Makefile

@@ -100,6 +100,7 @@ SYSCONFFILES = \
 	ldap/rootDSE-debian-edu.ldif \
 	ldap/slapd-squeeze_debian-edu.conf \
 	ldap/ssl/slapd-cert.cnf \
+	ltsp/ltsp-build-client.conf \
 	samba/netlogon/1stlogon/1stlogon.bat \
 	samba/netlogon/config/get_time.bat \
 	samba/netlogon/config/penguin.bat \
@@ -359,6 +360,7 @@ install: install-testsuite
  share/ltsp/plugins/ltsp-build-client/Debian-custom/015-edu-apt-source \
  share/ltsp/plugins/ltsp-build-client/Debian-custom/020-rootpath \
  share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs \
+ share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image \
  share/ltsp/plugins/ltsp-build-client/Debian-custom/098-etckeeper \
 	; do \
 		$(INSTALL_DATA) $$f $(DESTDIR)/usr/$$f ; \

cf3/cf.homes

@@ -36,25 +36,45 @@ commands:
 bundle agent editline_homes
 {
 vars:
- 
-  "exports" slist  => { "/srv/nfs4 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)",
+
+  "default_arch" string => ifelse("x86_64", "amd64",
+                                      "i386", "i386",
+                                      $(sys.arch));
+  "combined"  slist  => { "/srv/nfs4 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)",
+                        "/srv/nfs4/home0 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)",
+                        "/opt/ltsp/$(default_arch) 10.0.0.0/255.0.0.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.0.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)" };
+  "main_only" slist  => { "/srv/nfs4 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)",
                         "/srv/nfs4/home0 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)" };
+  "ltsp_only" slist  => { "/opt/ltsp/$(default_arch) 10.0.0.0/255.0.0.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.0.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)" };
   "fstab"   string => "/skole/tjener/home0	     /srv/nfs4/home0	none	bind	0	0";
   "menu"    string => "MENUREORDER=true";
-  "nfs"     string => "NEED_SVCGSSD=yes";
   "autofs"  string => "LDAPURI=ldap://$(edu.ldapserver)";
 
 files:
 
   debian.server.installation::
 
+    "/etc/fstab"
+      create => "true",
+      edit_line => append_if_no_line("$(fstab)");
+
+  debian.server.ltspserver.installation::
+
     "/etc/exports"
       create => "true",
-       edit_line => append_if_no_line("$(exports)");
+       edit_line => append_if_no_line("$(combined)");
 
-    "/etc/fstab"
+  debian.server.!ltspserver.installation::
+
+    "/etc/exports"
       create => "true",
-      edit_line => append_if_no_line("$(fstab)");
+       edit_line => append_if_no_line("$(main_only)");
+
+  debian.!server.ltspserver.installation::
+
+    "/etc/exports"
+      create => "true",
+       edit_line => append_if_no_line("$(ltsp_only)");
 
   # Enable our menu overrides on standalone installations
 
@@ -64,12 +84,6 @@ files:
       create => "true",
       edit_line => append_if_no_line("$(menu)");
 
-  debian.server.installation::
-
-    "/etc/default/nfs-kernel-server"
-      create => "true",
-      edit_line => append_if_no_line("$(nfs)");
-
   # Enable autofs using LDAP unless running the server,
   # standalone or roaming workstations.
 

debian/changelog

 debian-edu-config (2.10.42) UNRELEASED; urgency=medium
 
+  [ Mike Gabriel ]
   * update-chromium-homepage:
     - Don't complain about non-existing config file when attempting its removal.
     - Make sure the target dir of $etcfile exists.
@@ -10,6 +11,31 @@ debian-edu-config (2.10.42) UNRELEASED; urgency=medium
       removal.
     - Make sure the target dir of $etcfile exists.
 
