[Server-devel] recommended ip fw rules
So, even though we are using shorewall for now (it didnt break with an upgrade from 163 to 164, if it does at some point, we'll go back to using straight iptables) here are some recommended additions/changes: - change port 3128 to 8081 (if one installs dansguardian, which really should be integrated) - make an exception for local internal ip, otherwise moodle and other internal stuff is super slow - firewall everything but allow smtp, pop3 or imap, web, ejabberd (server 2 server) - traffic shape into 3 categories (low prio, normal and high prio) which would correspond to: high prio: ssh normal: everything except high and low low: p2p, ftp Not sure where ejabberd should go in there... probably normal... I havent added our rules as they will differ from what you would do with straight iptables... Kind Regards, David ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Time for another Server-Devel Meeting IRC or Skype?
Martin Langhoff wrote: On Mon, Aug 4, 2008 at 9:17 PM, Bryan Berry [EMAIL PROTECTED] wrote: We are putting a lot of work into the XS here in Nepal after a long absence. Cool - David Van Assche is now w/ OLE nepal full-time in Kathmandu working on the XS. We want to make sure we are moving in the same direction and not waste anyone's time. Excellent! Sounds like you guys are doing a lot How about an IRC or Skype meeting open to all those interested in the XS later this week? If it's an IRC meeting I will be happy to post it to the wiki. Good idea. We can do it via IRC I think -- if it's just us, we can switch to Skype as long as we get some minutes somehow :-) I would suggest Gobby so that more than one person can take notes. Gobby will also support chat. We can predetermine who will take notes off of VoIP, irc, etc. Ubuntu uses Gobby for the same purpose at its Ubuntu Dev Summit meetings. http://gobby.0x539.de/trac/ apt-get install gobby in Debian/Ubuntu works. The only major requirement is that someone will have to initiate a Gobby session at a public IP. Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ Looking at suitable times, I am thinking of this Friday (NZ time, Thursday for everyone else ;-) ) - look at: http://worldtimeserver.com/meeting-planner-times.aspx?L0=NZL1=NPL2=GBL3=US-MAL4=Day=8Mon=8Y=2008 It is hard to coordinate a good time for Nepal and NZ and the American continent. It would be fantastic if Greg Smith can make it - I am thinking - 2PM - early morn for Nepal, 10pm for 1CC - 11PM - late night for me, easy for everyone else! :-/ let's have a quick RSVP - so we can prioritise timezones. cheers, m ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DNS Connectivity Issues
Glen, Updated /dev/sda3's version /etc/resolv.conf to change second line to new nameserver. sysresccd etc # cat resolv.conf search venango.org nameserver 12.147.208.166 nameserver 208.67.222.222 nameserver 205.171.2.65 #nameserver 155.70.40.251 #nameserver 205.171.3.65 #nameserver 65.118.27.65 Tony Pearson Senior Storage Consultant, IBM System Storage™ Telephone: +1 520-799-4309 | tie 321-4309 | Cell: +1 520 990-8669 email: [EMAIL PROTECTED] | GSA: http://tucgsa.ibm.com/~tpearson Blog: http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage AKA: 990tony Paravane, eightbar specialist Glen Roberts [EMAIL PROTECTED] 08/01/2008 03:46 PM Please respond to [EMAIL PROTECTED] To Pablo Flores [EMAIL PROTECTED] cc [EMAIL PROTECTED], Tony Pearson/Tucson/[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], server-devel@lists.laptop.org Subject DNS Connectivity Issues Today just after noon (edt) our Qwest internet connection (not the one the EDU server is on) went down. I was in the middle of upgrading the DNS servers so it frustrated that task enormously. Qwest seemed to have the service more or less restored by 4:30 PM or so. At that time I noticed an email from ATT saying that they had monitored outages on our ATT circuit (the one the EDU server is on). Apparently this was of an intermittent nature. Apparently Verizon had a fiber cut somewhere The result is that DNS was probably down for 5+ hours and the connection otherwise intermittent. There may still be DNS issues but I am too tired to dig too deeply until tomorrow. 65.118.27.2 was probably configured as a secondary dns in /etc/resolv.conf on edublog. It might be better to change that to 208.67.222.222 (opendns.org) as 65.118.27.2 is no long active. Glen _ Total Blog Directory http://www.totalblogdirectory.com image/jpeg___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ugly JABBER problem
On Wed, Aug 6, 2008 at 12:12 AM, David Van Assche [EMAIL PROTECTED] wrote: Has anyone else actually been able to register a new XO without specifying the jabber server? Yes, the QA team, myself, etc. What images are you doing this with? We have tried this now with 5 different XOs from Nepali changed images and fresh non-Nepali images with the same results... If you tell us more about which vanilla images we might be able to help. Am not sure what you mean with idmgr and dansguardian... we've not had any conflicts between the two... Bryan wrote that you did. Google for idmgr and Dansgardian and you'll find: * Idmgr is using port 8080 when that is the default port for dansguardian, this was quite confusing to us * dansguardian should be included in the olpc repo, it is currently in the dries repo cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Setting up an XS with an AP
