[debian-edu-commits] debian-edu/italc.git (#97) - master (branch) updated: debian/1_2.0.0-2-16-g494ef2b
Mike Gabriel
sunweaver at alioth.debian.org
Sun Aug 11 01:16:33 UTC 2013
The branch, master has been updated
via 494ef2b4b79ab561c37ab17e0dd9682c8f4c4201 (commit)
from ef6b15889446cd65e9ea7a83552a990f71ba3c87 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 494ef2b4b79ab561c37ab17e0dd9682c8f4c4201
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Sun Aug 11 03:11:25 2013 +0200
Provide documentation: README.setup. (Closes: #511387).
-----------------------------------------------------------------------
Summary of changes:
debian/README.setup | 217 +++++++++++++++++++++++++++++++++
debian/changelog | 1 +
debian/italc-client.docs | 1 +
debian/italc-client.links | 1 +
debian/italc-management-console.links | 1 +
debian/italc-master.links | 1 +
debian/libitalccore.docs | 1 +
7 files changed, 223 insertions(+)
create mode 100644 debian/README.setup
create mode 100644 debian/italc-client.docs
create mode 100644 debian/italc-client.links
create mode 100644 debian/italc-management-console.links
create mode 100644 debian/italc-master.links
create mode 100644 debian/libitalccore.docs
The diff of changes is:
diff --git a/debian/README.setup b/debian/README.setup
new file mode 100644
index 0000000..ae1d053
--- /dev/null
+++ b/debian/README.setup
@@ -0,0 +1,217 @@
+HOW TO SETUP iTALC (with the example of a Debian Edu network setting)
+=====================================================================
+... provided by Valerio Pachera (on 30th Dec 2008), see #511387
+... edited, revied and modified by Mike Gabriel (during DebConf2013)
+
+
+This document attempts at explaining how iTALC could be / is
+pre-configured on a Debian Edu / Skolelinux setup.
+
+The point is that different actions have to be taken on the base of
+the different Debian Edu installation profiles we are working with.
+
+Debian Edu Profiles:
+ -main-server (TJENER)
+ -ltsp-server (Terminal Server based on LTSP)
+ -workstation
+ -diskless workstation (DLWs)
+
+Short introduciton:
+
+ - iTALC consists of three programs:
+ 1 - the client (called "ica"). It is a daemon that runs on the computers
+ we want to control (also called clients)
+ 2 - the main application "iTALC" that teachers use to check and control
+ students.
+ 3 - Since iTALC version 2.0.0 there is a third component: imc (iTALC
+ Management Console)
+ - iTALC uses keys to increase security.
+
+The private keys have to be present on the computers where teachers
+want to run the main application.
+
+Actually we don't know which computer the teachers will be using after all,
+so the recommendation is to make the private keys available on all
+computers/profiles and protect them via file permissions.
+
+The public keys, of course, have to be present on all computers and must be
+readable to anyone (or--at least--all students).
+
+The key creation is (since iTALC Debian package version 2.0.0-1) fully
+handled during package installation.
+
+The Debian package italc-client adds three groups to the system:
+
+ italc-admin
+ italc-support
+ italc-teacher
+
+The keys then get created via the imc -createkeypair command and
+the files get protected with appropriate file permissions.
+
+# TODO: For Debian Edu / Skolelinux, the group names must be modifiable
+# via debconf templates and it must become possible to disable Posix group
+# creation during package installation. With preseeding, the installation
+# of the italc-client package can then be tweaked to cleanly match into
+# a Debian Edu automated installation.
+
+Once, the italc-client package is installed and the groups are properly
+set up, the only thing left is launching the iTALC client (ica) in every
+machine the teacher shall be able to control.
+
+
+### THOUGHTS ON KEY GENERATION (Debian Edu specific) ###
+
+iTALC keys in a Debian Edu setup have to be generated once and be available to
+all clients. One good way to do that is generating them on the "main-server"
+profile/machine because every computer on the Debian Edu network is in
+contact with it.
+
+-- MAIN-SERVER PROFILE --
+
+During package installation keys will get created in the directory
+
+ /etc/italc/keys/
+
+This folder contains subfolders of the names "public" and "private"
+containing the respective keys.
+
+FIXME: At the time of writing the file permissions (in our Debian Edu setup)
+of the private keys have to be assigned manually to the "teachers" group.
+
+ $ chgrp -R teachers /etc/italc/private
+
+Then we have to make available the keys to the other hosts on the network,
+so we e.g. export them using NFSv4 with something like that in /etc/exports
+
+ file=/etc/exports
+ """
+ /srv/nfs4/etc/italc @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)
+ """
+
+Make sure that /etc/italc is `bind-mounted' to /srv/nfs4/etc/italc from within
+/etc/fstab on the main-server machine:
+
+ file=/etc/fstab
+ """
+ /etc/italc /srv/nfs4/etc/italc none bind 0 0
+ """
+
+To activate this new configuration, enter this command sequence:
+
+ $ mkdir /srv/nfs4/etc
+ $ mount -a
+ $ exportfs -ar
+
+
+-- THIN CLIENTS --
+
+If the main-server TJENER also serves as an LTSP server, then we
+do not need any further work to be done. Keys are already in place.
+
+If the LTSP server is a separate machine, then see below and follow the
+description for workstations.
+
+
+-- WORKSTATION --
+
+Both iTALC client (italc-client) and iTALC master (italc-master) have to be
+installed by default on this Debian Edu installation profile.
