Systems4Schools
advertisement
ITCS Capstone Project 2013 Final Report
Systems4Schools
Affordable Computers Utilizing Raspberry Pi Technology
Project Team:
David Collins
Andrew McGillivray
Tyler Todd
Instructor:
Colin Chamberlain
SAIT Polytechnic School of Information and Communications Technology
Computer Systems Major
April 10 2013
Systems4Schools
Table of Contents
RASPBERRY PI CHIP .................................................................................................................................................................................. 2
EXECUTIVE SUMMARY ....................................................................................................................................................... 2
INTRODUCTION & BACKGROUND .................................................................................................................................................... 3
THE STATE OF COMPUTERS IN THE SCHOOLS TODAY .............................................................................................................. 4
ACCOMPLISHMENTS & LESSONS LEARNED ................................................................................................................................... 5
RECOMMENDATIONS ............................................................................................................................................................ 6
BUDGET......................................................................................................................................................................................................... 6
ESTIMATED BUDGET COSTS ................................................................................................................................................. 6
ACTUAL BUDGET COST ......................................................................................................................................................... 7
ACKNOWLEDGEMENTS & REFERENCES ........................................................................................................................................... 8
CONCLUSION............................................................................................................................................................................................ 10
APPENDICES .............................................................................................................................................................................................. 11
GLOSSARY OF TERMS .......................................................................................................................................................... 11
SECURITY .............................................................................................................................................................................. 12
ADMINISTRATION MANUAL............................................................................................................................................... 13
RECOMMENDED CONFIGURATION AND BASIC INFORMATION ..................................................................................................... 13
VMWARE VSPHERE ............................................................................................................................................................... 14
OPERATION OF VSPHERE .................................................................................................................................................................. 14
ESXI .......................................................................................................................................................................................14
POOLS .................................................................................................................................................................................... 15
VIRTUAL MACHINES............................................................................................................................................................. 16
CONNECTING TO SERVERS ............................................................................................................................................................ 17
LTSP SERVER ........................................................................................................................................................................................ 17
NETWORK AND AUTHENTICATION SERVER .......................................................................................................................... 20
ATUTOR SERVER................................................................................................................................................................................. 20
OPERATION OF CLIENT DEVICES: ................................................................................................................................................ 21
CUSTOMIZATION ............................................................................................................................................................................... 22
TROUBLESHOOTING ......................................................................................................................................................................... 23
TECHNICAL OVERVIEW & CONFIGURATIONS ........................................................................................................ 25
Systems4Schools Final Project Report 1
Systems4Schools
Executive Summary
This formal report will provide an analysis of the entire lifecycle of
the Systems4Schools capstone project, and the careful planning and
considerations that went into the development of our final
deliverables. The team members who worked on this project are
David Collins, Andrew McGillivray, and Tyler Todd. The project
commenced in January 2013, and followed a 13 week lifecycle to its
completion on April 10 2013.
Raspberry Pi
Chip
One of the key
components of our
project; the Raspberry Pi
is a credit-card sized
chip capable of booting
Our idea for the project centered on changing the way that we look
an Operating System
at computers in the classroom, and we wanted to accomplish this
with an Ethernet cable.
with the use of Raspberry Pi technology (See sidebar for more
information). Inspired by the Commodore computers in the past,
we wanted to prototype a keyboard with the Raspberry Pi built into
it – the express goal of which being to develop an inexpensive
solution to having computers in the classroom. These Raspberry Pi
units would then be served a Linux thin-client over the network
and would utilize the resources of the server itself.
As one of the goals of the project being to limit the cost of
Using an SD-Card to
give the chip
instructions in receiving
the “thin-client” OS, the
chip also comes with an
impressive array of I/O
ports:
HDMI
Composite Video
3.5 mm Audio
10/100 Ethernet
later use the Raspberry Pi for testing and monitoring.
SD/MMC/SDIO Slot
Over the course of the project there were milestone
2 USB Ports
equipment needed for a system of computers to be set up in a
classroom, there was a smaller number of key hardware
components that made up the entire working model. These key
components are an HP Proliant DL385 G7 server, a wireless-N
router, and lastly the Raspberry Pi unit(s). With our laptops we
were able to administer all of the proper configurations, and then
accomplishments, and to achieve these accomplishments, lessons
were learned and recommendations can be made in order to ease the process of developing this type of
configuration.
The materials needed and likewise the budget to provide those materials was relatively small. As is the
nature of our project vision to provide an inexpensive solution to having computers in the classroom,
there is a relatively small amount of components required in order to set up our system.
Systems4Schools Final Project Report 2
Systems4Schools
Introduction & Background
Given the availability of new and emergent technology today, there is more than one way to provide
all of the benefits and tools of a PC workstation. In some workplaces, Smartphones are being used as
the primary computing and internet connectivity device for workers to perform all work-related tasks.
For our project, we knew we wanted to center our work on the Raspberry Pi chip, and what could
potentially be a new and emergent use for the device. Before we had the idea to use the product in
school environments, we knew we at least wanted to somehow integrate the chip into a keyboard –
effectively making the keyboard a PC workstation, in a non-traditional sense. There are many guides
on the internet about all the different uses the Raspberry Pi chip is capable of, and some even divulge
the use of keyboard integration. We eventually realized that this product would be an incredibly
inexpensive computer, and that is where we had the idea to use the system in a classroom
environment.
Not all schools have the budget to maintain and provide PC technology in the classroom – with the
Raspberry Pi System, we envisioned a workstation at every desk, or at the very least in every
classroom. Our idea would be that the system would be preinstalled with educational software, which
could be made accessible to several age groups, though we eventually decided that for the purposes of
this project to use elementary-aged students as the target users of the product. We wanted to develop a
system that would be easy and fun to use, and maybe something no one has ever really seen before.
We eventually realized that the keyboard integration, while unique, is actually an impractical approach
to the problem we are trying to solve, but this will be discussed more in-depth in our recommendations
section of this report.
Server-side, the system configuration, while relatively simple, was arduous to plan and perfect. Using
VMWare ESXi as our server management software, we were able to easily set up and deploy servers to
provide the necessary services to carry out the vision of our final product. The first, and most
important server, is our Linux thin-client. This is the Operating System to be served to the Raspberry
Pi unit – the system that students will be interacting with. Essential to its proper functioning are two
other Linux servers that complement the main server’s functionality. Server number 2 provides DHCP,
DNS, and LDAP services, and server number 3 provides tertiary services including the ATutor web
portal, which will be discussed in the Overview section of this report.
These are the separate systems that encompass the working model of our project. It is a relatively
simple setup, easy to maintain, and is run with a minimal network infrastructure. We hope to solve the
question of where a school is expected to stand on the implementation of computers in the classroom
by providing a cutting-edge product at a relatively small expense.
Systems4Schools Final Project Report 3
Systems4Schools
The State of Computers in the Schools Today
The rapid advancement of technology forces school board members and directors of technology to be
continually on their feet and prepared for new and exciting changes in the market. Many private
schools and charter academies are geared towards providing the best in technological offerings on the
market today, while other schools depend on a more relaxed stance on how to implement computer
systems in their classrooms. Many implementations are used, and all are viable options on how to
approach the situation, and each try to address the most important questions; is this method costeffective? Is it easy to maintain? And lastly, does it address the needs of the students? We feel as a
group that the last question is the most important to ask, and likewise to successfully answer, given
that we live in a society that is geared towards the continual adoption and use of new technologies, the
skills required to comfortably and confidently use these technologies would be an invaluable asset for
future advancement, not only throughout the course of one’s education, but in the eventual career field.
