<a id="Hardware_2593530149012263_9946_06749329761195588" name="Hardware_2593530149012263_9946_06749329761195588"></a><h1><a id="Hardware_2593530149012263_9946" name="Hardware_2593530149012263_9946"></a></h1>Hi, <br><br>Below is a documentation summary of our LDAP system written by one of our volunteers, Grant Bowman. We have a team of really capable server architects who build a kick-ass Ubuntu LDAP network. <br>
<br>Sean described some issues with LTSP. I have found that LTSP requires tremendously powerful servers. It would be interesting to read some documentation of Veronica, Archie, etc, (the LSTP servers that Paul Nelson build) because I am guessing that the reason the Riverdale High School LTSP works really well is that they have built some really powerful servers there. <br>
<br>We were having trouble running OpenOffice and video on Firefox using the LTSP network that we had built. LDAP seemed to do better at load balancing , using the resources of the clients to take some pressure off of the server. <br>
<br>The link to our documentation is here:<br><br><font size="3"> <a id="publishedDocumentUrl" class="tabcontent" target="_blank" href="http://docs.google.com/View?id=dfzcxcjr_2chc5cqcg">http://docs.google.com/View?id=dfzcxcjr_2chc5cqcg</a></font><a id="wf_i" name="Software_021508028522328027"></a><br>
<br>I have pasted the contents of that document below. I hope this is helpful to others who are experiencing issues with performance on their LTSP systems. I'm not saying our solution is right for everyone, but it does work well for us.<br>
<h1>Staffing</h1>
<p><font size="3">The
time spent preparing the lab and keeping it running is significant,
though far less than a similar lab using machines that run other
operating systems. The system outlined in this document is designed to
minimize the valuable staff time spent on hardware and software
issues. Should a problem occur with a computer, the time required to
swap in a spare computer and reload the faulty machine is minimal.
Though the focus of this document is describing all the technical
requirements of a computer lab system, working with teachers, students,
the local Linux community, school administration and the school
district are all extremely important parts of a successful project. In
our case, a single person has been the administrative and
organizational contact. Since he lives near the schools, his
consistent physical presence helping in the schools has been the key to
all of the progress our sub projects have gained.<br></font></p>
<h1><a id="Hardware" name="Hardware"></a>Hardware</h1>
<p><font size="3">Hardware is a necessary but not sufficient component of a project's success.</font></p>
<p><br></p>
<p><font size="3">The
server is a 2.8 GHz Pentium D with two gigabytes of RAM, 320 GB of disk
and two gigabit Ethernet cards, one for the 192.168.10.x internal
network where full services are provided and one connecting to the
school's standard network using a DHCP assigned IP address.</font></p>
<p><br></p>
<p><font size="3">Lab
computers are all donated Pentium 4 machines with 512 MB of RAM, at
least 10 GB of disk space and 100 megabit ethernet cards. Fast Ethernet
(10/100 Mbit) switches are used for the lab so that plenty of bandwidth
is available </font><font size="3">within the lab </font><font size="3">for
playing video on many machines simultaneously and so that any switch
can be daisy chained from any other via gigabit Ethernet uplinks.</font><br></p>
<p><br></p>
<p><font size="3">The
operating system we chose is Ubuntu's Long Term
Support (LTS) version aka. 8.04 Hardy Heron released in April of 2008.
Ubuntu itself is based on the highly successful Debian GNU/Linux
distribution. We plan to migrate the lab to the next Ubuntu LTS
version scheduled to
be 10.04 in April of 2010. <br></font></p>
<p><br></p>
<p><font size="3">A budget and/or donations must be secured for the lab to replace broken and damaged hardware such as mice and keyboards.</font></p>
<p><br></p>
<p><font size="3">We are using a Google Docs spreadsheet to track the hardware. It is publically visible. <a href="http://is.gd/1X3Js">http://is.gd/1X3Js</a><br></font></p>
<p><br></p>
<h1><a id="Networking_019901110699576896_" name="Networking_019901110699576896_"></a>Network Routing<br></h1>
<h2><a id="NAT_FIREWALL_5661371053305754_" name="NAT_FIREWALL_5661371053305754_"></a><font size="3">NAT FIREWALL</font></h2>
<font size="3"> Firestarter frontend<br><br>The
network topology is pretty simple - one network card is the gateway for
192.168.10.1 and provides all the key services necessary. The other
network card can be configured via static or dhcp on whatever school or
main network that has connectivity to the Internet. This configuration
will not conflict with any possible existing network services while
still providing robust services to Linux clients.<br></font>
<h1><a id="Software_4272844959447527_7981_3144913751135281" name="Software_4272844959447527_7981_3144913751135281"></a>Network Services<br></h1>
<div style="font-family: Verdana;"><a id="DNS_DHCP_dnsmasq__5958165203226576" name="DNS_DHCP_dnsmasq__5958165203226576"></a>