+  [ Wolfgang Schweer ]
+  * Improve cfengine configuration file management during upgrades:
+    - Adjust debian/debian-edu-config.postinst to copy related files.
+    - Add cf-agent related entries to debian/cron.d, but leave them commented.
+  * Use NFS again (instead of NBD) to mount the LTSP client root filesystem:
+    - Add share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image
+      to enable setting it; see #904427 (LTSP) why this is needed.
+    - Add etc/ltsp/ltsp-build-client.conf with settings for NFS.
+    - Adjust sbin/debian-edu-pxeinstall and accordingly to be able to use NFS on
+      the main network as well.
+    - Rework cf3/cf.homes:
+      + Write /etc/export file with profile and architecture dependent values.
+      + Drop no longer needed nfs-{common,kernel-server} configuration edits.
+  * Improve PXE installation setup:
+    - Rework sbin/debian-edu-pxeinstall (make modular installation desktop,
+      d-i download URL and installer type configurable).
+    - Adjust etc/debian-edu/pxeinstall.conf accordingly.
+  * share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection:
+    - Use /etc/debian_version to determine the DIST value; this is needed as a
+      workaround for #911382 (LTSP).
+    - Drop no longer needed code (related to mirror and proxy setup).
+  * share/debian-edu-config/tools/edu-ldap-from-scratch:
+    - Don't fail in case host keytab files are missing.
+  * Adjust Makefile and debian/dirs to reflect the changes. 
+
  -- Mike Gabriel <sunweaver@debian.org>  Wed, 24 Oct 2018 21:39:30 +0200
 
 debian-edu-config (2.10.41) unstable; urgency=medium

debian/cron.d

 # Check every 5 minutes if network blocking should be enabled or disabled
 */5 * * * *	root	if [ -x /usr/sbin/debian-edu-update-netblock ]; then /usr/sbin/debian-edu-update-netblock auto > /dev/null; fi
+# The next two entries could be useful during development
+# Set timestamp for the cf-agent run
+#*/30 * * * *	root	 /usr/bin/touch /tmp/d-e-c
+# Run cf-agent in case of debian-edu-config package upgrade
+#*/20 * * * *	root	if test /var/lib/dpkg/info/debian-edu-config.list -nt /tmp/d-e-c; then /usr/sbin/cf-agent -D installation; fi
+#

debian/debian-edu-config.postinst

@@ -205,6 +205,10 @@ configure)
     touch /var/lib/dovecot/auth_success
     if [ ! -d /var/lib/cfengine3/inputs/debian-edu ] ; then
         . /usr/share/debian-edu-config/tools/setup-cfengine3
+    else
+        cp /etc/cfengine3/debian-edu/cf.* /var/lib/cfengine3/inputs/debian-edu
+        cp /etc/cfengine3/debian-edu/edu.cf /var/lib/cfengine3/inputs/debian-edu
+        cp /etc/cfengine3/debian-edu/promises.cf /var/lib/cfengine3/inputs
     fi
     ;;
 esac

debian/dirs

@@ -12,6 +12,7 @@ etc/firefox-esr
 etc/init.d
 etc/ldap/schema
 etc/ldap/ssl
+etc/ltsp
 etc/pam.d
 etc/slbackup/pre.d
 etc/samba

etc/debian-edu/pxeinstall.conf

@@ -6,9 +6,21 @@
 # needed; see the manual for details.
 #ltsparch=i386
 
-# If e.g. 'apt-cacher-ng' is running on the gateway.
+# Set if NBD instead of default NFS is to be used for LTSP (10.0.0.0/8 network);
+# see the manual for details.
+#rootdev=nbd0
+
+# Set a different desktop environment for new installations instead of the default xfce one.
+#mydesktop=mate
+
+# Set if the Debian Installer should be run in graphical instead of text mode.
+#graphicdi=true
+
+# If e.g. 'apt-cacher-ng' is running on the gateway and should be used for installation.
 #http_proxy=http://10.0.0.1:3142
 #ftp_proxy=http://10.0.0.1:3142
 