With the Systems4Schools Raspberry Pi units, we want to provide schools with a cost-effective solution
to implementing computers and related technologies in the classroom. We want to help schools
answer the hard questions about which direction to take when it comes to spending money on
computers, and more importantly, we want to give students an accessible, and ultimately, an enjoyable
way of interacting with newer technologies that they normally might not have access to outside of the
classroom.
In today’s economic climate, there isn’t a lot of money to go around. Many schools are spending more
money per student than they are actually receiving in funding, which only leads to more debt. It is a
complex situation, and one that must be addressed. Our philanthropist stance on the matter is one that
could be explored outside the limits of our project – it isn’t necessarily the best computer that can
accomplish what schools are seeking to achieve, but getting the most resources out of the smallest
amount of hardware required is the very idea that is the driving force behind our project vision. There
are many inexpensive technologies available today that are perfectly capable of performing the same
tasks as some of the most cutting-edge PC and Mac workstations, and it all depends how these
resources are utilized. In regards to our project, the servers provide all of the hardware requirements
(which are easily customized with server managers like VMWare ESXi), and the Raspberry Pi units are
simply conduits to the processing power of these servers.
With our project we seek not to solve any problems, or make any drastic changes; we simply wish to
improve the state of technological accessibilities to children of any age.
Systems4Schools Final Project Report 4
Systems4Schools
Accomplishments & Lessons Learned
The development of our project saw many invigorating highs, and likewise many infuriating lows. For
our accomplishments, some of which were simple, and some of which took a lot of time to achieve,
were all none the less very satisfying.
Successfully booting the Raspberry Pi: We attained this goal about 2 weeks into the development
of our project. It involved the setting up of 2 (out of the 3 required Linux servers), and the wireless
router. The first server being the Operating System booted by the Raspberry Pi, and the second
server which dealt with DHCP and DNS, which allowed to Raspberry Pi to know where to retrieve
the Linux thin client.
Figuring out how to build the Raspberry Pi chip into our keyboard: We decided to use an old
Apple keyboard for the prototype. The clear plastic seemed like a perfect choice for this product as
it would allow us to show observers the Raspberry Pi chip inside the keyboard. The planning took a
long time for us to get this working properly, as the keyboard itself didn’t really provide us a lot of
room to put the entire chip inside it. The turning point was when we one day decided to start really
taking it apart and cutting out slots for the ports (which involved a lot of tedious cutting, and
chipping away at the plastic). The chip fit perfectly inside and gave us access to the ports, but we
were left with the problem of placing the keyboard component over the chip, as it took up took
much space for it all to fit together properly. Our workaround to this issue was to use foam
insulation cut into squares which would both allow the keyboard to have something to rest on and
also allowed us to give a proper seat for the Raspberry Pi chip.
Open LDAP: Or, Lightweight Directory Access Protocol was an essential component of our project.
Not because it was necessary for the project to work, but because it showed that our system was
ideal for an educational environment with security and authentication in mind, the idea being that
each student would be provided credentials to log into the system. It is basically Active Directory
for Linux Operating Systems, only much less automated and required quite a bit of manual
configurations.
ATutor: ATutor is an administrators-in-education web portal for Linux. It is essentially the Linux
version of Blackboard or D2L; it provides instructors and administrators a portal to upload
homework assignment, post grades, and likewise for students to have access to class resources. This
service utilizes Apache Web Server, PHP and MySQL, and the installation was time consuming, due
to the complicated nature of this type of web service.
Systems4Schools Final Project Report 5
Systems4Schools
Recommendations
The one recommendation we would make about this project, is that the integration of the chip into the
keyboard is highly impractical. In a real life situation, the Raspberry Pi units would most likely be
seated in their own cases, or possibly even mounted to the back of the monitor. Actually integrating
the chip into a keyboard would become extremely costly and time-consuming, which is essentially the
opposite of what we are trying to convey with this project.
The only other recommended change to our project would be to use a different server entirely. We
discovered at around the halfway point of project development that the server was unable to provide
the hardware and video acceleration that was required to run certain programs on the client device –
such as typing games. A potential workaround to this issue would be to use a server that was capable
of video acceleration (most likely with the use of a GPU).
Budget
Our budgets projections were very nearly on par on the hardware side. We didn’t dedicate a lot of
time in the estimation of labor costs, due to not knowing exactly how much time we would spend
performing certain tasks, so that was left out of the original project budget. We found that we were
only about $1600 over our predicted budget, which may at first seem like a lot, but when one considers
the cost to actually implement a network of computers in a school, the additional costs are trivial.
Below is a detailed look at our preliminary budget analysis, and then following is a look at our actual
costs of the project.
Estimated Budget Costs
Item
Raspberry Pi
Keyboards
Server
HDMI Monitor
Mouse
Micro-USB Cable
USB AC Adapter
SD Cards
Switch
Hardware Firewall
CAT6 Cables
TOTAL
No. of Items
2
2
1
2
2
2
2
2
1
1
7
Cost
$90
$40
$2000
$200
$40
$10
$15
$15
$150
$250
$45
$2855
Systems4Schools Final Project Report 6
Systems4Schools
We underestimated the cost of the server, which as described in the recommendations, was the wrong
type of server to use for this type of project. It was overkill in all the right areas (CPU and Memory)
but it unfortunately did not provide the hardware acceleration that was needed for the Raspberry Pi to
run graphically intensive programs. A server that would be capable of hardware acceleration is what
we needed, and in reality, that type of server may actually have come at a much lower cost than the HP
Proliant server we ended up using.
Actual Budget Cost
HARDWARE
Item
Raspberry Pi
Keyboards
HP ProLiant DL385 G7 Server
HDMI Monitor
Mouse
Micro-USB Cable
USB AC Adapter
SD Cards
UPS
Router
CAT5 Cables
Server Rack
HARDWARE TOTAL
Difference from original
LABOR
Tyler Todd
Andrew McGillivray
David Collins
LABOUR TOTAL
FINAL TOTAL
No. of Items
2
2
1
1
1
2
2
2
1
1
4
1
Rate
$101.99
$101.99
$101.99
Hours
96
103
98
Cost
$90
$40
$3,398.99
$200
$20
$10
$15
$15
$250
$60
$20
$400
$4518.99
($1,663.99)
Cost
$9,791.04
$10,504.97
$9,995.02
$30,291.03
$34,810.02
Systems4Schools Final Project Report 7
Systems4Schools
Acknowledgements & References
[1] Numerous Authors, “RaspberryPi.org” RaspberryPi.org [online], April 2013 [cited January 2013],
available from World Wide Web: <http://www.raspberrypi.org/>
[2] Wiki, “RPi Hardware Basic Setup” ELinux.org [online], 2013 [cited January 2013], available from
World Wide Web: <http://elinux.org/RPi_Hardware_Basic_Setup>
[3] Max, “BerryTerminal” Berry Terminal.com [online], Mar. 21 2013 [cited January 2013], available from
World Wide Web: <http://www.berryterminal.com/doku.php#download>
[4] SepticLemon, “Putting a Pi in a keyboard…” RaspberryPi.org [online], Oct. 7 2012 [cited January
2013], available from World Wide Web:
<http://www.raspberrypi.org/phpBB3/viewtopic.php?f=40&t=19436>
[5] Julian Horsey, “Raspberry Pi Keyboard Case Hack” Geeky Gadgets [online], Aug. 23 2012 [cited
January 2013], available from World Wide Web: <http://www.geeky-gadgets.com/raspberry-pikeyboard-case-hack-23-08-2012/>
[6] Jamesbeat, “Case Project: Dedicated ZX Spectrum Emulation Machine” RaspberryPi.org [online] Oct.
