latest
2835
version. This is performed by running the command below:
2837
<screen>sudo ltsp-update-kernels</screen>
2838
<para>All of your clients will now use the latest kernel upon their
2841
<para>Finally, you must remember to rebuild the NBD boot image from your
2842
chroot with the following command:
2844
<screen>sudo ltsp-update-image</screen>
2845
<para>Be advised that this may take a few minutes, depending on the speed of your server.
2849
<title>Changing the IP of your LTSP server</title>
2850
<para>At some point in time, it may become necessary to change the
2851
IP address of your LTSP server. Normally this does not present an
2852
issue, but LTSP servers and clients communicate over and encrypted
2853
channel and require all SSL certificates to be updated. Without
2854
this update, <emphasis role="bold">no LTSP clients will be able to log in</emphasis>. This is
2855
done by simply opening a terminal and running the following
2858
<screen>sudo ltsp-update-sshkeys</screen>
2863
<sect1 id="server-backup">
2864
<title>Backing Up</title>
2866
Now that you have your Edubuntu server working, and are keeping it updated,
2867
you're going to want to back up your users' data.
2870
<para>There are a variety of options available for external backup media.
2871
SCSI tape drives, DVD RAM or ROM's, or even CD/R's may all be used to back
2872
up your server on a regular basis.
2875
<sect2 id="backupwhat">
2876
<title>What needs to be backed up?</title>
2877
<para>When backing up a server, there are typically two approaches:</para>
2880
<para>Back up everything.</para>
2883
<para>Back up config files, and user data.</para>
2886
<para>We'll look at each briefly.</para>
2889
<title>Back up everything</title>
2890
<para>Typically, by backing up everything, the administrator is looking to
2891
do a restore of the entire operating system, as well as user data.
2893
<para>Typically, you'll want to use a SCSI tape drive, and a program like
2894
<command>amanda</command> (available in the universe repository) to do this
2895
kind of backup strategy.
2899
<title>Back up configs and data</title>
2900
<para>Backing up only config files and data is an acceptable strategy for sites
2901
on a budget. On a typical Edubuntu system, without a lot of customization,
2902
backing up the following files and directories should capture most of what's
2903
on your system. Following a disaster, you'll need to re-install Edubuntu from
2904
the CD, re-install any programs you added, and re-apply all updates. At that
2905
point, you can pull the config files and user data from your backup.
2910
/var/lib/tftpboot/ltsp/i386/lts.conf