[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bullseye/HowTo/NetworkClients" by WolfgangSchweer

Debian Wiki wiki at debian.org
Sat Nov 27 15:45:10 GMT 2021


Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bullseye/HowTo/NetworkClients" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bullseye/HowTo/NetworkClients?action=diff&rev1=27&rev2=28

Comment:
update to reflect LTSP setup and maintenance related changes

  
  One generic term for both thin clients and diskless workstations is ''LTSP client''.
  
- (!) Starting with Bullseye, LTSP is quite different from the previous versions.
+ (!) Starting with Bullseye, LTSP is quite different from the previous versions. This concerns both setup and maintenance.
- This concerns both setup and maintenance. As one main difference, the SquashFS image for diskless workstations is now generated from the LTSP server file system. Also, thin clients are no longer supported.<<BR>>In case of a separate or an additional LTSP server required information for setting up the LTSP client environment isn't complete at installation time. Setup can be done once the system has been added with GOsa².
+  * As one main difference, the SquashFS image for diskless workstations is now generated from the LTSP server file system by default. This happens on a combined server at first boot, taking some time.
+ 
+  * Thin clients are no longer part of LTSP. Debian Edu uses !X2Go to still support thin client usage.
+  * In case of a separate or an additional LTSP server, required information for setting up the LTSP client environment isn't complete at installation time. Setup can be done once the system has been added with GOsa².
  
  For information about LTSP in general, see the [[https://ltsp.org| LTSP homepage]]. On systems with ''LTSP server'' profile, {{{man ltsp}}} provides more information.
  
- The ''debian-edu-ltsp-install'' tool is a wrapper script for {{{ltsp image}}}, {{{ltsp kernel}}} and {{{ltsp ipxe}}}. It is used to setup and configure diskless workstation support; in addition thin clients (both 64-Bit and 32-Bit PC) are supported using !X2Go. See {{{man debian-edu-ltsp-install}}} or the script content to see how it works. All configuration is contained in the script itself (here documents) to facilitate site specific adjustments.
- 
- Please note that the ''ltsp'' tool has to be used carefully. For example, {{{ltsp image /}}} would fail to generate the SquashFS image in case of Debian machines (these have a separate /boot partition by default), and {{{ltsp ipxe}}} would fail to generate the iPXE menu correctly (due to Debian Edu's thin client support).
+ Please note that the ''ltsp'' tool from LTSP has to be used carefully. For example, {{{ltsp image /}}} would fail to generate the SquashFS image in case of Debian machines (these have a separate /boot partition by default), {{{ltsp ipxe}}} would fail to generate the iPXE menu correctly (due to Debian Edu's thin client support), and {{{ltsp initrd}}} would mess up LTSP client boot completely.
  
+ The '''debian-edu-ltsp-install''' tool is a wrapper script for {{{ltsp image}}}, {{{ltsp initrd}}} and {{{ltsp ipxe}}}. It is used to setup and configure diskless workstation and thin client support (both 64-Bit and 32-Bit PC). See {{{man debian-edu-ltsp-install}}} or the script content to see how it works. All configuration is contained in the script itself (HERE documents) to facilitate site specific adjustments.
+ 
- Examples how to use the wrapper script ''debian-edu-ltsp-install'' instead:
+ Examples how to use the wrapper script ''debian-edu-ltsp-install'':
-  * {{{debian-edu-ltsp-install --arch amd64}}} creates 64-bit diskless workstation support.
-  * {{{debian-edu-ltsp-install --arch amd64 --dist bullseye --thin_type bare}}} creates diskless workstation and 64-bit thin client support.
-  * {{{debian-edu-ltsp-install --arch i386 --diskless_workstation no --thin_type bare}}} creates additional 32-bit thin client support.
-  * {{{debian-edu-ltsp-install --diskless_workstation yes}}} updates the diskless workstation SquashFS image.
+  * {{{debian-edu-ltsp-install --diskless_workstation yes}}} updates the diskless workstation SquashFS image (server filesystem).
-  * {{{debian-edu-ltsp-install --diskless_workstation no --thin_type bare}}} (re-)creates 64-bit thin client support.
+  * {{{debian-edu-ltsp-install --diskless_workstation yes --thin_type bare}}} creates diskless workstation and 64-bit thin client support.
+  * {{{debian-edu-ltsp-install --arch i386 --thin_type bare}}} creates additional 32-bit thin client support (chroot and SquashFS image).
   
