Profile

Cover photo
The Linux Schools Project
338 followers|48,685 views
AboutPostsPhotosVideos

Stream

 
Karoshi Server on Ubuntu 14.04 - by +Paul Sharrad 

Karoshi version 10 is now starting to take shape built on Ubuntu 14.04 server. At this stage we now have a conversion script that installs the required packages and configures Ubuntu 14.04 server to become a Karoshi server. This would then be remastered into a Karoshi server iso. The installation process for the main server now works provided samba4 is patched before compiling ( this should sort itself out when the Samba team release 4.1.7 ). At the moment I have to cancel the samba4 compile section and then apply this patch:

http://git.samba.org/?p=samba.git;a=patch;h=29d779c7029f89e530994c45ae065707ffd62c43

Brief instructions for remastering Karoshi are here:
http://www.linuxschools.com/karoshi/documentation/wiki/index.php?title=Creating_a_Remaster#Creating_a_karoshi_Server_from_Ubuntu_14.04_server_version

The script that converts Ubuntu 14.04 server  can be viewed here:
https://github.com/the-linux-schools-project/karoshi-server/blob/master/serversetup/distro/ubuntu/all/buildserver/buildserver
4
Add a comment...
 
Owncloud  by +Paul Sharrad

We have been working on improving our integration with Owncloud and we now have a new version in testing that automatically connects user home areas so that they can be synchronised to other devices.

+Robin McCorkell has done some sterling work in modifying the Owncloud code to get this to work and he is now an Owncloud contributor.

What's left to do?

At the moment we are only connecting user's home shares to Owncloud so staff will not get access to the subjects and staffshares. This is because at the moment we do not have a way of stoppping synchonisation of these shares to client computers.
1
Add a comment...
 

Patch karoshi-web-controls-140219-1719 by +Paul Sharrad 

This patch provides the following changes:

Owncloud

Owncloud is an open source project that works like dropbox but allows your users to sync their files to your servers. Owncloud has been added to Karoshi as a module and the ldap settings are auto configured when the module is applied.

Exam Accounts

There was a problem with any exam accounts that had been created. This patch re-creates all exam accounts to fix this problem. Exam account home folders are not affected and no files will be lost in this process. Any exam accounts in use will need a password change since it is now a new account.

Fail2ban

Fail2ban is a service that scans logs for failed log in attempts and firewalls out client devices that have repeated login failures. Fail2ban was only being used for the web management in Karoshi but this patch configures fail2ban to additionally monitor postfix and dovecot logs.

Server SSH keys

When adding extra servers to the system an ssh key has to be generated. I was not happy with the length of time this was taking although it was my fault because I had set the key to be 8192 bits. SSH keys are now generated with 521 bit ecdsa keys instead of rsa keys which are generated much faster.

Re-installing servers

After the flood at DGSB one of the servers was re-installed with new hardware and re-added with the same name. It was confusing because the web management assumed that it was the same server as before with the same modules applied even though it had been re-installed and it this point no modules had been applied at all. Now any servers that are re-added to the domain are checked and if it is a new install the existing modules are marked in bold red text that they require re-installing.

Web Management Layout

The web management layout has been modified to a centred layout. Any pages that scroll now have the scroll bar appearing in the central display section of the page.

Mobile Web Management

The mobile web management has been improved and pages where the data just cannot fit on a mobile screen is now offset to the right.

FQDN

We saw a problem with the servers seeming slow after the floods when we moved the servers down to our temporary server room. This was due to ssh querying ipv6 as well as ipv4 which was not working because at that point our internet connect was down. All server names are now saved as fully qualified domain names.
2
Add a comment...
 
Owncloud Module by +Paul Sharrad 

The new owncloud module is now in final testing and will go out in the next patch for anyone that wants an on-site alternative to dropbox.

The current configuration allows students and staff to access owncloud but it is easy to modify the configuration to allow access to only staff or staff and older students depending on school needs.
4
Add a comment...
 
*Dev Meeting by +Paul Sharrad *

Present +Paul Sharrad  +Robin McCorkell

Meeting Focus - Module Improvements

We took a quick look through all of the optional server modules in the Karoshi Server version to see if any of the modules needed any improvements. The list below is what we have come up with so far.

Internet Radio Server

This could do with mixx intergration with airtime .

home access

Moodle

We are currently looking at parent access in moodle but want moodle to look the parent details up from the samba4 ldap data.

OCS Inventory

This module could be fully integrated with the linux clients being auto configured. Integration into the asset register would also be a good idea for extended client details.

Radius server

Linux client integration with wireless key settings.  The problem here is that the client relies on a network connection during boot up to download updated configuration files. The clients could authenticate to radius via a host keytab on the client during bootup.