+
+We need the same keys that are on the MAIN server. We simply have to
+create the folder /etc/italc and mount the shared folder via /etc/fstab
+with something like
+
+ file=/etc/fstab
+ """
+ 10.0.2.2:/etc/italc /etc/italc nfs ro 0 0
+ """
+
+
+-- DISKLESS WORKSTATION --
+
+We can do the samething we did for theworkstation: mount the /etc/italc folder
+by fstab.
+
+
+### RUN iTALC CLIENT (ica) ###
+
+-- MAIN-SERVER PROFILE --
+
+we do not need to run the daemon here. None have to control this
+machine or use iTALC master on it (unless you run TJENER as a combi-server:
+main-server, ltsp-server, workstation).
+
+
+-- LTSP-SERVER PROFILE --
+
+Thin clients run on this machine so we have to launch ica to control them.
+
+Because we have to run "n" instances of ica for "n" thin clients
+connected, we MUST use a different port for each ica session.
+To achieve that sufficently, we call a small script instead of calling
+directly /usr/bin/ica.
+
+This script takes care of running ica using a unique port. One approach
+can be that the port number is last part of the thin client IP plus 11.000.
+
+(Note: on the master application to refer to a thin client we have to
+specify the ltsp-server address WITH the unique port).
+
+-- THIN CLIENT --
+
+We do not have to do anything because we did it on the LTSP server.
+
+-- WORKSTATION --
+
+We do not need any modifications about ports here. We need only to
+execute ica when the user logs in.
+
+-- DISKLESS WORKSTATION --
+
+the same as with workstations
+
+-----------------------
+
+
+### iTALC MASTER CONFIGURATION ###
+
+The iTALC master, like any other apllication, saves its own configuration
+file in the user's (i.e. teacher's) home folder.
+
+That means that teacher may configre it in the finest way but the other
+teachers will have to repeat the same process.
+
+We can avoid that using a global configuration file. We already
+exported the folder /etc/italc. This folder is reachable by any host of the
+Debian Edu netowrk, so we can simply put the configuration file into
+this exported, global folder.
+
+Copy the file configured by the teacher into that directory
+
+ $ sudo cp ~/.italc/globalconfig.xml /etc/italc/
+
+It may be a good idea to not give write permission to all teachers but
+only to few teachers of group "admins".
+
+ $ chown root:admins /etc/italc/globalconfig.xml
+ $ chmod 664 /etc/italc/globalconfig.xml
+
+Now we need to instruct iTALC to use that file. Edit /etc/xdg/iTALC Solutions/italc.conf
+by adding
+
+ file=/etc/xdg/iTALC Solutions/iTALC.conf
+ [paths]
+ globalconfig=/etc/italc/
+
+
+
+###############################################################
+
+Thanks to Valerio for this great piece of initial documentation!!!!
+
+At the time of writing the whole setup is un-tested. This is on the Deban Edu
+team's (actually mine) todo list.
+
+light+love
+Mike Gabriel,Vaumarcus CH, 2013-08-10
diff --git a/debian/changelog b/debian/changelog
index 8e8bf4e..c5858f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,7 @@ italc (1:2.0.0-3) UNRELEASED; urgency=low
* Add patch: 006_inject-buildtype-from-outside.patch. Inject the build
type (actually the BUILD_CPU) from /debian/rules. Avoid the detection
code from upstream as it only covers x86 and x86_64. (Closes: #718745).
+ * Provide documentation: README.setup. (Closes: #511387).
-- Mike Gabriel <sunweaver at debian.org> Mon, 13 May 2013 10:17:38 +0200
diff --git a/debian/italc-client.docs b/debian/italc-client.docs
new file mode 100644
index 0000000..b704a6e
--- /dev/null
+++ b/debian/italc-client.docs
@@ -0,0 +1 @@
+debian/README.setup
\ No newline at end of file
diff --git a/debian/italc-client.links b/debian/italc-client.links
new file mode 100644
index 0000000..c4bb22f
--- /dev/null
+++ b/debian/italc-client.links
@@ -0,0 +1 @@
+usr/share/doc/libitalccore/README.setup.gz usr/share/doc/italc-client/README.setup.gz
\ No newline at end of file
diff --git a/debian/italc-management-console.links b/debian/italc-management-console.links
new file mode 100644
index 0000000..e89efa9
--- /dev/null
+++ b/debian/italc-management-console.links
@@ -0,0 +1 @@
+usr/share/doc/libitalccore/README.setup.gz usr/share/doc/italc-management-console/README.setup.gz
\ No newline at end of file
diff --git a/debian/italc-master.links b/debian/italc-master.links
new file mode 100644
index 0000000..58c4bc5
--- /dev/null
+++ b/debian/italc-master.links
@@ -0,0 +1 @@
+usr/share/doc/libitalccore/README.setup.gz usr/share/doc/italc-master/README.setup.gz
\ No newline at end of file
diff --git a/debian/libitalccore.docs b/debian/libitalccore.docs
new file mode 100644
index 0000000..b704a6e
--- /dev/null
+++ b/debian/libitalccore.docs
@@ -0,0 +1 @@
+debian/README.setup
\ No newline at end of file
hooks/post-receive
--
italc.git (Debian package italc)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "italc.git" (Debian package italc).
More information about the debian-edu-commits
mailing list