  Besides ''bare'' (smallest thin client system), also ''display'' and ''desktop'' are available options. The ''display'' type offers a shutdown button, the ''desktop'' type runs Firefox ESR in kiosk mode on the client itself (more local RAM and CPU power required, but server load reduced).
  
+ The '''debian-edu-ltsp-ipxe''' tool is a wrapper script for {{{ltsp ipxe}}}. It makes sure that the /srv/tftp/ltsp/ltsp.ipxe file is Debian Edu specific. The command needs to be run after iPXE menu related items (like menu timeout or default boot settings) in the /etc/ltsp/ltsp.conf [server] section have been modified.
+ 
+ The '''debian-edu-ltsp-initrd''' tool is a wrapper script for {{{ltsp initrd}}}. It makes sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img) is generated and then moved to the use case related directory. The command needs to be run after the /etc/ltsp/ltsp.conf [clients] section has been modified.
+ 
+ The '''debian-edu-ltsp-chroot''' tool is a replacement for the ''ltsp-chroot'' tool shipped with LTSP5. It is used to execute commands in a specified LTSP chroot (like e.g. install, upgrade and remove packages).
+ 
  '''Diskless workstation'''
  
  A diskless workstation runs all software locally. The client machines boot directly from the LTSP server without a local hard drive. Software is administered and maintained on the LTSP server, but runs on the diskless workstations. Home directories and system settings are stored on the server too. Diskless workstations are an excellent way of reusing older (but powerful) hardware with the same low maintenance costs as with thin clients. 
@@ -34, +41 @@

  
  '''Thin client'''
  
- A thin client setup enables an ordinary PC to function as an (X-)terminal, where all software runs on the LTSP server. This means that this machine boots via PXE without using a local client hard drive.
+ A thin client setup enables an ordinary PC to function as an (X-)terminal, where all software runs on the LTSP server. This means that this machine boots via PXE without using a local client hard drive and that the LTSP server needs to be a powerful machine.
  
  Debian Edu still supports the use of thin clients to enable the use of very old hardware.
  
@@ -43, +50 @@

  LTSP client boot will fail if the client's network interface requires a non-free firmware.
  A PXE installation can be used for troubleshooting problems with netbooting a machine; if the Debian Installer complains about a missing XXX.bin file then non-free firmware has to be added to the LTSP server's initrd.
  
+ Proceed like this on the LTSP server:
- In this case execute the following commands on the LTSP server.
- {{{
- # First get information about firmware packages
+  First get information about firmware packages, run:
+ {{{
  apt update && apt search ^firmware-
-  
- # Decide which package has to be installed for the network interface(s). 
- # Most probably this will be firmware-linux-nonfree.
- apt -y -q install <package name>
-  
+ }}}
+  Decide which package has to be installed for the network interface(s), most probably this will be firmware-linux, run:
+ {{{
+ apt -y -q install firmware-linux
+ }}}
- # Update the SquashFS image for diskless workstations.
+  Update the SquashFS image for diskless workstations, run:
+ {{{
  debian-edu-ltsp-install --diskless_workstation yes
  }}}
- 
+  In case !X2Go thin clients are used, run:
+ {{{
+ /usr/share/debian-edu-config/tools/ltsp-addfirmware -h
+ }}}
+  and proceed according to the usage information.
+  <<BR>>Then update the SquashFS image; e.g. for the /srv/ltsp/x2go-bare-amd64 chroot, run:
+ {{{
+ ltsp image x2go-bare-amd64
+ }}}
+   
  === LTSP client type selection ===
  
  Each LTSP server has two ethernet interfaces: one configured in the main 10.0.0.0/8 subnet (which is shared with the main server), and another forming a local subnet (a separate subnet for each LTSP server).
  
  In both cases ''diskless workstation'' or ''thin client'' can be chosen from the iPXE menu. After waiting for 5 seconds, the machine will boot as diskless workstation. 
  
