Re: Debian Local Area Network' (Debian-LAN): no hardcoded IP addresses left
Hi everybody, I am happy to report that with the last commits there are no specific hardcoded IP addresses left in the config space [1] and it should be possible to use debian-lan in a variety of networks. All network-specific information and used IP addresses are collected in class/SERVER_A.var [2]. The code generating the DHCP and DNS configuration does for sure not work for all possible networks and netmasks, however it should work for standard cases, perhaps with minor modifications. Best regards, Andi [1] debian-lan/fai/config$ rgrep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' * class/SERVER_A.var:MAINSERVER_IPADDR="10.0.0.1" class/SERVER_A.var:GATEWAY="10.0.0.1" class/SERVER_A.var:BROADCAST="10.0.255.255" class/SERVER_A.var:SUBNET="10.0.0.0" class/SERVER_A.var:NETMASK="255.255.0.0" class/SERVER_A.var:SUBNETMASK="10.0.0.0/16" class/SERVER_A.var:FAINETMASK="10.0.0.0/24" class/SERVER_A.var:RANGE="10.0.1.10 10.0.1.200" files/etc/hosts/diskless:127.0.0.1 localhost files/etc/hosts/diskless:127.0.1.1 host.intern host files/etc/hosts/mainserver:127.0.0.1localhost files/etc/hosts/mainserver:127.0.1.1mainserver.intern mainserver files/etc/networks/FAIBASE:default 0.0.0.0 files/etc/networks/FAIBASE:loopback127.0.0.0 files/etc/networks/FAIBASE:link-local 169.254.0.0 files/etc/fai/grub.cfg/SERVER_A:linux /boot/vmlinuz boot=live FAI_FLAGS="verbose,createvt" FAI_ACTION=sysinfo ip=10.0.1.100:eth0:off hostname=demohost files/etc/fai/grub.cfg/SERVER_A:linux /boot/vmlinuz boot=live FAI_FLAGS="verbose,createvt" FAI_ACTION=install ip=192.168.1.1:eth0:off hostname=demohost files/etc/fai/grub.cfg/SERVER_A:linux /boot/vmlinuz boot=live FAI_FLAGS="verbose,createvt" FAI_ACTION=install ip=192.168.1.1:eth0:off hostname=gnomehost files/etc/fai/grub.cfg/SERVER_A:linux /boot/vmlinuz boot=live FAI_FLAGS="verbose,createvt" FAI_ACTION=install ip=192.168.1.250::192.168.1.254:255.255.255.0::xxx:off hostname=faiserver files/etc/fai/grub.cfg/SERVER_A:linux /boot/vmlinuz boot=live FAI_FLAGS="verbose,createvt" FAI_ACTION=sysinfo ip=192.168.1.1:eth0:off hostname=demohost scripts/NTP_SERVER/10-ntp.conf: ReplaceAll "#broadcast 192.168.123.255" With "broadcast ${BROADCAST}" scripts/NTP_SERVER/10-ntp.conf: AppendIfNoSuchLine "server 127.127.1.0 # local clock" scripts/NTP_SERVER/10-ntp.conf: AppendIfNoSuchLine "fudge 127.127.1.0 stratum 10" scripts/PROXY/10-config: ReplaceAll "#acl localnet src 10.0.0.0/8" With "acl localnet src ${SUBNETMASK}" [2] debian-lan/fai/config$ cat class/SERVER_A.var [...] ## Variables that define the network. If you choose the same IP ## address for mainserver ($MAINSERVER_IPADDR) and gateway ($GATEWAY), ## the mainserver is configured as gateway to the external network. ## You'll need two network cards in that case. MAINSERVER_IPADDR="10.0.0.1" GATEWAY="10.0.0.1" BROADCAST="10.0.255.255" NAMESERVER_IPADDR="" # leave empty to use mainserver's IP address SUBNET="10.0.0.0" NETMASK="255.255.0.0" SUBNETMASK="10.0.0.0/16" ## NETMASK for FAI config space access: FAINETMASK="10.0.0.0/24" ## DHCP range for unknown clients (cf. dhcpd.conf): RANGE="10.0.1.10 10.0.1.200" ## IP address-endings for workstations and diskless machines (the list ## is generated using 'seq $WS_RANGE' respectively 'seq $DL_RANGE'): WS_RANGE="50 149" DL_RANGE="150 249" [...] -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120410092909.GA13118@flashgordon
Re: Debian Local Area Network' (Debian-LAN)
Hi Giorgio and others, On Mon, Apr 09, 2012 at 11:21:37AM +0200, Giorgio Pioda wrote: > In my case is not a matter of randomizing. > > We have an internal 10.x.x.x/23 provided by the > national telecom and we are not able to > change the subnet, otherwise we would collide > with other schools. > I had a look into the issue of modifying the IP addresses. The following files contain an IP address: debian-lan/fai/config$ rgrep -l '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' * files/etc/dhcp/dhcpd.conf/INT_GATEWAY files/etc/dhcp/dhcpd.conf/EXT_GATEWAY files/etc/network/interfaces/INT_GATEWAY files/etc/network/interfaces/EXT_GATEWAY files/etc/hosts/diskless files/etc/hosts/mainserver files/etc/networks/FAIBASE files/etc/fai/grub.cfg/SERVER_A files/etc/bind/db.intern/INT_GATEWAY files/etc/bind/db.intern/EXT_GATEWAY scripts/NTP_SERVER/10-ntp.conf scripts/NFS_SERVER/10-config scripts/PROXY/10-config scripts/FAISERVER/30-exports scripts/DISKLESS_SERVER/10-setup If we remove DNS and DHCP configuration files and files that contain no specific I addresses, we are left with: files/etc/network/interfaces/INT_GATEWAY files/etc/network/interfaces/EXT_GATEWAY scripts/NTP_SERVER/10-ntp.conf