22 2012 [cited January 2013], available from World Wide Web:
<http://www.raspberrypi.org/phpBB3/viewtopic.php?f=40&t=20757>
[7] Thorin Klosowski, “Turn a Keyboard Into a Computer with Raspberry Pi”, Lifehacker [online] Aug.
23 2012 [cited January 2013], available from World Wide Web: <http://lifehacker.com/5937211/turn-akeyboard-into-a-computer-with-raspberry-pi>
[8] crkrjak2001, “Turn a keyboard into a Raspberry Pi case for around $20 or less” Instructables [online]
Dec. 31 2012 [cited January 2013], available from World Wide Web:
<http://www.instructables.com/id/Turn-a-keyboard-into-a-Raspberry-Pi-case-for-aroun/#step1>
[9] David Briddock, “Accessorizing your Raspberry Pi” Micromart [online] Jan. 11 2013 [cited January
2013], available from World Wide Web: <http://www.micromart.co.uk/pc/raspberrypi/187/accessorising-your-raspberry-pi>
[10] David Hayward, “25 fun things to do with a Raspberry Pi” CNet [online] Nov. 28 2012 [cited
January 2013], available from World Wide Web: <http://reviews.cnet.co.uk/desktops/25-fun-things-todo-with-a-raspberry-pi-50009851/>
Systems4Schools Final Project Report 8
Systems4Schools
[11] Eduardo Delarosa, “XAMPP: Couldn’t start MySQL!” XAMPP Blogspot [online] Nov. 22 2011[cited
February 2013], available from World Wide Web: <http://xampp-mysql.blogspot.ca/>
[12] gilrez, “XAMPP: Couldn’t start MySQL” Ubuntu Forums [online] Jul 22. 2011 [cited February 2013],
available from World Wide Web: <http://ubuntuforums.org/showthread.php?t=1809670>
[13] Author Unknown, “Installation” ATutor Learning Management Tools [online] 2012 [cited March
2013], available from World Wide Web: <http://atutor.ca/atutor/docs/installation_pre_1_3.php>
[14] Forum Posting, “SSH Connection Refused” LinuxQuestions.org [online] Apr. 12 2012 [cited March
2013], available from World Wide Web: <http://www.linuxquestions.org/questions/linux-networking3/ssh-connection-refused-941525/>
[15] frbry “How to solve ‘Connection refused’ errors in SSH connection?” AskUbuntu.com [online] Mar.
12 2011[cited March 2013], available from World Wide Web:
<http://askubuntu.com/questions/30080/how-to-solve-connection-refused-errors-in-ssh-connection>
[16] Kai Seidler “XAMPP for Linux” Apache Friends [online] Feb. 22 2009 [cited March 2013], available
from World Wide Web: <http://www.apachefriends.org/en/xampp-linux.html#388>
[17] NIXCRAFT “20 Linux Server Hardening Security Tips” Cyber Citi [online] Oct. 20 2009 [cited
March 2013], available from World Wide Web: <http://www.cyberciti.biz/tips/linux-security.html>
[18] NIXCRAFT “Linux Disable Wireless Networking (Wi-Fi) Cyber Citi [oline] Jul. 10 2009 [cited March
2013], available from World Wide Web: <http://www.cyberciti.biz/faq/linux-remove-wirelessnetworking-wifi-802-11-support-drivers/>
Systems4Schools Final Project Report 9
Systems4Schools
Conclusion
Completion of a project is an extremely satisfying and rewarding endeavor. There were many
milestones that encouraged us to keep moving forward and to try new things to test the extent of what
could be accomplished with our customized Raspberry Pi unit, and many failures and setbacks were
met in order to achieve these milestones. These setbacks helped us to learn a lot of lessons on how to
properly configure the system, and what we observed was that if we needed to redo certain steps, it
took a significantly less amount of time to complete them as we had our journals to reference in order
to properly complete these tasks. The note-taking and journaling alone is a skill that will be utilized
throughout our careers, due to the complex nature of configuring systems, it is basically impossible to
memorize the steps needed to complete certain tasks.
The most rewarding aspect of the project had to do with the prototyping and eventual creation of our
customized keyboard. Aesthetically, it isn’t the best looking piece of hardware, but the fact that it is
essentially a keyboard that functions as a computer is something that we as a group take pride in
having engineered. That, combined with the proper configuration of our network of servers gives us a
deliverable that feels as though it is our own creation with our own personal touch, and the project
itself conveys each team member’s personal creativity. Computer technology doesn’t have to be
straight-forward and uninspired – quite the opposite as a matter of fact. This is one point we are trying
to convey with this project, aside from our main project vision of changing the way that we look at
computers in the classroom. We want to show that technological innovation can be an art form, in its
own right, and that with newer, emergent technologies, there is no limit to what can be done.
We look forward to showing our project at the Capstone Showcase – we aim to have a product that no
one has ever really seen before, functioning in a way that might seem surprising and yet innovative.
We are all very proud of the work we have to put into this and the journey of this project from start to
finish, and the lessons learned in between, are those that will be used and remembered throughout our
careers in Information Technology.
Systems4Schools Final Project Report 10
Systems4Schools
Appendices
Glossary of Terms
Raspberry Pi: A credit card-sized computer chip, the Raspberry Pi is capable of running an Operating
System over a network, and which utilizes the hardware capabilities of the server that is delivering said
Operating System. It is a versatile chip tailored to carry out a variety of tasks. It has the added benefit
of being extremely inexpensive, at a cost of $35.
Linux: An open-source, UNIX-based Operating System, Linux Operating Systems are known for being
customizable, and more importantly most versions are free under the GNU General Public License.
The defining characteristic of the Linux OS is the customizable Linux Kernel.
LTSP: Linux Terminal Server Project is an open source terminal server for Linux which allows multiple
users to simultaneously use the same computer. The applications are run with a terminal, or “thinclient”, which handles input and output functions.
Client Device: Our specialized custom keyboard with built-in Raspberry Pi chip. This is the device
which the client will be interacting with.
VMWare ESXi: Software that is used to administratively manage virtualized Operating Systems. With
this software, one can manage the hardware utilization of the server on which it is installed. Resource
pools can be configured to give certain high-priority Operating Systems the resources they need to
function properly.
LDAP: Lightweight Directory Access Protocol, this application protocol is used for user authentication.
Authenticated users are granted access to directory services which are often organized in a hierarchical
structure. The inclusion of LDAP also adds a layer of security to the network.
ATutor: A Linux web portal designed for educational administrators, instructors, and students. It is
designed to manage classes, allow instructors to upload assignments (and likewise for students to
upload completed homework), and is a solution to unifying all members in an educational
environment to have continual access to required resources.
DHCP: Dynamic Host Configuration Protocol, DHCP is a server service which is responsible for
assigning IP addresses to users on the network.
DNS: Domain Name System, this system associates various pieces of information with domain names.
It’s most important feature is that it translates domain names to numerical IP addresses with the
Systems4Schools Final Project Report 11
Systems4Schools
purpose of properly locating computer services and devices. It is essentially a phonebook for the
Internet.