- The default boot menu item and it's default timeout can both be configured in {{{/etc/ltsp/ltsp.conf}}}. A timeout value of ''-1'' is used to hide the menu. Run {{{debian-edu-ltsp-install --diskless_workstation no}}} for any changes to take effect.
+ The default iPXE boot menu item and it's default timeout can both be configured in {{{/etc/ltsp/ltsp.conf}}}. A timeout value of ''-1'' is used to hide the menu. Run {{{debian-edu-ltsp-ipxe}}} for the changes to take effect.
  
  === Use a different LTSP client network ===
  
@@ -70, +87 @@

  
  === Add LTSP chroot to support 32-bit-PC clients ===
  
- Run {{{debian-edu-ltsp-install --arch i386 --diskless_workstation no --thin_type bare}}}.
+ To create chroot and SquashFS image, run:
+ {{{
+ debian-edu-ltsp-install --arch i386 --thin_type bare
+ }}}
  See {{{man debian-edu-ltsp-install}}} for details about thin client types.
  
  === LTSP client configuration ===
@@ -78, +98 @@

  Run {{{man ltsp.conf}}} to have a look at available configuration options.
  Or read it online: https://ltsp.org/man/ltsp.conf/
  
+ Add configuration items to the /etc/ltsp/ltsp.conf [clients] section. For the changes to take effect, run:
+ {{{
+ debian-edu-ltsp-initrd
+ }}}
+ 
  === Sound with LTSP clients ===
  
  LTSP thin clients use networked audio to pass audio from the server to the clients.
@@ -85, +110 @@

  LTSP diskless workstations handle audio locally.
  
  === Use printers attached to LTSP clients ===
- 
   * Attach the printer to the LTSP client machine (both USB and parallel port are supported). 
  
   * Configure the LTSP client with GOsa² to use a fixed IP address.
@@ -102, +126 @@

  
  === Configuring the PXE installation ===
  
- The PXE installation will inherit the language, keyboard layout and mirror settings from the settings used when installing the main-server, and the other questions will be asked during installation (profile, popcon participation, partitioning and root password). To avoid these questions, the file {{{/etc/debian-edu/www/debian-edu-install.dat}}} can be modified to provide preselected answers to debconf values. Some examples of available debconf values are already commented in {{{/etc/debian-edu/www/debian-edu-install.dat}}}. Your changes will be lost as soon as {{{debian-edu-pxeinstall}}} is used to recreate the PXE-installation environment. To append debconf values to {{{/etc/debian-edu/www/debian-edu-install.dat}}} during recreation with {{{debian-edu-pxeinstall}}}, add the file {{{/etc/debian-edu/www/debian-edu-install.dat.local}}} with your additional debconf values.
+ The PXE installation will inherit the language, keyboard layout and mirror settings from the settings used when installing the main server, and the other questions will be asked during installation (profile, popcon participation, partitioning and root password). To avoid these questions, the file {{{/etc/debian-edu/www/debian-edu-install.dat}}} can be modified to provide preselected answers to debconf values. Some examples of available debconf values are already commented in {{{/etc/debian-edu/www/debian-edu-install.dat}}}. Your changes will be lost as soon as {{{debian-edu-pxeinstall}}} is used to recreate the PXE-installation environment. To append debconf values to {{{/etc/debian-edu/www/debian-edu-install.dat}}} during recreation with {{{debian-edu-pxeinstall}}}, add the file {{{/etc/debian-edu/www/debian-edu-install.dat.local}}} with your additional debconf values.
  
- More information about modifying PXE installations can be found in the [[DebianEdu/Documentation/Bullseye/Installation#Modifying_PXE_installations|Installation]] chapter.
+ More information about modifying PXE installations can be found in the [[DebianEdu/Documentation/Bookworm/Installation#Modifying_PXE_installations|Installation]] chapter.
  