Hello, I am now in Nauru (very small central Pacific country) starting up a single class trial here. They have provided a machine to be used as the XS for the pilot. They have no active antenna (AA) so we are using two network cards and a D-Link DWL 2100 AP. I installed the XS software and configured it for a small school server, adding the shared roster online etc, and it works fine when tested using my own prototype AA. However, I am having problems getting it work with the AP on eth1 - can anyone advise please. This is how I tried to set it up: . /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.18.6.1 NETMASK=255.255.254.0 BROADCAST=172.18.7.255 . /etc/sysconfig/dhcpd DHCPARGS=eth1 . /etc/dhcpd.conf at top of file: subnet 172.18.6.0 .. option routers 172.18.6.1 option subnet-mask 255.255.254.0 option broadcast 172.18.7.255 range 172.18.6.2 172.18.7.254 D-Link settings: . Mode = Access point . DHCP server off . Gets IP from DHCP server . ESSID - not sure what to do with that so I tried school-mesh-0 . ESSID broadcast - on or off, did not make any difference . The DLink works to some extent attached to the Eth1 network card. I can see it in the XO neighbourhood view and I can connect to it on my Windows Vista laptop - it gives me an IP in the range as above. However, the XOs will not stay connected. Unlike with the active antenna, which they find and connect to in seconds of booting, they do not find it and revert to looking for XO mesh portal. If you click on the icon in neighbourhood view they will try to connect but the connection circle/icon on home view stays greyed out and then it gives up. Any help appreciated! David Leeming OLPC Coordinator, Secretariat of the Pacific Community (SPC) www.spc.int Technical Advisor, People First Network P.O. Box 652, Honiara, Solomon Islands, South Pacific ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Setting up an XS with an AP
On Wed, Aug 6, 2008 at 8:08 AM, David Leeming [EMAIL PROTECTED] wrote: I am now in Nauru (very small central Pacific country) starting up a single class trial here. Fantastic! They have provided a machine to be used as the XS for the pilot. They have no active antenna (AA) so we are using two network cards and a D-Link DWL 2100 AP. Makes sense. How many XOs are you planning to support with that? I installed the XS software and configured it for a small school server, adding the shared roster online etc, and it works fine when tested using my own prototype AA. Good so far. However, I am having problems getting it work with the AP on eth1 – can anyone advise please. This is how I tried to set it up: · /etc/sysconfig/network-scripts/ifcfg-eth1 Couple of questions - did you set that configuration yourself? Or is that what the network_config script did? - how many network cards does the server have? (tip: should be 2!) - did you add/remove network cards after the initial install? D-Link settings: · Mode = Access point · DHCP server off · Gets IP from DHCP server So far good. · ESSID – not sure what to do with that so I tried school-mesh-0 Hmmm, possible cause of trouble. Pick any other name, perhaps call it school or a local word for school. · ESSID broadcast – on or off, did not make any difference Keep it on. It will appear *much* faster on the kids 'network view'. · The DLink works to some extent attached to the Eth1 network card. I can see it in the XO neighbourhood view and I can connect to it on my Windows Vista laptop – it gives me an IP in the range as above. Right, However, the XOs will not stay connected. Unlike with the active antenna, which they find and connect to in seconds of booting, they do not find it and revert to looking for XO mesh portal. If you click on the icon in neighbourhood view they will try to connect but the connection circle/icon on home view stays greyed out and then it gives up. Change the ESSID, retry, and if it still fails to connect send us the logfiles collected by the command olpc-netlog. See the olpc-netlog mention in http://wiki.laptop.org/go/Attaching_Sugar_Logs_to_Tickets And we *need* to know the build numbers and the output of olpc-netstatus for what you consider successful connections and failed connections. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Understanding the network scripts on F7-based XS
On Wed, Aug 6, 2008 at 4:47 AM, Jerry Vonau [EMAIL PROTECTED] wrote: Nice overview. thanks! That I can help with that also, I'm very (too?) familiar with shorewall, http://www.shorewall.net that'll be cool - - Can we make the networking configuration work in a stable manner on F9? Might just work, as is, with what you have now, just not with Network-Manager at the moment. Note that it has some nasty interactions on F7 with netplugd, and that results on us missing on some features. IE: we have to disable netplugd, so we don't detect ethernet-cable-plugged-in events -- this can be a prob if the WAN connection is set to use dhcp. And I assume even internal interfaces might do something in connect/disconnect events (flush arp tables?). Do we need to hook into the events infrastructure so when an ethernet cable gets plugged into an if we do the right thing? Could we make it so that we autodetect and configure an AA on usb connection? That would be a Dbus/Network-Manager thing, your talking usb event driven responses here, right? I'm not sure - whatever does event mgmt on headless server setups for Fedora. I don't think it's NM. - Can we remove the service mgmt from it? :-) Sorry, can't find part that at the moment, which file? Ah, just means I don't think chkconfig calls belong there -- low priority... cheers! m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Server Spec (blueprints) Comments