Security
Security is a crucial component of every server-based network. For our project, we hardened each
server as much as possible to ensure that the network is safe, and that it is capable of protecting
sensitive data. The components of our network security are as follows:
Root login via SSH is disabled across all servers
SSH ports for servers 2 and 3 have been switched to port 2222 instead of the traditional 22
LDAP is used for authentication with adds a layer of security to the servers providing a centralized
login system
Linux modules and daemons have been removed from the kernel
Systems4Schools Final Project Report 12
Systems4Schools
Administration Manual
Recommended Configuration and basic information
Recommended Configuration:
Our recommended configuration consists of 3 servers; an LTSP server, a Network and Authentication
server, and a serve to provide tertiary services (ATutor). These servers provide the core functionality
needed for clients to access a terminal session. Running on VMware ESXi servers, these three
virtualized systems provide an all-encompassing solution.
Ubuntu 12.10 is the Linux distribution of choice. All software and configurations have been tested on
this platform.
It is recommended you have at least 1 Windows 7/8 system on your network to run the vSphere Client,
third party LDAP tools and Putty for SSH sessions, these tools are included in the administration disc
Servers:
1) LTSP server: This is the core system in our network, it is our terminal server. All clients will be
running their sessions off of this system.
2) Network and Authentication Server: Running on this server is DNS, DHCP and LDAP. You will
notice that this server does not provide a graphical user interface, we strongly advise against
installing a GUI or running any other services on this system.
3) ATutor: Dedicated to running the Education Administration website, ATutor, which allows
instructors to upload homework assignments, and likewise provides students to all the
necessary resources.
Tools provided to you:
Systems4Schools has coded Perl scripts that sit under the “/systems4schools/scripts” folder on each server
where they are applicable. These are self-explanatory and allow you to speed your workflow and
troubleshooting should you encounter issues.
The following tools are included on the administration disc:
-
Berry Terminal
o
Client side software, simply copy the contents of this folder onto the root of the SD card and
it will boot to the LTSP server
-
Gawor LDAP browser
o
-
Java based LDAP browser
LDAPAdmin
Systems4Schools Final Project Report 13
Systems4Schools
o
-
HeidiSQL
o
-
Used to connect into the ATutor SQL database
Putty
o
-
Standalone LDAP browser
SSH client
vSphere Client
o
5.1 – Version used in the Systems4Schools recommended configuration
VMware vSphere
To access the ESXi server you will need to be on the same network as the ESXi server as well as have
the vSphere client installed on your system.
Note: The vSphere Client version must match the ESXi version running on your server.
Steps:
1) Open the vSphere Client on your system.
2) You will be prompted with a dialog box requesting the
following:
a. IP/Hostname
b. Username
c. Password
3) Enter the IP of the ESXi server (This will be unique to
your site, please refer to the site documentation)
4) Enter your username and password, it is not advisable to login as the root user.
5) Once your credentials are entered and are correct the vSphere client will load and you will be able to
create and modify the virtual machines.
Operation of vSphere:
Since you will already have the virtual machines that you need created and running for you, you will
just need to know how to maintain it.
ESXi:
Permissions;
Under this tab you are able to change permissions and add/remove user from this server
Systems4Schools Final Project Report 14
Systems4Schools
Events
The events tab shows the history of everything that has happened on the ESXi and it’s broken down
by user so that it easy to see what happens and who performed the action.
Local users & groups;
This tab both shows and lets you edit the various different users and groups with permissions in
ESXi. It shows the level of access each has and their perspective UID.
Configuration;
The configuration tab lets you view and edit everything you have in your server that the pool is
running on.
Performance;
This tab lets you view in both table and graphical format the various different forms of usage on the
server.
Resource Allocation;
Shows the CPU, memory and storage resource allocated to this server and allows you to edit them
Virtual machines;
This is where it shows the various different virtual machines that are in the pool and lets you add or
delete any VM’s on the server. By clicking on them you can manage the setting, turn them on or off,
suspend them and open them up to see the consol. It also shows the various different resources
allocated to the various VMs.
Summary;
This tab gives you a brief overview of what is on the server and the resources it is using.
Getting started;
This is the first tab and it shows a few different wizards available that guide you through different
acts in the server.
Pools
The VM’s you have will be under their own resource pools in the left pane. If you need to modify the
CPU and memory of them, simply right click on the pools and select edit pool. There are multiple tabs
in the right window once you select the pool you want that let you administer them.
Permissions;
Under this tab you are able to change permissions and add/remove user from this pool. They should
be inherited from the ESXi server and not need to be changed for pools.
Systems4Schools Final Project Report 15
Systems4Schools
Events;
The events tab shows the history of everything that has happened on the Pool and it’s broken down
by user so that it easy to see what happens and who performed the action.
Performance;
This tab lets you view in both table and graphical format the various different forms of usage on the
pool.
Resource Allocation;
Shows the CPU, memory and storage resource allocated to this pool and allows you to edit settings
Virtual machines;
This is where it shows the various different virtual machines that are in the pool and lets you add or
delete any VM’s in the pool. By clicking on them you can manage the setting, turn them on or off,
suspend them and open them up to see the consol. It also shows the various different resources
allocated to the various VMs.
Summary;
This tab gives you a brief overview of what’s in the pool and the resources it is using.
Getting started;
This is the first tab and it shows a few different wizards available that guide you through different
acts in the pool.
Virtual Machines
Permissions;
Under this tab you are able to change permissions and add/remove user from this VM. They should
be inherited from the Pool and ESXi server and not need to be changed.
Console;
The console is the view of the actual machine. So you will see the desktop and be able to operate the
VM just like a normal computer here. It can be expanded to its own window for a larger view.
Events;
The events tab shows the history of everything that has happened on the VM and it’s broken down
by user so that it easy to see what happens and who performed the action.
Performance;
This tab lets you view in both table and graphical format the various different forms of usage on the
VM
Systems4Schools Final Project Report 16
Systems4Schools
Resource Allocation;
Shows the CPU, memory and storage resource allocated to this VM and allows you to edit the
settings
Summary;
This tab gives you a brief overview of the VM. It lists its stetting, properties, resources and its status.
It also lets you turn the VM both on, off or suspend it and edit its settings.
Getting started;
This tab lets you start, stop or edit the Virtual machine.
Connecting to Servers
You have multiple options for connecting into the servers to manage them, each has its preferred
connection method for the services installed.
LTSP Server
The preferred connection method to this server is the vSphere console. Since this is running LTSP it is
best practice to also connect into via the client devices as this allows the administrator to ensure that
any changes made do not affect the end experience.
If you choose to connect via SSH, SSH is running on default port 22 (Needed for LTSP connections)
Network and Authentication Server
SSH (Putty is the recommended tool) is the preferred connection method, since this server does not
provide a Graphical User Interface it is quicker and faster to use SSH.
SSH for this server is running on port 2222.
ATutor Server
SSH (Putty is the recommended tool) is the preferred connection method, since this server does not
provide a Graphical User Interface it is quicker and faster to use SSH.
SSH for this server is running on port 2222.
LTSP server
Running Services:
-
LTSP
-
TFTPD-HPA
Terminal server for end users. No administrative tools or sensitive information should be stored on this
server.
Systems4Schools Final Project Report 17
Systems4Schools
Re-Authenticating/Authenticating with another LDAP server:
If there are issues authenticating with the LDAP server, or a third party server is implemented the
client side configuration can be reconfigured to point to another server by running the following
command in the terminal window “sudo dpkg-reconfigure ldap-auth-config” You will be prompted with
the following screens:
Choose <Yes> for this option.