  === Adding a custom repository for PXE installations ===
  
  For adding a custom repository add something like this to {{{/etc/debian-edu/www/debian-edu-install.dat.local}}}:
  
  {{{
- #add the skole projects local repository
  d-i     apt-setup/local1/repository string      http://example.org/debian stable main contrib non-free
  d-i     apt-setup/local1/comment string         Example Software Repository
  d-i     apt-setup/local1/source boolean         true
@@ -126, +149 @@

  
  /!\ Note that changing to one of the subnets already used elsewhere in Debian Edu will not work. 192.168.0.0/24 and 192.168.1.0/24 are already set up as LTSP client networks. Changing to these subnets will require manual editing of configuration files to remove duplicate entries.
  
- There is no easy way to change the DNS domain name.  Changing it would require changes to both the LDAP structure and several files in the main server file system.  There is also no easy way to change the host and DNS name of the main server (tjener.intern).  To do so would also require changes to LDAP and files in the main-server and client file system.  In both cases the Kerberos setup would have to be changed, too.  
+ There is no easy way to change the DNS domain name.  Changing it would require changes to both the LDAP structure and several files in the main server file system.  There is also no easy way to change the host and DNS name of the main server (tjener.intern).  To do so would also require changes to LDAP and files in the main server and client file system.  In both cases the Kerberos setup would have to be changed, too.  
  
  == Remote Desktop ==
  
@@ -138, +161 @@

  
  Additionally, xrdp can connect to a VNC server or another RDP server.
  
- Xrdp comes without sound support; to compile the required modules this script could be used.
+ Xrdp comes without sound support; to compile (or re-compile) the required modules this script could be used.
+ Please note: The caller needs to be root or a member of the sudo group. Also, /etc/apt/sources.list must contain a valid deb-src line.
+ 
  {{{
   #!/bin/bash
-  # Script to compile / recompile xrdp PulseAudio modules.
-  # The caller needs to be root or a member of the sudo group.
-  # Also, /etc/apt/sources.list must contain a valid deb-src line.
   set -e
    if [[ $UID -ne 0 ]] ; then  
       if ! groups | egrep -q sudo ; then
@@ -159, +181 @@

   PULSE_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' pulseaudio)"
   XRDP_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' xrdp)"
   sudo apt -q update
-  # Get sources and build dependencies:
   sudo apt -q install dpkg-dev
   cd $TMP
   apt -q source pulseaudio xrdp
   sudo apt -q build-dep pulseaudio xrdp
-  # For pulseaudio 'configure' is all what is needed:
   cd pulseaudio-$PULSE_UPSTREAM_VERSION/
   ./configure
-  # Adjust pulseaudio modules Makefile (needs absolute path)
-  # and build the pulseaudio modules.
   cd $TMP/xrdp-$XRDP_UPSTREAM_VERSION/sesman/chansrv/pulse/
   sed -i 's/^PULSE/#PULSE/' Makefile
   sed -i "/#PULSE_DIR/a \
   PULSE_DIR = $TMP/pulseaudio-$PULSE_UPSTREAM_VERSION" Makefile
   make
-  # Copy modules to Pulseaudio modules directory, adjust rights.
   sudo cp *.so /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/
   sudo chmod 644 /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/module-xrdp*
-  # Restart xrdp, now with sound enabled.
   sudo service xrdp restart
  }}}
  
@@ -203, +219 @@

   * allow/deny wireless access using LDAP groups (/etc/freeradius/3.0/users).
   * combine access points into dedicated groups (/etc/freeradius/3.0/huntgroups)
  
- (!) End user devices need to be configured properly, these devices need to be PIN protected for the use of EAP (802.1x) methods. And most important: users need to be educated to install the freeradius CA certificate on their devices to be sure to connect to the right server. This way the password can't be catched in case of a malicious server. The site specific certificate is available on the internal network.
+ (!) End user devices need to be configured properly, these devices need to be PIN protected for the use of EAP (802.1x) methods. Users should also be educated to install the freeradius CA certificate on their devices to be sure to connect to the right server. This way their password can't be catched in case of a malicious server. The site specific certificate is available on the internal network.
   * https://www.intern/freeradius-ca.pem (for end user devices running Linux)
   * https://www.intern/freeradius-ca.crt (Linux, Android)
   * https://www.intern/freeradius-ca.der (macOS, iOS, iPadOS, Windows)



More information about the debian-edu-commits mailing list