<p><font size="3">All of these services are NOT publicly visible. They are only visible to our subnet's client machines.<br>
</font></p>
<h2><a id="DNS_DHCP_dnsmasq__5117409715702677" name="DNS_DHCP_dnsmasq__5117409715702677"></a><font size="3">DNS/DHCP (dnsmasq)</font></h2>
<ol><li><font size="3"> IP Addressing, Routing, DNS services (address from name dhclient supplies)</font></li><li><font size="3"> Name resolution, internal and external</font></li><li><font size="3"> PXE image name for network booting<br>
</font> </li></ol>
<h2><a id="PROXY_Services_870787209226641_5580325178390796" name="PROXY_Services_870787209226641_5580325178390796"></a><font size="3">PROXY Services</font></h2>
<ol><li><font size="3"> Squid proxy content caching</font></li><li><font size="3"> Privoxy address filtering</font></li><li><font size="3"> Drew's youtube rewrite squid plugin script </font></li></ol>
<p><font size="3">- Firefox prefs.js on clients</font></p>
<h2><a id="LDAP_openldap_9793449174389862_11342436725283156" name="LDAP_openldap_9793449174389862_11342436725283156"></a><font size="3">LDAP (openldap)</font></h2>
<ol><li><font size="3"> Authentication services (pamldap)</font></li><li><font size="3"> Secured by ssl</font></li><li><font size="3"> frontend admin by phpldapadmin </font></li></ol>
<h2><a id="NFSv4_037903229845236974_33358" name="NFSv4_037903229845236974_33358"></a><font size="3">NFSv4</font></h2>
<ol><li><font size="3"> Exported /home partition from server containing student /home/<userid> directories </font></li></ol>
<h2><a id="SSL_CERTIFICATE_AUTHORITY_6201_5079072452262853" name="SSL_CERTIFICATE_AUTHORITY_6201_5079072452262853"></a><font size="3">SSL CERTIFICATE AUTHORITY</font></h2>
<ol><li><font size="3"> Used by LDAP for secure authentication </font></li></ol>
<h2><a id="HTTP_APACHE_09010363403824517_" name="HTTP_APACHE_09010363403824517_"></a><font size="3">HTTP APACHE<br></font></h2></div>
<div style="font-family: Verdana;"><ol><li><font size="3">Hosts
standard repository (see Package Repository below) and custom packages
such as msttcorefonts, install_flash_player_10_linux.deb<br></font></li><li><font size="3"> Hosts pre-seed install files such as hardy-placement.cfg and post-placement.sh<br></font></li><li><font size="3"> Hosts myldapadmin ldap frontend tool<br>
</font> </li></ol>
<h2><a id="PACKAGE_REPOSITORY_68367310249_6837021883303243" name="PACKAGE_REPOSITORY_68367310249_6837021883303243"></a><font size="3">PACKAGE REPOSITORY</font></h2>
<ol><li><font size="3"> maintained by apt-mirror, served to clients through through HTTP Apache<br></font></li><li><font size="3"> used by cron-apt to keep clients updated</font></li><li><font size="3"> used by debian-installer for network installs </font></li>
</ol><br><h2><a id="NETWORK_INSTALLER_BOOTING_sysl_3769187759702559" name="NETWORK_INSTALLER_BOOTING_sysl_3769187759702559"></a><font size="3">NETWORK INSTALLER BOOTING (syslinux)</font></h2>
<ol><li><font size="3"> PXELinux boot via TFTP (tftpd-hpa)</font></li><li><font size="3"> ISOLinux for creating CD boot images with menus (alternate iso) </font></li></ol>
</div>
<br>
<h1><a id="Linux_Client_Package_665530612_38107996767748253" name="Linux_Client_Package_665530612_38107996767748253"></a>Linux Client Package</h1>
<h2><a id="CLIENT_PACKAGE_811077883721285_3867195684886744" name="CLIENT_PACKAGE_811077883721285_3867195684886744"></a><font size="3">CLIENT PACKAGE</font></h2>
<ol type="a"><li><font size="3"> Installs dependent packages, </font><font size="3">Depends on standard packages, backports, some custom compiled packages (italc) </font></li><li><font size="3"> Configures client for network services including a line in /etc/fstab for NFS mounting of /home</font></li>
</ol>
<font size="3">192.168.1.1:/home /home nfs4 rw,soft,intr 0 0<br>Configuration files are stored in and symbolic linked to /etc/x-client-config/</font><br>
<a id="Networking_8204157507627134" name="Networking_8204157507627134"></a><a id="qobu" name="Software_021508028522328027"></a>
<h1><a id="Author_8404693126991073_625128_9938979815576774" name="Author_8404693126991073_625128_9938979815576774"></a>Author</h1>
<a id="c0wu" name="Networking_8204157507627134"></a>
<p><font size="3">This document was created by a team. Please email comments to: Grant Bowman <<a href="mailto:grantbow@gmail.com">grantbow@gmail.com</a>></font></p>
<p> </p>
<h1><a id="Latest_Version_152044218682532" name="Latest_Version_152044218682532"></a>Latest Version<br></h1>
<a id="gnks" name="Networking_8204157507627134"></a>
<p><font size="3">The
latest version can be found as a publicly viewable google document:
<a href="https://docs.google.com/Doc?docid=0Aa7wSBzNDXVYZGZ6Y3hjanJfMmNoYzVjcWNn&hl=en">https://docs.google.com/Doc?docid=0Aa7wSBzNDXVYZGZ6Y3hjanJfMmNoYzVjcWNn&hl=en</a>
or</font><font size="3"> <a id="publishedDocumentUrl" class="tabcontent" target="_blank" href="http://docs.google.com/View?id=dfzcxcjr_2chc5cqcg">http://docs.google.com/View?id=dfzcxcjr_2chc5cqcg</a></font></p>
<a id="wf_i" name="Software_021508028522328027"></a><br><br>