-# Set a different desktop environment for new installations.
-#desktop=xfce
+# Set this during development to test if daily d-i netboot.tar.gz is working.
+# Run 'rm -rf /var/lib/tftpboot/debian-installer' followed by 'debian-edu-pxeinstall' after
+# setting it, and remember to run both commands also once this is commented again.
+#dailydi=true

etc/ltsp/ltsp-build-client.conf

+# Debian Edu settings, overriding default LTSP ones.
+# Add settings for NFS instead of NBD, see #904427 for details; requires the
+# /usr/share/ltsp/plugins/ltsp-build-clientDebian-custom/095-squashfs-image
+# file, which overrides the default LTSP one.
+# For all available options, run 'ltsp-build-client --extra-help'.
+
+DEFAULT_NFS="True"
+SQUASHFS_IMAGE="False"

sbin/debian-edu-pxeinstall

@@ -53,20 +53,21 @@ if [ -f /etc/environment ] ; then
     . /etc/environment
 fi
 
-[ "$dist" ]      || dist=$(lsb_release -sc)
-[ "$archs" ]     || archs="i386 amd64"
-[ "$ltsparch" ]  || ltsparch=$(dpkg --print-architecture)
-[ "$mirrorurl" ] || mirrorurl=http://deb.debian.org/debian
-[ "$hostname" ]  || hostname=pxeinstall
-[ "$domain" ]    || domain=intern
+[ "$dist" ]       || dist=$(lsb_release -sc)
+[ "$archs" ]      || archs="i386 amd64"
+[ "$ltsparch" ]   || ltsparch=$(dpkg --print-architecture)
+[ "$mirrorurl" ]  || mirrorurl=http://deb.debian.org/debian
+[ "$hostname" ]   || hostname=pxeinstall
+[ "$domain" ]     || domain=intern
+[ "$mydesktop" ]  || mydesktop=xfce
+[ "$graphicdi" ]  || graphicdi=false
+[ "$dailydi" ]    || dailydi=false
+[ "$rootdev" ]    || rootdev=nfs
 # Not hardcoded to allow PXE installation of a main-server without a
 # proxy set
 #[ "$http_proxy" ] || http_proxy=http://webcache:3128
 #[ "$ftp_proxy" ] || ftp_proxy=http://webcache:3128
 
-# Use Graphical installer by default
-graphicdi=false
-
 if [ -f /etc/debian-edu/config ] ; then
     . /etc/debian-edu/config
 fi
@@ -78,6 +79,11 @@ else
     edudist=$dist
 fi
 
+# Allow site specific overrides to the variables
+if [ -f /etc/debian-edu/pxeinstall.conf ] ; then
+    . /etc/debian-edu/pxeinstall.conf
+fi
+
 # This part does not work from within debian-installer, as it is
 # executed from cfengine before the cdebconf files are copied into
 # /var/log/installer/cdebconf/ ("debconf-get-selections --installer"
@@ -89,10 +95,9 @@ for template in debian-installer/locale \
     tasksel/desktop; do
     value="$(debconf-get-selections --installer | grep $template | awk '{print $4}')"
     if [ -z "$value" ] ; then
-	# If there is no value in the installer debconf database, try
-	# the currently installed one.  This solve a problem with
-	# tasksel/desktop when installing gnome via PXE.
-	value="$(debconf-get-selections | grep $template | awk '{print $4}')"
+       # If there is no value in the installer debconf database, set the default one.
+       # Useful if modular main server installation has been used (no desktop).
+	value="$mydesktop"
     fi
 
     # Using desktop= as kernel argument work, while tasksel/desktop=
@@ -117,11 +122,6 @@ preseedurl=http://www/debian-edu-install.dat
 # Where the preseed file is on the disk.
 preseedfile=/etc/debian-edu/www/debian-edu-install.dat
 
-# Allow site specific overrides to the variables
-if [ -f /etc/debian-edu/pxeinstall.conf ] ; then
-    . /etc/debian-edu/pxeinstall.conf
-fi
-
 # Start from a clean state if run after LTSP chroot arch changes.
 if [ -d $tftpdir/debian-edu ] ; then
     rm -rf $tftpdir/debian-edu
@@ -130,9 +130,13 @@ fi
 [ -d $tftpdir ] || mkdir $tftpdir
 [ -d $tftpdir/debian-edu ] || mkdir $tftpdir/debian-edu
 