scripts/NFS_SERVER/10-config scripts/PROXY/10-config scripts/FAISERVER/30-exports scripts/DISKLESS_SERVER/10-setup So appart from DHCP, DNS and your interface configuration, you are left to modify: scripts/NTP_SERVER/10-ntp.conf: ReplaceAll "#broadcast 192.168.123.255" With "broadcast 10.255.255.255" scripts/NFS_SERVER/10-config: AppendIfNoSuchLine "/srv/nfs4 10.0.0.0/8(sec=krb5p:krb5i:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)" scripts/NFS_SERVER/10-config: AppendIfNoSuchLine "/srv/nfs4/home0 10.0.0.0/8(sec=krb5p:krb5i:sys,rw,sync,no_subtree_check)" scripts/PROXY/10-config: ReplaceAll "#acl localnet src 10.0.0.0/8" With "acl localnet src 10.0.0.0/8" scripts/FAISERVER/30-exports:ainsl $target/etc/exports "/srv/fai/nfsroot 10.0.0.0/24(async,ro,no_subtree_check,no_root_squash)" scripts/FAISERVER/30-exports:ainsl $target/etc/exports "/srv/fai/config 10.0.0.0/24(async,ro,no_subtree_check,no_root_squash)" scripts/DISKLESS_SERVER/10-setup:ainsl $target/etc/exports "/opt 10.0.0.0/8(async,ro,no_subtree_check,no_root_squash)" So that does not look too terrible. The automatic solution would be to generate DNS and DHCP configuration automatically and use variables in the scripts. Best regards, Andi > On Sun, Apr 08, 2012 at 05:15:27PM +0100, Steven Chamberlain wrote: > > Hi, > > > > On 08/04/12 10:13, Giorgio Pioda wrote: > > > 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23 > > > and > > > also 192.169.x.x networks > > > > I agree, that aspect of Debian Edu's network architecture has always > > bugged me too, but I imagine it's because an address had to be hardcoded > > in some of the configs. > > > > > > Using a randomly-chosen 10.x.x.0/24 subnet means you can link several of > > these subnets together with straightforward routing between gateway > > machines, without resorting to awkward NAT. > > > > It would be easy and very fun to link together neighbouring Debian-LANs > > between homes/offices with wireless meshes and fast wired links. > > > > Randomising as much as you can in network address avoids the chance of a > > collision and having to renumber (and the chance is higher than you > > might think, due to the birthday paradox). > > > > This is similar in principle to RFC4193 unique local IPv6 subnets. > > (Debian-LAN could implement those too!) > > > > > > Or, you can run as many /24's as you need off the same mainserver and it > > can still route traffic between hosts, so I doubt there's a need for a > > /23 subnet or larger. (Unless you really need for a broadcast domain to > > span more than 254 hosts...). > > > > Regards, > > -- > > Steven Chamberlain > > ste...@pyro.eu.org > > -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120409113651.GA11569@flashgordon
Re: Debian Local Area Network' (Debian-LAN)
In my case is not a matter of randomizing. We have an internal 10.x.x.x/23 provided by the national telecom and we are not able to change the subnet, otherwise we would collide with other schools. On Sun, Apr 08, 2012 at 05:15:27PM +0100, Steven Chamberlain wrote: > Hi, > > On 08/04/12 10:13, Giorgio Pioda wrote: > > 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23 and > > also 192.169.x.x networks > > I agree, that aspect of Debian Edu's network architecture has always > bugged me too, but I imagine it's because an address had to be hardcoded > in some of the configs. > > > Using a randomly-chosen 10.x.x.0/24 subnet means you can link several of > these subnets together with straightforward routing between gateway > machines, without resorting to awkward NAT. > > It would be easy and very fun to link together neighbouring Debian-LANs > between homes/offices with wireless meshes and fast wired links. > > Randomising as much as you can in network address avoids the chance of a > collision and having to renumber (and the chance is higher than you > might think, due to the birthday paradox). > > This is similar in principle to RFC4193 unique local IPv6 subnets. > (Debian-LAN could implement those too!) > > > Or, you can run as many /24's as you need off the same mainserver and it > can still route traffic between hosts, so I doubt there's a need for a > /23 subnet or larger. (Unless you really need for a broadcast domain to > span more than 254 hosts...). > > Regards, > -- > Steven Chamberlain > ste...@pyro.eu.org > -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120409092137.ga5...@ticino.com
Re: Debian Local Area Network' (Debian-LAN)