On Wed, Aug 6, 2008 at 4:20 AM, Greg Smith [EMAIL PROTECTED] wrote: Also, is that the right place for them? Are they in 0.3 and is it released with both those features implemented? When a new release comes out, maybe we should note that its released in the road map and link to its release notes? Yes, but I don't think we have achieved all the goals in it, so I won't call it done - Great job describing scenarios and motivation on both. That's key element in understanding the motivation and use of the features! Thanks - normal practice from my moodling days :-) Some comments and questions: http://wiki.laptop.org/go/XS_Blueprints:Datastore_Simple_Backup_and_Restore 1 - What files are backed up from the XO? Everything that is tracked by the datastore. The hint is in the name :-) 2 - Is there any GUI on the XO for this feature? Is it always on or always off or how do you know when it is moving files from the XO view? - always on - a ui improvement could be to add a hint that ds-backup is working 3 - How many XOs can backup at the same time? If they start to swamp the BW during class, is there any way to know that and possibly prevent it if needed? Looks like the traffic control script does some of that but could use more details on the algorithm. Impossible to know how many. There are several mechanisms we use to control this. It will be *fantastic* if someone can document this to the last detail, and update it every time we change the code. In the meantime, read the source. The traffic control algorithm is here - line 17 and 28-37 are interesting: http://dev.laptop.org/git?p=users/martin/ds-backup.git;a=blob;f=server/backup-available.py;h=b7a2dab0115601737c641cb5e2bb2038a9963461;hb=413237674d734101dc8c22639a96eba35ddac2a4 4 - Can you set the quota per XO? What is the default? How about max age? Do you turn this feature on with the XS and what is the interface to it on XS? No. Dynamic based on a per-service quota. Again, need for documentation helpers. Good docs take at least as much time to write as the code itself. On http://wiki.laptop.org/go/XS_Blueprints:OTP_root_passwords 1 - My only question is if we have a lead customer for this. I would like to hear Bryan's comments on it too. The blueprint talks about deploying large numbers of XSs, some of them w/o internet. Who could that be? :-) cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Martin's new assistant
hello, I will be working with Martin Langhoff for a couple of months, with the hope of giving XS development a boost. At present I am really just familiarising myself with the system, but we aim to clean up that bug tracker and have a considerably more useful school server. My background is in software art, with a bit of filmmaking, web development, and general programming. Some of my projects are described on http://halo.gen.nz/. The art background is perhaps more relevant than it might seem: it is hard to imagine an environment with worse connectivity and less IT expertise than a typical New Zealand art gallery. Designing and deploying tolerably cheap and fail-safe systems has been a large part of my work. Anyway, I'm glad to helping the OLPC project. cheers, Douglas Bagnall ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Time for another Server-Devel Meeting IRC or Skype?
I am sick in bed and too tired to really think. will work on a meeting agenda tomorrow On Tue, 2008-08-05 at 07:32 -0400, Greg Smith wrote: Hi Guys, I'm in for Thursday 2PM NZ, 7:45AM Nepal, 10PM US ET. On irc.freenode.net #olpc-meeting? Let's set an agenda now and keep it to one hour if we can. Thanks, Greg S PS what's up with the 15 minute Nepal offset? That's even stranger than India time ;-) Bryan Berry wrote: On Tue, 2008-08-05 at 10:54 +1200, Martin Langhoff wrote: Looking at suitable times, I am thinking of this Friday (NZ time, Thursday for everyone else ;-) ) - look at: http://worldtimeserver.com/meeting-planner-times.aspx?L0=NZL1=NPL2=GBL3=US-MAL4=Day=8Mon=8Y=2008 It is hard to coordinate a good time for Nepal and NZ and the American continent. It would be fantastic if Greg Smith can make it - I am thinking - 2PM - early morn for Nepal, 10pm for 1CC - 11PM - late night for me, easy for everyone else! :-/ Great, Friday, 7:45 AM is a bit early for Kathmandu but it works for us Skype will work if it is less than 7 people but gets too messy w/ more. w/ 7+ people I prefer IRC. David and I will be there -- Bryan W. Berry Systems Engineer OLE Nepal, http://www.olenepal.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] moodle and authentication
So... We've come to thinking about how to do the moodle authentication from the xos in the easiest way, but also a way that involves the teachers/administrators in some way. An idea we came up with is the following: -Modify the user database to include an extra field - lets call it mac address, but could be any unique xo identifier. - make a little script to check the xo mac address and pass it along to moodle to check in its user database and log on... The teacher would then check the mac address on the XO, while filling in the rest of the data in moodle for the student and put in the mac address what do u think? David Van Assche OLE Nepal ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
