XS Configuration Management/lang-es
Esta pagina describe como los paquetes de software que comprenden un XS School server estan configurados para los diferentes tipos de colegios y sus necesidades.
Esta pagina esta creciendo aun
Contents
Configuración del Servidor
La configuración básica del software en el servidor esta actualmente dada en Fedora yum y los manejadores de paquetes RPM. Ofrecemos la suite entera de Fedora 7 en nuestros repositorios, y uted puede facilmente instalar cualquier software soportado.
Las listas de repositorios de busqueda (especificada en /etc/yum.conf) se mantiene en /etc/yum.repos.olpc.d/.
Repositorios Locales de Software
Please add instructions for extending a software install here
Configuración Especifica del Colegio
Estamos trabajando en una mejor interfaz de configuración. Sugerencias son bienvenidas en la pagina de discusión.
El setup por default del servidor para conectarse a internet es para conectarse CON la primera interface de red cableada ethernet, usando IPv4 DHCP. Los laptops se conectan al servidor a traves de la mesh wirelees usando una o mas Active Antenna, conectadas a travez de interfaces USB. Como Opcional segunda (y adicional) las interfaces ethernet estan configuradas por default para dar una LAN interna dentro de la escuela. Los accesos tradicionales Wifi, si usados, deben estar dentro de esta LAN interna.
Acceso de Usuarios
Por ahora, cualquier configuración y debugging de la red se hace a travez de una interfaz de terminal. Vea Troubleshooting School Servers para ayuda en determinar si algo esta mal.
El acceso al servidor de colegio se hace a travez de login por consola, o ssh. El login por consola debe ser usado para establecer cuentas para acceso ssh. El acceso Root via ssh esta deshailitado por defecto, y las cuentas deben usar una clave SSH para autentificarse. Vea Haciendo las cuentas de los usuarios.
Networking
La configuración especifica de la red del colegio es hecha en su mayoria usando el network_config script (localizado en /etc/sysconfig/olpc-scripts/network_config) el cual reconfigura la interfaces de red y los archivos asociados para una identidad particular de servidor (numero). Este script siempre asume que el servidor de colegio es un servidor principal, es decir que este sea el unico servidor o que sea una via de entrada (gateway) en una escuela con muchos servidores. Los scripts asociados auxiliary_config (localizado en /etc/sysconfig/olpc-scripts/auxiliary_config) y principal_config (localizado en /etc/sysconfig/olpc-scripts/principal_config) son dados para cambiar el rol del servidor en la red del colegio. Todos estos scripts generan archivos normales de configuracion de red de Fedora (ifcfg-eth0, ifcfg-br0, etc...) en /etc/sysconfig/network-scripts/, asi como tambien en /etc/network, /etc/dhcpd.conf, /etc/resolv.conf, y otros.
La configuración de red se realiza en el booteo inicial de un sistema de software, por un script que corre en cada booteo: /etc/init.d/olpc-network-config. En el primer booteo este script corre el /etc/sysconfig/olpc-scripts/network_config script, configurando las interfaces de red para el servidor asumiendo que este sea el servidor numero uno.
Hay dos escenarios principales de uso: un servidor sencillo que da acceso a una pequeña escuela y un set de servidores cooperando para dar acceso a una escuela grande.
Escenario Para Un Colegio Pequeño
La configuración por defecto soportada por el software es de un solo School server el cual puede soportar entre uno y 150 estudiantes. Este servidor de colegio esta equipado con de una a tres Active Antenna, las cuales dan conectividad con los laptops a través de la mesh wireless. Si el servidor de colegio tiene solo una interfaz de coneccion de red cableada, esta esta dedicada a obtener el acceso a internet (un puerto WAN).
EL network_config script puede ser corrido manualmente para reconfigurar un sistema en respuesta a un cambio en las interfaces cableadas, como por ejemplo la adición de una segunda interfaz de red cableada.
Escenario Para Un Colegio Grande
The more common scenario is that a school server will be one of many in a school. As each school server provides additional network access and storage, the school infrastructure automatically scales with the number of servers installed. One school server typically provides the connection to the internet, and is designated the 'principal' school server. The other servers in a school are peers, and are designated 'auxiliary' school servers.
For purposes of backup, each laptop is associated with a single school server. Other services, including internet access, are provided either by the closest server or the principal school server. At installation time, each server is given a unique number (currently 1 through 8, soon higher). These numbers do not have to be sequential, but should be viewed as fixed --- if the server number changes, all kids data stored on that server will currently be lost...