-
 for arch in $archs ; do
     (
+        if [ true = "$dailydi" ] ; then
+            diurl=https://d-i.debian.org/daily-images/$arch/daily/netboot
+        else
+            diurl=$mirrorurl/dists/$dist/main/installer-$arch/current/images/netboot
+        fi
 	[ -d $tftpdir/debian-installer ] || \
 	    mkdir $tftpdir/debian-installer
         cd $tftpdir/debian-installer
@@ -144,7 +148,6 @@ for arch in $archs ; do
             tarball=""
 	    if [ true = "$graphicdi" ]; then
 		ln -sf $di_img_dir/gtk/debian-installer/$arch $arch
-		gtkvideo="video=vesa:ywrap,mtrr"
 	    else
 		ln -sf $di_img_dir/text/debian-installer/$arch $arch
 	    fi
@@ -152,13 +155,9 @@ for arch in $archs ; do
 	    if [ true = "$graphicdi" ]; then
                 # Use this URL for graphical installer, and fix
                 # gtkvideo setting below
-                url=$mirrorurl/dists/$dist/main/installer-$arch/current/images/netboot/gtk/netboot.tar.gz
-                gtkvideo="video=vesa:ywrap,mtrr vga=788"
+                url=$diurl/gtk/netboot.tar.gz
             else
-                url=$mirrorurl/dists/$dist/main/installer-$arch/current/images/netboot/netboot.tar.gz
-                # Comment the above URL and uncomment the below one to be able
-                # to fetch daily debian installer images during development.
-                #url=https://d-i.debian.org/daily-images/$arch/daily/netboot/netboot.tar.gz
+                url=$diurl/netboot.tar.gz
             fi
             echo "Fetching $url"
             if wget -q -O netboot-$arch.tar.gz.new $url ; then
@@ -251,6 +250,9 @@ fi
 menufile=$tftpdir/debian-edu/install.cfg
 echo "Generating $menufile"
 (
+    if [ true = "$graphicdi" ]; then
+        gtkvideo="vga=788"
+    fi
     for arch in $archs ; do
         cat <<EOF
 	# Based on the values used in Debian, and added the preseed URL
@@ -290,11 +292,11 @@ if [ -d /var/lib/tftpboot/ltsp/$ltsparch ] ; then
 LABEL ltsp-thin
         MENU    LABEL  LTSP ^thin client
         KERNEL ltsp/$ltsparch/vmlinuz
-        APPEND initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/nbd0 ro LTSP_FATCLIENT=False quiet
+        APPEND initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/$rootdev ro LTSP_FATCLIENT=False quiet
 	IPAPPEND 2
 EOF
     cat > $tftpdir/debian-edu/default-thin.cfg <<EOF
-DEFAULT ltsp/$ltsparch/vmlinuz initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/nbd0 ro LTSP_FATCLIENT=False quiet ipappend 2
+DEFAULT ltsp/$ltsparch/vmlinuz initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/$rootdev ro LTSP_FATCLIENT=False quiet ipappend 2
 
 EOF
 
@@ -310,12 +312,12 @@ EOF
 LABEL ltsp-diskless
         MENU    LABEL  LTSP ^diskless workstation
         KERNEL ltsp/$ltsparch/vmlinuz
-        APPEND initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/nbd0 ro quiet
+        APPEND initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/$rootdev ro quiet
 	IPAPPEND 2
 
 EOF
 	cat > $tftpdir/debian-edu/default-diskless.cfg <<EOF
-DEFAULT ltsp/$ltsparch/vmlinuz initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/nbd0 ro quiet ipappend 2
+DEFAULT ltsp/$ltsparch/vmlinuz initrd=ltsp/$ltsparch/initrd.img init=/sbin/init-ltsp root=/dev/$rootdev ro quiet ipappend 2
 EOF
     fi
 fi