Hi, On 08/04/12 10:13, Giorgio Pioda wrote: > 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23 and > also 192.169.x.x networks I agree, that aspect of Debian Edu's network architecture has always bugged me too, but I imagine it's because an address had to be hardcoded in some of the configs. Using a randomly-chosen 10.x.x.0/24 subnet means you can link several of these subnets together with straightforward routing between gateway machines, without resorting to awkward NAT. It would be easy and very fun to link together neighbouring Debian-LANs between homes/offices with wireless meshes and fast wired links. Randomising as much as you can in network address avoids the chance of a collision and having to renumber (and the chance is higher than you might think, due to the birthday paradox). This is similar in principle to RFC4193 unique local IPv6 subnets. (Debian-LAN could implement those too!) Or, you can run as many /24's as you need off the same mainserver and it can still route traffic between hosts, so I doubt there's a need for a /23 subnet or larger. (Unless you really need for a broadcast domain to span more than 254 hosts...). Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f81b99f.60...@pyro.eu.org
Re: Debian Local Area Network' (Debian-LAN)
Hi Giorgio, On Sun, Apr 08, 2012 at 12:01:19PM +0200, Giorgio Pioda wrote: > > > > > Providing a setup without the mainerver acting as gateway ( issue 2) ) > > is planed for Setup_B. > > > > Teased to see it soon :-) > Done. Here it is: http://lists.alioth.debian.org/pipermail/debian-lan-devel/2012q2/77.html http://lists.alioth.debian.org/pipermail/debian-lan-devel/2012q2/78.html I also updated the wiki http://wiki.debian.org/DebianLAN/Setup_A Let me know if you run into problems or something is unclear. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120408143154.GD9680@flashgordon
Re: Debian Local Area Network' (Debian-LAN)
Hi Andy > > Providing a setup without the mainerver acting as gateway ( issue 2) ) > is planed for Setup_B. > Teased to see it soon :-) Cheers Frohe Ostern Giorgio -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120408100119.ga5...@ticino.com
Re: Debian Local Area Network' (Debian-LAN)
Hi, On Sun, Apr 08, 2012 at 11:13:40AM +0200, Giorgio Pioda wrote: > > Debian LAN is indeed interesting, simpler approach tha Edu. But I see some > blocking missing features. > > 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23 and > also 192.169.x.x networks > It shouldn't be a problem to grep/sed through the config space and modify that. Providing an 'automatic' implementation (some variables defining the network with automatic creation/modification of files) is of course possible, but will add code and complexity. > 2) The mainserver shouldn't act as gateway. Most plain, small organization > networks > have a dedicated gateway (which often is an ADSL router/gateway) and > the server should live with this. I run the system on exactly such a system, however there is a M$-windows system attached to the same ADSL router/gateway I do not want to interfere with. The only modification of the published setup I need is modifying the external interface in /etc/network/interfaces to read: # The external network interface allow-hotplug eth0 auto eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.123.12 <-- available address in the 'router network' netmask 255.255.255.0 broadcast 192.168.123.255 gateway 192.168.123.254 <-- ADSL router IP > Givent that you'll provide such a fix, I'll probably do a test. > Providing a setup without the mainerver acting as gateway ( issue 2) ) is planed for Setup_B. Best regards, Andi > > > -- > Sysadmin SPSE-Tenero > Ufficio: +41 91 735 62 48 > Cellulare: +41 79 629 20 63 > > > -- > To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120408091339.ga5...@ticino.com > -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120408095239.GC9680@flashgordon
Re: Debian Local Area Network' (Debian-LAN)
Hi, Debian LAN is indeed interesting, simpler approach tha Edu. But I see some blocking missing features. 1) Subnet switch to an arbitrary 10.x.x.x/24 or even better 10.x.x.x/23 and also 192.169.x.x networks 2) The mainserver shouldn't act as gateway. Most plain, small organization networks have a dedicated gateway (which often is an ADSL router/gateway) and the server should live with this. Cheers Giorgio Givent that you'll provide such a fix, I'll probably do a test. On Sun, Apr 08, 2012 at 10:31:21AM +0200, Andreas B. Mundt wrote: > Dear Reader, > > it is my pleasure to draw your attention to the 'Debian Local Area > Network' project (Debian-LAN). > > The goal of Debian-LAN is to make setting up a local network with > centralized user and machine management, intranet, etc. as easy as > possible in Debian. > > To do that, the project aims for providing anything needed for such > systems: Documentation, code, whatever. For the time