Enter the IP address of the LDAP
server, for stability and reliability it
is recommended that you use an IP
address as opposed to a hostname.
The default port for LDAP is 389
If you cannot connect after going
through this configuration change:
ldap:// to: ldapi://
Enter the same of the search base,
for the default configuration using
Systems4Schools Final Project Report 18
Systems4Schools
Systems4Schools DNS and LDAP server is shown in the screenshot.
Select the version of LDAP
you would like to use.
Systems4Schools
recommended environment
was built around LDAP 3 and
has not been tested with
LDAP 2. If you are running
into issues with older third
party systems authenticating
this may be a possible fix.
Select <No> as this will
interfere will LTSP, and users
will not be able to
authenticate.
The rest of the options can be changed to fit your unique needs. A database login is not needed but it
does provide a bit more access and allows for quicker lookups.
Systems4Schools Final Project Report 19
Systems4Schools
Network and Authentication Server
Running Services:
-
BIND9 (DNS)
-
ISC-DHCP-SERVER
-
OpenLDAP
-Provides basic network functionality to the client systems as well as third party PXE boot clients. Also
is the centralized authentication service.
Adding a user:
To add a user to the OpenLDAP directory we suggest using LDAPAdmin, this is a windows based
tool. To create a new user follow the steps below:
1) Open LDAPAdmin from the administration disc
2) New Connection
3) Enter the search base, Network and Authentication Server IP address and login credentials.
4) Right click at either the base of the tree or in the desired OU and click new user.
The following details should remain constant between users:
Login Shell: “/bin/bash”
Home Directory:” /home/<username>” Note: <username> is the username of the new user.
ATutor Server
Running Services:
-
Apache2.2
-
MySQL
Starting Apache2.2:
If Apache stops or does not start on boot it can be start by simply running the following command from
the terminal: “sudo service apache2 restart”
In order for ATutor to run the MySQL database must be running. If Apache is restarted MySQL must
be restarted also by running the following command: “sudo service mysql restart”
Systems4Schools Final Project Report 20
Systems4Schools
Creating an ATutor user
To create a user the web interface is used, which can be accessed with the FQDN of the ATutor server
(atutor.systems4schools.local in the recommended setup). Once logged in you will find a “Users” tab
within this tab you can create users and modify permissions.
Operation of Client Devices:
Deploying/Reinstalling BerryTerminal
Provided on the Administration disc is a copy of BerryTerminal. This is the only software that will run
on the Client Devices as the rest is done on the LTSP server.
To install/reinstall this software simply copy the contents of the folder to the root of the SD card. Once
copied insert the SD card into the client device and it will boot as normal.
Client Login Flow chart
Client Systems are
powered on and
look for BOOTP
packets being
broadcasted by the
Network and
Authentication
Server
Network and
Authentication
Server gets response
from Client Devices.
Forwards packet to
Client Device
notifying it that it
does not contain the
information needed
for LTSP and to go
the LTSP server
Client Devices query
LTSP server. LTSP
server then hands
out TFTP
information.
Systems4Schools Final Project Report 21
With TFTP image
verifiied to exist the
Client system then
presents the login
screen to the end
user
Systems4Schools
Customization
Client Side:
On the root of every SD card there is a file called cmdline.txt. This file allows you to set multiple
attributes to allow for manual server specification and auto login, etc. you may append or edit them to
fit your needs. Supplied in the administration disc is a copy of BerryTerminal, you will find a copy of
this configuration file under the directory.
Manually specify a server:
server=1.2.3.4
Specify keyboard layout (FR for French, EN for English):
XKBLAYOUT=fr
Specify credentials for automatic login:
LDM_AUTOLOGIN=True LDM_USERNAME=username12 LDM_PASSWORD=password
Note: Every system must have their own login. We do not recommend using automatic login.
Sample Configuration file:
quiet
server=192.168.1.5
XKBLAYOUT=en
By default there will only be “quiet” in this configuration file. If you do not specify a server DHCP and
TFTP will be utilized. English is the default for the keyboard and language options
Installing Software on a Server
By default Ubuntu uses the Aptitude package manager, a simple easy to use package manager the basic
syntax is:
“apt-get <action> <package>”
Examples:
“apt-get install nano” – Will install the Nano text editor, or if installed will update the package.
“apt-get remove nano” – Will remove the Nano package.
If corrupt software is encountered and a reinstall fails insert “—purge” between the remove command
and the package name then reinstall said software.
Systems4Schools Final Project Report 22
Systems4Schools
Troubleshooting
All clients are not receiving a login screen
Client systems should receive a graphical login screen upon being powered on. This requires the two
following servers to be running:
1) LTSP Server
2) Network and Authentication Server
Recommended actions:
1) Ping both of these servers, both should respond in a timely manner
2) Do a name server lookup on the Network and Authentication server, you should be able to resolve
the LTSP server’s name.
a. If it fails it could be the BIND9 service down: “sudo service bind9 restart”
b. The recommended setup allows only the clients to utilize this server, therefore it is safe to do
a reboot.
3) Check if TFTP is running on the LTSP server: “sudo service tftpd-hpa status”
a. Restart the service if stopped, this pushes the client image to the devices.
4) Update the SSH keys on the LTSP server:
a. “sudo ltsp-update-sshkeys”
Login is successful but user gets redirected immediately back to login screen
This is a common symptom of not having a .Xauthority file. Follow the steps below to create this file:
1) Logon to LTSP server via client device or vSphere console as another user.
2) Open a terminal session
3) Run the following command, replacing <user> with the username of user that has the issue:
“ su <user>”
4) Enter the users password
5) Change the current directory to home: “cd ~”
a. If you receive an error that directory doesn’t exist; switch to user with sudo permissions and
run: “sudo mkdir /home/<user>”
6) Run “xauth”
User should now have the required file with the proper permissions set on it. GUI logon via the
vSphere console and Client Device should now work.
Systems4Schools Final Project Report 23
Systems4Schools
Client Systems Receive: “Error obtaining IP from DHCP server”
This error occurs because the DHCP server is not broadcasting itself or is not sending out BOOTP
messages.
Assuming that there have been no changes to the configuration file, the following steps should be
taken:
1. Open a terminal window on the Network and Authentication server.
2. Run command “sudo service isc-dhcp-server status”
a. Service status should be running.
3. Run command “sudo service isc-dhcp-server restart”
a. The service should successfully restart, if not refer to the /var/log/syslog file for a specific
reason.
4. If the service starts without issue and clients are still receiving the same error, ensure that all cabling,
ports, and connections are proper.
Permissions Errors
Any commands that commit changes to system files will need to have “sudo” prepended to them. If the
current user has “sudo” permission the command will run without error. For security reasons only
local users are recommended to have “sudo” permissions.
Example:
“sudo nano /etc/resolvc.conf”
Systems4Schools Final Project Report 24
Systems4Schools
Technical Overview & Configurations
This section includes the configuration and scripts used to configure the network.