share/debian-edu-config/tools/edu-ldap-from-scratch

@@ -56,7 +56,7 @@ sleep 1
 if [ -e /etc/krb5kdc/stash ] ; then
     rm /etc/krb5kdc/stash
     rm /etc/krb5.keyt*
-    rm /etc/debian-edu/host-keytabs/krb5.keyt*
+    rm -f /etc/debian-edu/host-keytabs/*.*
 fi
 ldap-debian-edu-install
 # send mail to first user (initialize /var/mail/<first-user uid>);

share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection

@@ -2,7 +2,7 @@ case $MODE in
   configure)
     ARCH=${ARCH:-"$(dpkg --print-architecture)"}
     if [ -z "$option_dist_value" ] ; then
-	option_dist_value=$(lsb_release -sc)
+	option_dist_value=$(cat /etc/debian_version | cut -d'/' -f1)
 	echo "info: Missing LTSP dist value, setting to $option_dist_value"
     fi
 
@@ -14,21 +14,5 @@ case $MODE in
 	[ "$http_proxy" = "false" ] && http_proxy=""
 	export http_proxy
     fi
-
-    # Force network APT source for the netinst CD, as the i386
-    # binaries are missing on the CD.
-    if [ file:///media/cdrom = "$option_mirror_value" ] ; then
-	if grep -qi "^deb cdrom:.*i386" /etc/apt/sources.list; then
-	    echo "info: Found i386 binaries on amd64 CD/DVD.  Keeping LTSP mirror as '$MIRROR'"
-	else
-	    NEWMIRROR=$(awk '/^deb (http|ftp):\/\/.* main/ { if (!first) { print $2; first=1 } }' < /etc/apt/sources.list)
-	    echo "info: Changing LTSP mirror from '$option_mirror_value' to '$NEWMIRROR'"
-	    option_mirror_value=$NEWMIRROR
-	    if [ high = "$http_proxy" ]; then
-		unset http_proxy
-		echo "info: http_proxy was set to high, this seems to be a debconf bug, remove it"
-	    fi
-	fi
-    fi
   ;;
 esac

share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image

+# This pluin overrides the default Debian plugin, see #904427 for details. It is
+# needed to be able to provide the LTSP client root fs via NFS instead of NBD.
+case "$MODE" in
+    commandline)
+        add_option "squashfs-image" "`eval_gettext "create squashfs image for use with NBD"`" "advanced" "false"
+        add_option "no-squashfs-image" "`eval_gettext "skip squashfs image creation"`" "advanced" "false"
+        add_option "default-nfs" "`eval_gettext "use NFS instead of NBD as default"`" "advanced" "false"
+        ;;
+    configure)
+        if [ -n "$option_squashfs_image_value" ]; then
+            # set an environment variable we can pick up later
+            SQUASHFS_IMAGE="True"
+        fi
+        if [ -n "$option_no_squashfs_image_value" ]; then
+            # set an environment variable we can pick up later
+            SQUASHFS_IMAGE="False"
+        fi
+        if [ -n "$option_default_nfs_value" ]; then
+            # set an environment variable we can pick up later
+            DEFAULT_NFS="True"
+        fi
+        if [ -z "$SQUASHFS_IMAGE" ]; then
+            SQUASHFS_IMAGE="True"
+        fi
+        ;;
+    after-install)
+        if [ "True" = "$DEFAULT_NFS" ]; then
+            sed -i 's#NBD AOE NFS#NFS NBD AOE#' $ROOT/etc/ltsp/update-kernels.conf
+        fi
+        ;;
+    finalization)
+        if [ "True" = "$SQUASHFS_IMAGE" ]; then
+            DEBIAN_OLD_FRONTEND=$DEBIAN_FRONTEND
+
+            if [ -n "$CHROOT" ]; then
+                UPDATE_IMAGE_OPTIONS="${CHROOT}"
+            fi
+
+            DEBIAN_FRONTEND=noninteractive
+            export DEBIAN_FRONTEND
+
+            /usr/sbin/ltsp-update-image --config-nbd ${UPDATE_IMAGE_OPTIONS}
+
+            DEBIAN_FRONTEND=$DEBIAN_OLD_FRONTEND
+            export DEBIAN_FRONTEND
+
+        fi
+        ;;
+esac