When a server first boots, it currently configures itself to support the common usage scenario shown above. It assumes that it is both a principal server and server #1. On auxiliary servers, it is necessary to immediately manually re-run the network_config script (located at /etc/sysconfig/olpc-scripts/network_config) with a unique server number for the school, and also make it an auxiliary server by manually running the auxiliary_config script (located at /etc/sysconfig/olpc-scripts/auxiliary_config).
Upon failure of a principal school server, any remaining school server may take its place. Simply run the principal_config script (located at /etc/sysconfig/olpc-scripts/principal_config). This school server will retain its existing number, but will be now provide the services provided only by the principal school server, and will reconfigure its networking to act as the school's internet gateway.
Conexión a Internet
The internet (WAN) connection is currently the eth0 interface by default. The file which configures this interface is /etc/sysconfig/network-scripts/ifcfg-eth0. The current default is to use DHCP to assign an IP address to this interface, and obtain DNS server info.
IPv6
To enable external IPv6 you will have to configure the global address of the machine and setup an IPv6 tunnel. Unfortunately, you are not currently able to use IPv6 in school with multiple servers. We are working on this ASAP.
Instructions coming
Servicio de Nombres
The hostname is set in /etc/sysconfig/network. Do not change this after starting ejabberd!!!
The Domain Name Service is configured mainly by /etc/named.conf.
Configuración
There is a script for manually changing the domain name:
/etc/sysconfig/olpc-scripts/domain_config <new_domain_name>
Do not change this after starting ejabberd !!
Configuración Manual
This name currently set to random.xs.laptop.org is unfortunately embedded in a number of files:
/etc/named.conf /var/named/school.zone.inaddr.db /var/named/school.zone.16.inaddr.db /var/named/school.zone.32.inaddr.db /var/named/school.zone.48.inaddr.db /etc/resolv.conf /etc/sysconfig/olpc-scripts/resolv.conf /etc/dhcpd.conf /etc/ejabberd/ejabberd.cfg /etc/idmgr.conf
The state of the reverse address resolution is admittedly horrible (Trac ticket #6039).
Web Caching
The school server is currently using Squid for web caching. This is not enabled by default, but may easily be turned on. As root, type:
/etc/sysconfig/olpc-scripts/TURN_SQUID_ON
To disable web caching, type:
/etc/sysconfig/olpc-scripts/TURN_SQUID_OFF
This disables caching, but doesn't free up any disk space used by existing cached data. You can manually delete the cache, located at /library/cache to free this disk space.
The configuration files for squid are found in /etc/squid/. OLPC provides a custom configuration file /etc/squid/squid.conf through the xs-config package.
Cuentas de Usuario
When a school server is installed, it has no user accounts, remote (SSH) login to the root account is disabled, and remote logins must be authenticated using a public/private key pair. If exploring or developing with a school server, as root from the console you will need to add a new account (username wad in the example):
adduser wad passwd wad wget http://dev.laptop.org/~wad/dsa_public_key mkdir /home/wad/.ssh mv dsa_public_key /home/wad/.ssh/authorized_keys chown -R wad:wad /home/wad/.ssh chmod -R g-w /home/wad/.ssh
The public key, downloaded from http://dev.laptop.org/~wad/dsa_public_key in the above example, can be generated on any Linux system using the ssh-keygen command (which leaves your new public/private key pair in .ssh). You want to copy the id_rsa.pub or id_dsa.pub file to other machines to allow logins.
Cambiando el Password de Root
When logged in as root, type:
passwd
you will be prompted for a new root passwd. You can also use this command to change other (non-XO) user's passwords:
passwd username
Configuraciones de Ejemplo
Pequeña Escuela/Escuela de Hogar
This is the step-by-step process used to install the XS software onto a server for schools with a single server.
The school domain name used in this example is example.org.
- Download and install a new build onto a USB key or CD.
- Boot up the server from the USB key or CD. Select "Run from Image", indicate your keyboard type, time zone, and enter a root password. When the install has finished, click "Reboot".
- Now log in as root and reboot (trac #6678, removing the installation media (key or CD) so the system now boots from the disk drive.
- Log in as root, and set a root passwd (until trac #6677 is fixed).
- Set the server domain name using:
/etc/sysconfig/olpc-scripts/domain_config example.org
- If outside access is to be supported, change the schoolserver public IP address supplied by /var/named/school.external.zone.db to be the public IP of the principal school server. At present time, we don't support public access to school servers using DHCP to obtain their WAN IP address --- but this should be correctable with a script or so (Trac ticket 6138)...