LTSP Server 1:
Script for checking services:
#!/usr/bin/perl
# Systems4Schools Services Script
system('clear'); #Clears the CLI
print "Systems4Schools Services Script\n";
print "Service: \n\n";
#Start of services to print to end user
print "1) TFTP-HPA\n";
print "2) DNSMASQ\n";
print "3) Networking\n";
print "4) Resoveconf\n";
print "5) Ping LDAP Server\n";
print "6) Ping ATutor Server\n";
print "\n\nChoice: ";
chomp ($service=<STDIN>);
#start of IF statement for switch
Systems4Schools Final Project Report 25
Systems4Schools
if ($service eq '1'){
print "TFTPD-HPA\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service tftpd-hpa status');
}
else{
system('sudo service tftpd-hpa restart');
}
}
if ($service eq '2'){
print "DNSMASQ\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service dnsmasq status');
}
else{
system('sudo service dnsmasq restart');
}
}
if ($service eq '3'){
print "Networking\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
Systems4Schools Final Project Report 26
Systems4Schools
system('sudo service networking status');
}
else{
system('sudo service networking restart');
}
}
if ($service eq '4'){
print "Resolvconf\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service resolvconf status');
}
else{
system('sudo service resolvconf restart');
}
}
if ($service eq '5'){
print "Pinging ldap.systems4schools.local\n\n";
system('ping ldap.systems4schools.local -c 4 | grep "packet loss"');
}
if ($service eq '6'){
print "Pinging atutor.systems4schools.local\n\n";
system('ping atutor.systems4schools.local -c 4 | grep "packet loss"'); }
Systems4Schools Final Project Report 27
Systems4Schools
/etc/hosts
127.0.0.1
localhost
127.0.1.1
SRV01
# The following lines are desirable for IPv6 capable hosts
::1
ip6-localhost ip6-loopback
fe00::0
ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1
ip6-allnodes
ff02::2 ip6-allrouters
/opt/ltsp/i386/etc
# This is the default lts.conf file for ltsp 5.
# For more information about valid options please see:
# /usr/share/doc/ltsp-client/examples/lts-parameters.txt.gz
# in the client environment.
#
# Note that things like sound and local device support are
# auto-enabled if the corresponding packages are installed,
# there is no need to manually set these options anymore.
Systems4Schools Final Project Report 28
Systems4Schools
#
# **** THIS FILE SHOULD NO LONGER BE USED FROM HERE !!! ****
#
# With the introduction of the nbd/unionfs/squashfs structure
# the lts.conf file moved to the tftp root please create:
# /var/lib/tftpboot/ltsp/i386/lts.conf instead for your changes
#
# In case you want to use the lts.conf here, this still works,
# but you need to run ltsp-update-image after every change.
[example]
key=value
/etc/pam.d/common-account
# Systems4Schools common-account
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
Systems4Schools Final Project Report 29
Systems4Schools
# pam-auth-update(8) for details.
#
# here are the per-package modules (the "Primary" block)
account [success=2 new_authtok_reqd=done default=ignore]
account [success=1 default=ignore]
pam_unix.so
pam_ldap.so
# here's the fallback if no module succeeds
account requisite
pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required
pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
/etc/pam.d/common-auth
# Systems4Schools common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
Systems4Schools Final Project Report 30
Systems4Schools
# After changing this file run "sudo pam-auth-update" do not reboot to test
# This file is read dynamiclly and cant render the system useless.
# To test su into another user, if doesnt work revert changes.
#
# System will authenticate with LDAP server prior to internal UNIX auth.
# This allows the client systems to authenicate with SSH
auth
[success=2 default=ignore]
pam_ldap.so minimum_uid=500
auth
[success=1 default=ignore]
pam_unix.so nullok_secure use_first_pass
# here's the fallback if no module succeeds
auth requisite
pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required
pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
/etc/pam.d/common-session
#
# Systems4Schools Common session file
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
Systems4Schools Final Project Report 31
Systems4Schools
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1]
pam_permit.so
# here's the fallback if no module succeeds
session requisite
pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required
pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional
pam_umask.so
# The following line allows the home directories to be created upon first logon
session required
session required
session optional
pam_mkhomedir.so umask=0022 skel=/etc/skel
pam_unix.so
pam_ldap.so
Systems4Schools Final Project Report 32
Systems4Schools
session optional
pam_xdg_support.so
session optional
pam_ck_connector.so nox11
# end of pam-auth-update config
/etc/dnsmasq.conf
# System4Schools Configuration file for dnsmasq.
# /etc/dnsmasq.conf
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
#bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
# This option only affects forwarding, SRV records originating for
Systems4Schools Final Project Report 33
Systems4Schools
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
Systems4Schools Final Project Report 34
Systems4Schools
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/
# Add domains which you want to force to an IP address here.
# web-server.
#address=/double-click.net/127.0.0.1
# --address (and --server) work with IPv6 addresses too.
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
# You can control how dnsmasq talks to a server: this forces
# queries to 10.1.2.3 to be routed via eth1
# server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
# IP on the machine, obviously).
# server=10.1.2.3@192.168.1.1#55
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=
#interface=
Systems4Schools Final Project Report 35
Systems4Schools
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
#no-dhcp-interface=
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#
as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#
domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk
Systems4Schools Final Project Report 36
Systems4Schools
# Set a different domain for a particular subnet
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
# Same idea, but range rather then subnet
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
#dhcp-range=192.168.0.50,192.168.0.150,12h
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range which sets a tag, so that
# some DHCP options may be set only for this network.
#dhcp-range=set:red,192.168.0.50,192.168.0.150
# Use this DHCP range only when the tag "green" is set.
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
#dhcp-range=192.168.0.0,static
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
Systems4Schools Final Project Report 37
Systems4Schools
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
#enable-ra
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
Systems4Schools Final Project Report 38
Systems4Schools
# Always give the host with Ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
# Give the machine which says its name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
Systems4Schools Final Project Report 39
Systems4Schools
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with Ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,set:red
# Send extra options which are tagged as "red" to
# any machine with Ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,set:red
# Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also the they [] around the IPv6 address are obilgatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
Systems4Schools Final Project Report 40
Systems4Schools
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
#dhcp-ignore=tag:!known
#dhcp-vendorclass=set:red,Linux
#dhcp-userclass=set:red,accounts
#dhcp-mac=set:red,00:60:8C:*:*:*
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Send DHCPv6 option. Note [] around IPv6 addresses.
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
# Send DHCPv6 option for namservers as the machine running
# dnsmasq and another.
Systems4Schools Final Project Report 41
Systems4Schools
#dhcp-option=option6:dns-server,[::],[1234::88]
#dhcp-option=option6:information-refresh-time,6h
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
#dhcp-option=19,0
# option ip-forwarding off
#dhcp-option=44,0.0.0.0
# set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0
# netbios datagram distribution server
#dhcp-option=46,8
# netbios node type
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
#dhcp-option=252,"\n"
Systems4Schools Final Project Report 42
Systems4Schools
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d64b7414ecfaae1033.mspx?mfr=true
#dhcp-option=vendor:MSFT,2,1i
#dhcp-option=vendor:Etherboot,60,"Etherboot"
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
Systems4Schools Final Project Report 43
Systems4Schools
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for Etherboot gPXE. The idea is to send two different
# filenames, the first loads gPXE, and the second tells gPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
#dhcp-boot=tag:!gpxe,undionly.kpxe
#dhcp-boot=mybootimage
# Encapsulated options for Etherboot gPXE. All the options are
# encapsulated within option 175
#dhcp-option=encap:175, 1, 5b
# priority code
#dhcp-option=encap:175, 176, 1b
# no-proxydhcp
#dhcp-option=encap:175, 177, string # bus-id
#dhcp-option=encap:175, 189, 1b
# BIOS drive code
#dhcp-option=encap:175, 190, user
# iSCSI username
#dhcp-option=encap:175, 191, pass
# iSCSI password
# Test for the architecture of a netboot client. PXE clients are
# supposed to send their architecture as option 93. (See RFC 4578)
#dhcp-match=peecees, option:client-arch, 0 #x86-32
#dhcp-match=itanics, option:client-arch, 2 #IA64
Systems4Schools Final Project Report 44
Systems4Schools
#dhcp-match=hammers, option:client-arch, 6 #x86-64
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
# Do real PXE, rather than just booting a single file, this is an
# alternative to dhcp-boot.
#pxe-prompt="What system shall I netboot?"
