|
|
|
Linux Lab Configuration Profile
This document is no longer being maintained. See the latest document.
Table of Contents
| Revision history |
|---|
| Who | When | What |
|---|
| K Lim | 10/07/2002 | 0.0 Created |
| K Ching | 17/07/2002 | 0.5 Modified draft |
| K Lim | 17/07/2002 | 1.0 Release |
| K Lim | 10/03/2003 | 2.0 Release |
| K Lim | 21/10/2003 | Change SOE link |
Top
1. Introduction
The Linux lab configuration is constrained by:
* The Dual booting environment - Windows & Linux
* The size of the disk on the PC
* Security issues related to the OS and user home directory access
Shared Systems developed the environment under these constraints to
fulfil the teaching requirements of the Faculties.
This document profiles the current Linux lab configuration.
Top
2. Deployment
Linux is currently deployed by Novell Zenworks, Altiris Labexpert or
Ghost software, depending on the lab manager. The imaging software is
used by Lab Managers to replicate Windows and Linux disk partition
images across a group of computers in labs.
All of the current versions of the imaging software mentioned above now
support Linux partitions. Currently, different faculties put the Linux
image in different partitions. Separate images of Linux are built which
differ in the partition information for particular computer types. This
ensures that Linux will boot on all the target computers.
Top
3. Post Imaging Process
Lab managers must boot Linux after imaging to ensure that each
lab computer is able to update packages and configuration from the
patch server and configuration server respectively.
Top
4. Booting
Required system processes such as the system logger are initialized at
each restart of Linux. The list of processes is customized for use in
the lab environment. A configuration management agent is run to check
and download updated files from the configuration server.
The majority of programs are accessed on the workstation, however due
to space restrictions, the programs available have been specially
selected. Some required programs are accessed as required from a
network file server using the NFS protocol.
Other software may reside on non-ITS servers, these are are provided by
faculties, and are accessed using NFS as required by the user. Some
urgently required software may be deployed from the network during
semester, however all software requests usually arrive before the Linux
image is finalised.
However, NFS is network dependent, and network outages or
inconsistencies can cause problems, and occasionally, downtime for the
Linux labs.
Top
5. Login
Linux accounts are processed by CRUX. User information is stored in the
Monash Directory Service, and authentication details like the user's
password are stored in the Kerberos service. While the user may be
known in Kerberos as soon as the CRUX transaction completes
successfully, the account will not be available until the next day. As
well, CRUX manages the creation of a home directory on the central NFS
home directory servers for the user. To reduce the load on the Monash
Directory Service, login information for Linux users is processed into
a file which is replicated among the Linux lab servers, which is
replicated on to each workstation during boot time. The production of
the Linux user information file occurs early each morning; no user
passwords are distributed in the file, all user passwords reside in the
Kerberos service.
At the login prompt, users enter their Unix username and Linux password
to access Linux on the workstation. On success, their home directory is
mounted from the central NFS home directory server. On the occasion
that NFS home directories are unavailable, the user is logged into a
home directory on the workstation. Workstation home directories are not
persistent, it is dependent on the user to copy their work elsewhere if
desired.
User access is authenticated in two stages, firstly there must be an
entry for the particular user in the local database, which is updated
from the configuration server during the Linux boot. Second, the user
must be in the Kerberos database and must have a valid password to be
authorized. The Kerberos authentication stage also authorizes the
workstation to mount the home directory for the user.
Top
6. Printing
To select a default printer, the "nsetprint" command has been rewritten
to provide a scrolling list of printers for selection.
Print jobs in the Linux labs are sent to printer queues on Novell
servers using the "lpr" command. Only users authenticated by Kerberos
can print in the labs.
Top
7. Software
The software installed in the labs is managed using two methodologies.
Initially, a base system is configured from the packages provided with
the operating system. The use of precompiled packages makes it easier
to install and manage a large number of individual programs. The
installation is customized to exclude unnecessary software:
* Software to run specialized services
* Programs not supported at Monash
* Programs that will not run in the lab environment
Updates to the packages from the initial installation are provided by
the operating system vendor at any time and are automatically
downloaded and installed by lab computers a short time after they are
booted into Linux.
Some vendor packages installed are customized for the labs. Packages
are built at Monash when a vendor or third-party version is not
available, and packaging the software is a trivial operation; in some
cases, packaging instructions are include with the source code. In
addition, some faculty requested software is available as third-party
packages, these are installed after the initial install.
The other methodology for managing installed software in the labs
involves the use of the /usr/local directory, which is used to house
unpackaged but precompiled programs, and programs compiled from source
code. Some software is only available as source code, if constructing a
package from it is non-trivial, it will be compiled and installed in
the /usr/local directory. It may also be the case that the original
software request required a customized compile and install in the
/usr/local directory.
A web page documenting the Standard Operating Environment (SOE) for the
Linux labs has been produced. It follows the Windows and Macintosh
versions in terms of application types in order to help maintain a
standard environment across the range of operating systems available,
and to conform to Monash guidelines. In addition, the Linux SOE defines
a Window System and a Window Manager. The Window Manager was required
to simplify support requirements (for the Helpdesk) by providing a
small, stable, relatively user-friendly program which does not require
constant updating, maintenance and tracking of a multitude of
dependencies on other software packages. The web page is updated as
required. The SOE document is currently located at
http://www.its.monash.edu.au/sharedsys/support/linux/student-linux-soe.html
An additional web page lists all of the software available in the Linux
labs specifically requested by faculties for teaching. The page is
manually maintained and is updated when software is updated, or when
new software is installed.
|