- Enable ejabberd on startup, and start it using:
chkconfig --level 345 ejabberd on service ejabberd start
- Create an account on ejabber for the administrator:
ejabberdctl ejabberd register admin schoolserver.example.org admin
- Go to the web-based administration interface for ejabberd at http://schoolserver.example.org:5280/admin/, or http://172.18.0.1:5280/admin/ if using an XO connected through the mesh.
- Login as "admin@schoolserver.example.org" with the password you set when registering (admin).
- Click on "Virtual Hosts", then your hostname, then "Shared Roster Groups". Type "Online" and click Add New.
- Click on "Online" and enter "Online" for Name, "@online@" for Members, and "Online" for Displayed Groups. Click Submit.
Opcional
- Setup and start web caching by typing:
/etc/sysconfig/olpc-scripts/TURN_SQUID_ON
- Create an account for yourself (this is a test of basic network connectivity as well):
/etc/sysconfig/olpc-scripts/mkaccount wad http://dev.laptop.org/~wad/dsa_public_key passwd wad
- Add yourself to the wheel group, so that you have sudo priviledges
Colegio grande
This is a step-by-step guide of what is needed to install in a large school (up to 150 laptops), using XS build 150 (or later). Schools larger than this will need to consider wired infrastructure. More information coming soon....
Here is a diagram of the networking. Just for illustration, the principal school server is not school server one in this case:
On a server with a single wired networking interface, it is considered the WAN port (eth0). If multiple wired network interfaces are provided, one is assigned to be the WAN port and the others LAN ports (eth1, eth2, ...) when network_config is run (manually, or at first boot). The WAN ports of the two auxiliary servers are connected to a switch along with the LAN port of the principal server.
The school domain name (served by the principal school server) used in this example is school.pinewood.net. The domain name used for the school only needs to be "real" (discoverable from the root DNS servers) if access to the presence service from outside the school will be allowed. We recommend that this be allowed, which also requires that the school server IP address be publicly accessible.
Servidor Principal
- Download and install a new build onto a USB key or CD.
- Boot up the server from the USB key or CD. Select "Run from Image", indicate your keyboard type, time zone, and enter a root password. When the install has finished, click "Reboot".
- Now log in as root and reboot (trac #6678, removing the installation media (key or CD) so the system now boots from the disk drive.
- Log in as root, and set a root passwd (until trac #6677 is fixed).
- Set the server domain name using:
/etc/sysconfig/olpc-scripts/domain_config school.pinewood.net
- If outside access is to be supported, change the schoolserver public IP address supplied by /var/named/school.external.zone.db to be the public IP of the principal school server. At present time, we don't support public access to school servers using DHCP to obtain their WAN IP address --- but this should be correctable with a script or so (Trac ticket 6138)...
- Enable ejabberd on startup, and start it using:
chkconfig --level 345 ejabberd on service ejabberd start
- Create an account on ejabber for the administrator:
ejabberdctl ejabberd register admin schoolserver.school.pinewood.net admin
- Go to the web-based administration interface for ejabberd at http://schoolserver.school.pinewood.net:5280/admin/, or http://school:5280/admin/ if using an XO connected through the mesh.
- Login as "admin@schoolserver.school.pinewood.net" with the password you set when registering (admin).
- Click on "Virtual Hosts", then your hostname, then "Shared Roster Groups". Type "Online" and click Add New.
- Click on "Online" and enter "Online" for Name, "@online@" for Members, and "Online" for Displayed Groups. Click Submit.
- Setup and start web caching by typing:
/etc/sysconfig/olpc-scripts/TURN_SQUID_ON
- Create an account for yourself (this is a test of basic network connectivity as well):
/etc/sysconfig/olpc-scripts/mkaccount wad http://dev.laptop.org/~wad/dsa_public_key passwd wad
- This time, carry it further and make yourself a new private key for this school. This will allow you to securely access auxiliary servers hidden behind NAT! Log in as yourself and type:
ssh-keygen sudo cp ~/.ssh/id_rsa.pub /var/www/html/my_name_pub_key
Servidores Auxiliares
- Install new build from USB key. Reboot (manually, removing key), and log in as root
- Set the server number to two and set the role to auxiliary by running:
/etc/sysconfig/olpc-scripts/network_config 2 /etc/sysconfig/olpc-scripts/auxiliary_config
- Set the server domain name using:
/etc/sysconfig/olpc-scripts/domain_config school.pinewood.net
- Create an account for yourself, using the key on the principal server:
/etc/sysconfig/olpc-scripts/mkaccount wad http://172.18.0.1/my_name_pub_key passwd wad
At this point, you should be able to perform basic testing of the school servers.