# or with timeout before first available action is taken:
#pxe-prompt="Press F8 for menu.", 60
# Available boot services. for PXE.
#pxe-service=x86PC, "Boot from local disk"
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
#pxe-service=x86PC, "Install Linux", pxelinux
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
# Beware this fails on old PXE ROMS.
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
# Use bootserver on network, found my multicast or broadcast.
#pxe-service=x86PC, "Install windows from RIS server", 1
# Use bootserver at a known IP address.
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
# Enable dnsmasq's built-in TFTP server
Systems4Schools Final Project Report 45
Systems4Schools
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
#tftp-secure
#tftp-no-blocksize
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
Systems4Schools Final Project Report 46
Systems4Schools
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
#local-ttl=
#bogus-nxdomain=64.94.110.11
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
Systems4Schools Final Project Report 47
Systems4Schools
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
Systems4Schools Final Project Report 48
Systems4Schools
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
#cname=bertand,bert
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d
/etc/ldap.conf
Systems4Schools Final Project Report 49
Systems4Schools
###DEBCONF###
##
Systems4Schools ldap.conf /etc/ldap.conf
## Configuration of this file will be managed by debconf as long as the
## first line of the file says '###DEBCONF###'
##
## You should use dpkg-reconfigure to configure this file via debconf
##
#
# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space.
#host 127.0.0.1
# The distinguished name of the search base.
base dc=systems4schools,dc=local
# Another way to specify your LDAP server is to provide an
Systems4Schools Final Project Report 50
Systems4Schools
uri ldap://192.168.1.4:389/
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
binddn cn=admin,dc=systems4schools,dc=local
# The credentials to bind with.
# Optional: default is no credential.
bindpw bac0n23LDAP
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=admin,dc=systems4schools,dc=local
# The port.
# Optional: default is 389.
#port 389
Systems4Schools Final Project Report 51
Systems4Schools
# The search scope.
#scope sub
#scope one
#scope base
# Search timelimit
#timelimit 30
# Bind/connect timelimit
#bind_timelimit 30
#bind_policy hard
#idle_timelimit 3600
# Filter to AND with uid=%s
#pam_filter objectclass=account
# The user ID attribute (defaults to uid)
#pam_login_attribute uid
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
Systems4Schools Final Project Report 52
Systems4Schools
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
Systems4Schools Final Project Report 53
Systems4Schools
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
pam_password md5
#pam_password crypt
# Directory Services (NDS)
#pam_password clear_remove_old
#pam_password nds
# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
Systems4Schools Final Project Report 54
Systems4Schools
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX
base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd
ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd
ou=People,dc=padl,dc=com?one
#nss_base_shadow
ou=People,dc=padl,dc=com?one
#nss_base_group
ou=Group,dc=padl,dc=com?one
#nss_base_hosts
ou=Hosts,dc=padl,dc=com?one
#nss_base_services
ou=Services,dc=padl,dc=com?one
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
Systems4Schools Final Project Report 55
Systems4Schools
#nss_base_rpc
ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers
ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams
#nss_base_aliases
ou=Ethers,dc=padl,dc=com?one
ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute
rfc2307attribute
#nss_map_objectclass rfc2307objectclass
mapped_attribute
mapped_objectclass
# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member
# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
Systems4Schools Final Project Report 56
Systems4Schools
#pam_filter objectclass=User
#pam_password ad
# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
Systems4Schools Final Project Report 57
Systems4Schools
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad
# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword
# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
# Netscape SDK LDAPS
#ssl on
Systems4Schools Final Project Report 58
Systems4Schools
# Netscape SDK SSL options
#sslpath /etc/ssl/certs
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
Systems4Schools Final Project Report 59
Systems4Schools
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
nss_initgroups_ignoreusers
backup,bin,daemon,dnsmasq,games,gdm,gnats,irc,landscape,libuuid,lightdm,list,lp,mail,man,message
bus,nbd,news,nslcd,proxy,pulse,root,sshd,sync,sys,syslog,tftp,usbmux,uucp,whoopsie,www-data