being, the FAI > framework [1] is employed to setup the system. However, the project > is in general not limited to FAI. > FAI's class system allows for great flexibility without loosing > control over customization. All modifications are implemented in the > config space and thereby documented in a well-structured way. > > > So far, a set of FAI classes and the corresponding config space has > been prepared to implement a Debian-LAN: > > * A mainserver with Kerberos KDC and LDAP including the FAI-server > to install clients. > * Clients are installed over the network from the mainserver, > automounting their kerberized home directories. > * Diskless clients are implemented as an option. > > The system is comparable to the debian-edu network and can be used for > schools, small enterprises, associations, (university) work groups and > much more. It provides the Gnome and LXDE desktop environment by > default on the clients. Depending on your needs, you can easily add a > customized package selection. For example the metapackages of a > Debian Blend. > > > Everybody is invited to take a look, test, report back and of course > contribute. More information can be obtained from the sources listed > below [2]. We use a git repository [3] on collab-maint on Alioth. To > install the mainserver, prepare a CD image following the instructions > in the wiki[4] and get started! > > Looking forward to comments and ideas, > best regards, > > Andi > > > > [1] http://wiki.debian.org/FAI> > > [2] Please do not hesitate to ask: >Documentation: http://wiki.debian.org/DebianLAN/>, >Mailing List: > http://lists.alioth.debian.org/pipermail/debian-lan-devel/> >IRC Channel: #debian-lan on irc.debian.org >Alioth Project pages: > https://alioth.debian.org/projects/debian-lan/> > > [3] To clone the repository use: >git clone git://git.debian.org/git/collab-maint/debian-lan > The repository contains the FAI config space for the provided setup. > > [4] http://wiki.debian.org/DebianLAN/bootstrap> > > > -- > -- > > A N D R E A S B. M U N D T > > GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt-- >Andreas B. Mundt-- > > -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120408091339.ga5...@ticino.com
Debian Local Area Network' (Debian-LAN)
Dear Reader, it is my pleasure to draw your attention to the 'Debian Local Area Network' project (Debian-LAN). The goal of Debian-LAN is to make setting up a local network with centralized user and machine management, intranet, etc. as easy as possible in Debian. To do that, the project aims for providing anything needed for such systems: Documentation, code, whatever. For the time being, the FAI framework [1] is employed to setup the system. However, the project is in general not limited to FAI. FAI's class system allows for great flexibility without loosing control over customization. All modifications are implemented in the config space and thereby documented in a well-structured way. So far, a set of FAI classes and the corresponding config space has been prepared to implement a Debian-LAN: * A mainserver with Kerberos KDC and LDAP including the FAI-server to install clients. * Clients are installed over the network from the mainserver, automounting their kerberized home directories. * Diskless clients are implemented as an option. The system is comparable to the debian-edu network and can be used for schools, small enterprises, associations, (university) work groups and much more. It provides the Gnome and LXDE desktop environment by default on the clients. Depending on your needs, you can easily add a customized package selection. For example the metapackages of a Debian Blend. Everybody is invited to take a look, test, report back and of course contribute. More information can be obtained from the sources listed below [2]. We use a git repository [3] on collab-maint on Alioth. To install the mainserver, prepare a CD image following the instructions in the wiki[4] and get started! Looking forward to comments and ideas, best regards, Andi [1] http://wiki.debian.org/FAI> [2] Please do not hesitate to ask: Documentation: http://wiki.debian.org/DebianLAN/>, Mailing List: http://lists.alioth.debian.org/pipermail/debian-lan-devel/> IRC Channel: #debian-lan on irc.debian.org Alioth Project pages: https://alioth.debian.org/projects/debian-lan/> [3] To clone the repository use: git clone git://git.debian.org/git/collab-maint/debian-lan The repository contains the FAI config space for the provided setup. [4] http://wiki.debian.org/DebianLAN/bootstrap> -- -- A N D R E A S B. M U N D T GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt-- Andreas B. Mundt-- signature.asc Description: Digital signature