XS Techniques and Configuration

From OLPC
Jump to navigation Jump to search

This page lists various techniques and configuration options available for the XS.

If you are changing this page, mention it on server-devel@lists.laptop.org .

Keeping your XS software up to date

Upgrading a server is done using the yum package interface provided by Fedora.

If you have an Internet connection, you can upgrade from the default servers at OLPC, or your own mirrors of them. This is done using yum:

 yum -y upgrade

Segregating presence by course groups

This technique is for schools where the number of XOs is larger than ~60. When you use this approach, you manage groups ("courses") within Moodle, and the Neighbourhood view of XOs will show only fellow members of courses the user belongs to.

  1. Make sure you are using a recent Browse.xo (101 at least, I think)
  2. The first XO to register (reboot) and visit moodle successfully gets some extra rights (is an 'admin' of sorts). So get an XO reg'd and visiting Moodle -- it will auto-authenticate into Moodle. Should see a 'site administration' block on the left.
  3. Create some courses (Site Administration->courses->Add/edit->Add new), assign teachers and students. In the long and confusing "new course" form, all you need to set is Full Name and Short Name. Please ignore every other option. Note: when it comes to enrolling, setup some courses for XOs you have registered already -- this is mainly to have something to work with! You can add more courses & enrolments later. Might help: http://docs.moodle.org/en/Enrolment#Manual_enrolment
  4. In 'Site Administration', go to Courses->Presence Service, and set presencebycourse to Yes.
  5. Within 10 minutes, issuing the same ejabberdctl queries as above should show that Online has been replaced by several SRGs -- one per course. Asking for the 'info' of those, will show you their membership.
  6. When you make the switch from one mode to the other on the XS side, the situation will be confusing for the XOs, so they might need to re-associate to the Access Point (so they re-query their group membership) before they see the changes.

Note: All changes to the course membership take 5~10 minutes to appear in ejabberd on the XOs, and some changes may also need an XO to reassociate to the AP.

Presence Service (ejabberd) Troubleshooting

If XOs are appearing when they should not, or not appearing when they should in an XS-hosted network, the following commands help understand what is happening.

On the XS,

## XOs need to be registered before they can use the XS-based
## collaboration protocol (gabble)

# List who is registered with the XS
/home/idmgr/list_registration

# List who is registered with ejabberd
# (this happens on the first reboot after the user has used the 'register' option)
ejabberdctl registered-users `hostname -f`

# List who is online
ejabberdctl connected-users

On the XOs, check that it has been registered & restarted, then open a Terminal and try

# Will report various settings, including which jabber server it connects to
# and whether the collaboration ("Telepathy") infrastructure is using
# "Gabble" (XS-based) or "Salut" (for networks without an XS)
olpc-netstatus

Internet Content Filtering

If you are going to encourage children to surf the Internet, you are strongly advised to arrange for some kind of content filtering. All filtering solutions are imperfect, it is important to emphasize user education -- see Online threats and security.

Use OpenDNS

Create your account with OpenDNS, configure it to your liking. Then set their DNS servers in a forwarders line in /etc/named-xs.conf.in , and then

   cd /etc
   make -f xs-config.make named-xs.conf
   /etc/init.d/named restart

OpenDNS is good, and for simple deployments it may be enough. Many schools use it and users can report urls for blocking, so its wide usage makes the filtering better.

When users report domains that are not blocked, report the domains to the OpenDNS and they will be blocked.

Planning for a content filter

For multiple school deployments

Run a filter at the ISP, or at the facilities of the Ministry of Education. Avoid running the filter on the XS itself. It is serious burden on the XS memory, CPU and Internet bandwidth. And administration on a per-school basis is awkward and inefficient.

Instead, get a machine co-located at the ISP, run a filtering proxy there (such as DansGuardian). Don't forget to tighten the rules to avoid running an open proxy. And on the XSs at schools, enable Squid and point it to the "upstream" proxy.

This means the filter is in one place, and there is only one blacklist (and whitelist) to maintain.

Running a local filter on the XS

Possible, but not recommended. Filters are not particularly smart, so they have to be complemented with human users reporting filtering errors. The amount and quality of that feedback makes the filtering better -- a local filter never gets enough input to get any good.

Using a different WAN connection

If your WAN connection is not eth0, the NAT/masquerading firewall rules need to be told about it. For example, if it is wlan0:

 echo wlan0 > /etc/sysconfig/xs_wan_device
 service iptables restart

Using a wireless NIC for WAN

If you have a wireless NIC for your WAN port...

  • Create /etc/sysconfig/network-scripts/ifcfg-wlan0, which should look like
 DEVICE=wlan0
 ONBOOT=yes
 BOOTPROTO=dhcp
 DHCP_HOSTNAME=schoolserver
 ESSID=YOURESSID
 TYPE=Wireless
 USERCTL=yes
  • Tell the firewall that the WAN port is wlan0, with
 echo wlan0 > /etc/sysconfig/xs_wan_device
 service iptables restart
  • If the network is encrypted, ensure wpa_supplicant service is set to run, and configure the right device and driver in /etc/sysconfig/wpa_supplicant. Usually you want:
 INTERFACES="-iwlan0"
 DRIVERS="-Dwext"
  • Restart wpa_supplicant :-) -- enable logging (and look at the logs) if you need to debug.
  • If the network is encrypted, you'll want to add the passphrase like this:
 wpa_passphrase ESSID mypassphrase >> /etc/wpa_supplicant/wpa_supplicant.conf

With this, ifup wlan0 should bring the wlan up.

For on-boot wlan0, you need to workaround this boot-order bug: https://bugzilla.redhat.com/show_bug.cgi?id=244029

Access Points

Zoom Wireless-G 4400

The steps for setting up a wireless router access point vary based on the wireless router being using, but this serves as a rough guide for installation. These steps were run using a Zoom Wireless-G model 4400 router.

  • Press the reset button on the wireless router to reset it and connect it to any computer. It's possible to do this setup with an XO or any other machine with linux installed.
  • Open terminal and type,
ifconfig eth0 IPaddress

Where IPaddress is in the same subnet as the default IP for the access point

  • Connect to the access point by typing in the IP address in a web browser.
  • Login to the access point using the default password (or skip entering a password if none is provided).
  • Set the wireless channel to 1, 6 or 11 to minimize interference.
  • Set a unique name for the wireless network.
  • Make sure that the access point is NOT running as a DHCP server and it's not running NAT.

DD-WRT

  • Turn off DNSmasq.
  • Visit Advanced Routing / Operating Mode and change the mode from "Gateway" to "Router".
  • Move all the interfaces to the same VLAN (you must change the operating mode first).