/etc/auth/client-config/profile.d/LDAP-Auth-Config
# Systems4Schools ldap-auth-config
# Revision 1.0
#
# Clients should be able to authenticate with this profile if following
# Network Authentication in the Ubuntu Server guide. Please note that
# these settings are not suitable for sometimes disconnected (eg laptop)
Systems4Schools Final Project Report 60
Systems4Schools
# systems. The example is taken from LDAPClientAuthentication at:
# https://help.ubuntu.com/community/LDAPClientAuthentication
#
[lac_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
/etc/dnsmasp.d/ltsp.conf
# Systems$schools DNSmasq configuration
# Revision 1.0
# /etc/dnsmasq.d/ltsp.conf
# The main dnsmasq configuration is in /etc/dnsmasq.conf;
# the contents of this script are added to the main configuration.
# Port is set to zero as it is not functioning as a DNS server
port=0
# Log DHCP transactions.
log-dhcp
# Dnsmasq can also function as a TFTP server. You may uninstall
# tftpd-hpa if you like, and uncomment the next line:
# Systems4Schools runs a standalone TFTP service on LTSP server
#enable-tftp
Systems4Schools Final Project Report 61
Systems4Schools
# Set the root directory for files available via FTP.
tftp-root=/var/lib/tftpboot
# The boot filename. This is used for PXE booting not client devices.
dhcp-boot=/ltsp/i386/pxelinux.0
# rootpath option, for NFS
dhcp-option=17,/opt/ltsp/i386
# kill multicast
dhcp-option=vendor:PXEClient,6,2b
# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override
# PXE menu Prompt
pxe-prompt="Press F8 for boot menu", 3
# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
pxe-service=X86PC, "Boot from network", /ltsp/i386/pxelinux
# A boot service type of 0 is special, and will abort the
Systems4Schools Final Project Report 62
Systems4Schools
# net boot procedure and continue booting from local media.
pxe-service=X86PC, "Boot from local hard disk", 0
# If an integer boot service type, rather than a basename is given, then the
# PXE client will search for a suitable boot service for that type on the
# network. This search may be done by multicast or broadcast, or direct to a
# server if its IP address is provided.
#pxe-service=x86PC, "Install windows from RIS server", 1
# LTSP servers NIC address
dhcp-range=192.168.1.5,proxy
# Ranges that will be allowed
#dhcp-range=192.168.0.20,192.168.0.250,8h
# END OF CONFIGURATION FILE
SRV 02: DHCP AND DNS
Script for checking services:
#!/usr/bin/perl
# Systems4Schools Services Script
system('clear'); #Clears the CLI
print "Systems4Schools Services Script\n";
print "Service: \n\n";
Systems4Schools Final Project Report 63
Systems4Schools
#Start of services to print to end user
print "1) TFTP-HPA\n";
print "2) DNSMASQ\n";
print "3) Networking\n";
print "4) Resoveconf\n";
print "5) Ping LDAP Server\n";
print "6) Ping ATutor Server\n";
print "\n\nChoice: ";
chomp ($service=<STDIN>);
#start of IF statement for switch
if ($service eq '1'){
print "TFTPD-HPA\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service tftpd-hpa status');
}
else{
system('sudo service tftpd-hpa restart');
}
}
if ($service eq '2'){
print "DNSMASQ\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
Systems4Schools Final Project Report 64
Systems4Schools
system('sudo service dnsmasq status');
}
else{
system('sudo service dnsmasq restart');
}
}
if ($service eq '3'){
print "Networking\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service networking status');
}
else{
system('sudo service networking restart');
}
}
if ($service eq '4'){
print "Resolvconf\n\n1) Status \n2) Restart\n\n Choice:";
chomp ($operation=<STDIN>);
if ($operation eq '1'){
system('sudo service resolvconf status');
}
else{
system('sudo service resolvconf restart');
}
}
Systems4Schools Final Project Report 65
Systems4Schools
if ($service eq '5'){
print "Pinging ldap.systems4schools.local\n\n";
system('ping ldap.systems4schools.local -c 4 | grep "packet loss"');
}
if ($service eq '6'){
print "Pinging atutor.systems4schools.local\n\n";
system('ping atutor.systems4schools.local -c 4 | grep "packet loss"');
}
/etc/dhcp/dhcpd.conf
systems4schools@srv02:/etc/dhcp$ cat dhcpd.conf
#
# Systems4Schools DHCP configuration
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
Systems4Schools Final Project Report 66
Systems4Schools
#DNS
option domain-name "systems4schools.local";
option domain-name-servers 192.168.1.4;
#LTSP Config
allow booting;
allow bootp;
next-server 192.168.1.5;
if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
filename "/ltsp/i386/pxelinux.0";
} else {
filename "/ltsp/i386/nbi.img";
}
default-lease-time 600;
max-lease-time 7200;
#Server set to: AUTHORITATIVE
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
Systems4Schools Final Project Report 67
Systems4Schools
# Systems4Schools Raspberry Pi Network.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.30 192.168.1.200;
option routers 192.168.1.1;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.2.10 192.168.2.100;
next-server 192.168.1.5;
}
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
/etc/resolv.conf
Systems4Schools Final Project Report 68
Systems4Schools
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#
DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
search systems4schools.local
nameserver 192.168.1.4
/etc/bind.named.conf.local
// Systems4Schools
// Revision 1.0 - 2013-01-04
// /etc/bind.named.conf.local
// Local database file
zone "systems4schools.local" {
// Server is the master for our infastructure.
type master;
file "/etc/bind/zones/systems4schools.db";
};
// Reverse lookup database file
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};
/etc/bind/named.conf.options
//Systms4Schools Bind Options
Systems4Schools Final Project Report 69
Systems4Schools
// /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// These are the forwarders for SAIT's local network, and our
// current enviroment.
forwarders {
192.168.1.1;
10.197.4.11;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-enable no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
/etc/bind/zones
@ in SOA SRV02.systems4schools.local. admin.systems4schools.local. (
2006081401;
28800;
Systems4Schools Final Project Report 70
Systems4Schools
604800;
604800;
86400
)
IN
NS
SRV02.systems4schools.local
4
IN
PTR
systems4school.local
2
IN
A
esx.systems4schools.local
4
IN
A
SRV02.systems4schools.local
5
IN
A
srv01.systems4schools.local
6
IN
A
srv03.systems4schools.l
4
IN
A
ldap.systems4schools.local
/etc/bind/zones
$TTL 86400
@
IN
SOA
SRV02.systems4schools.local. admin.systems4schools.local. (
2013012101
; serial number YYMMDDNN
28800
; Refresh
7200
; Retry
864000
; Expire
86400
; Min TTL
)
NS
SRV02.systems4schools.local.
dlink IN
A
192.168.1.1
esx
IN
A
192.168.1.2
srv01 IN
A
192.168.1.3
Systems4Schools Final Project Report 71
Systems4Schools
srv02 IN
A
192.168.1.4
ltsp
IN
A
192.168.1.5
srv03 IN
A
192.168.1.6
ldap
A
192.168.1.4
IN
atutor IN
CNAME
srv03 IN
A
srv03
192.168.1.6
$ORIGIN systems4schools.local.
/etc/ldap/conf
dn: ou=students,dc=systems4schools,dc=local
objectClass: organizationalUnit
ou: students
/etc/ldap/conf
dn: uid=student1,ou=students,dc=systems4schools,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
ObjectClass: shadowAccount
uid: student1
givenName: Student
cn: Student1
displayName: Student 1
uidNumber: 1200
guidNumber: 10000
userPassword: P@ssw0rd
gecos: Student 1
Systems4Schools Final Project Report 72
Systems4Schools
loginShell: /bin/bash
homeDirectory: /home/student1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 9999999
shadownLastChange: 10877
/etc/ldap
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=systems4schools,dc=local
#URI
ldap://ldap.systems4schools.local ldap://ldap-master.systems4schools.local:666
#SIZELIMIT
12
#TIMELIMIT 15
#DEREF
never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Systems4Schools Final Project Report 73
Systems4Schools
SRV 03: ATUTOR
/var/www/ATutor/include/config.inc.php
/************************************************************************/
/* ATutor
*/
/************************************************************************/
/* Copyright (c) 2002-2010
*/
/* http://atutor.ca
*/
/*
*/
/* This program is free software. You can redistribute it and/or
*/
/* modify it under the terms of the GNU General Public License
/* as published by the Free Software Foundation.
*/
*/
/************************************************************************/
/* This file was generated by the ATutor 2.1 installation script.
/* File generated 2013-03-14 11:03:37
*/
*/
/************************************************************************/
/************************************************************************/
/* the database user name
define('DB_USER',
*/
'root');
/* the database password
define('DB_PASSWORD',
/* the database host
*/
'*********');
*/
Systems4Schools Final Project Report 74
Systems4Schools
define('DB_HOST',
'localhost');
/* the database tcp/ip port
define('DB_PORT',
*/
'3306');
/* the database name
define('DB_NAME',
*/
'atutor');
/* The prefix to add to table names to avoid conflicts with existing */
/* tables. Default: AT_
*/
define('TABLE_PREFIX',
'AT_');
/* Where the course content files are located. This includes all file */
/* manager and imported files. If security is a concern, it is
*/
/* recommended that the content directory be moved outside of the web */
/* accessible area.
*/
define('AT_CONTENT_DIR', '/var/www/ATutor/content/');
/* Whether or not to use the default php.ini SMTP settings.
/* If false, then mail will try to be sent using sendmail.
*/
*/
define('MAIL_USE_SMTP', false);
/* Whether or not to use the AT_CONTENT_DIR as a protected directory. */
/* If set to FALSE then the content directory will be hard coded
*/
Systems4Schools Final Project Report 75
Systems4Schools
/* to ATutor_install_dir/content/ and AT_CONTENT_DIR will be ignored. */
/* This option is used for compatability with IIS and Apache 2.
*/
define('AT_FORCE_GET_FILE', TRUE);
/* DO NOT ALTER THIS LAST LINE
*/
define('AT_INSTALL', TRUE);
/var/www/index.html
<meta http-equiv="refresh" content="0; url=http://atutor.systems4schools.local/ATutor/login.php">
Systems4Schools Final Project Report 76