Distribution server

A nice idea here would be to be able to automatically re-install later Karoshi client versions without having to reconfigure the client bios settings for network boot. Setting the clients to re-install would cause the clients to reboot or wake on lan to auto re-install a newer version.

Joomla

 The current Joomla module allow staff to edit content but this could be improved with kerberos support for seamless login.

Monitor server

We thought it was strange that since we automate so much of the setup process that applying the monitoring module does not automatically set up monitoring on the correct services for Karoshi servers that have already been setup. The aim is to change this so that Karoshi servers are automatically configured to be monitored if the monitoring server module is applied.

In addition it would be nice to integrate with the uptime statistics with extra information provided from mon.

New module ideas

These are just ideas at the moment.

MIS - We've installed School tool on a test server to see what it is like.

Library system - we initially had a library system in years ago and it seems odd we are not covering this at the moment.

Remote desktop access module - This is an ambitious plan to have remote desktop access  to a set of linux clients with full load balancing and the ability to power up extra machines when needed under load.

Web based project management - I was after some form of project management to plan and monitor progress on projects.
1
Rob Bosch's profile photoRobin McCorkell's profile photoDavid Coughlan's profile photoAurélien Jaulent's profile photo
8 comments
 
Cool, I will visit there, probably more than just once.. :) I also noticed the forums are up again. I joined together with a friend of mine. We hope more will join in the near future so we can share ideas and learn from each others experience.
Add a comment...
Have them in circles
338 people
 
Forum

We now have a forum, so come and join us and help us create a community!
9
3
Rob Bosch's profile photoEduardo Medina's profile photoJeff Greer's profile photoAurélien Jaulent's profile photo
2 comments
 
It would be great if all G+ followers would jon the forums. It would make a great start for the forums. I hope together we can make a thriving community where we can share ideas and ask for help.
Add a comment...
 
Patch karoshi-web-controls-140302-1130 by +Paul Sharrad

This patch provides the following changes:

E-mail

We were seeing an annoying amount of spam appearing so the Postfix configuration  has been modified to use zen.spamhaus.org.

Reverse Proxy module

The logic has been improved for adding the reverse proxy server module. Previously this module could only be applied to a server with no other modules on it. Now it can be applied to any server that has not had a web based module applied to it. This logic is needed because our reverse proxy module uses nginx for speed but our web modules use apache for the web hosting.

Student staff users

Student staff users now correctly get extra shares mapped. Users created in this group were missing the subjects and staffshares.

Sysvol and Profiles

 Sysvol and profiles now get copied to additional domain controllers.

Student home areas

Student home areas now set to group staff to stop other users of the same user group gaining read only access to student home areas.
4
Add a comment...
 
Delays

Appologies for the delay with the latest patch. We arrived back at the start of the new term to discover that a water leak had developed on the top floor and was now cascading down through three floors into the server cabinets in the server room. This resulted is us having to abandon the server room and transfer all the equipment to a temporary location.

During the floods the monitoring server was sending out server failure warnings as servers slowly died as water rose!

On starting the servers back up after the drying out process two servers totally failed but we managed to get them working with some older motherboards that we had spare. We also suffered broken disk drives from motherboards shorting out along with corroded motherboards.

All core servers and internet  were back up and running after 42 hours in our new temporary server room.
1
Add a comment...
 
Security improvements by +Robin McCorkell

We have been looking at ways to improve the security of Karoshi systems, most notably protection against denial-of-service attacks. After a series of Squid crashes due to too many 'queued authenticator requests' I looked into the possibility of crashing Squid on purpose, and quite quickly found a way to spam false messages at Squid until it crashed.

Although Fail2Ban is configured for the web management to prevent DoS attacks, it isn't used for anything else. We quickly found that we could augment the configuration to monitor Squid logs, banning IPs that do more than 5 failed authentication requests with a lock out period of 5 minutes. It was very effective, preventing the message spam DoS attack that worked before from even slowing it down.

We are looking to integrate Fail2Ban with every module that includes a network service, to harden all Karoshi systems against malicious attacks.
4
Add a comment...
 
Patch karoshi-web-controls-131129-1543 is now available by +Paul Sharrad

This patch provides the following changes:

Samba 4

Update server - this feature will now also update samba4 to the latest version (currently 4.1.2).

samba_backup tdbbackup path problem fixed.

Web Management

 Web management themes updated.

Reverse Proxy Server

Nginx reverse proxy upload setting increased.  This was causing a problem with students uploading large assignments to moodle.

E-Mail Server

 Postfix - line_length_limit = 2176 added to main.cf

This fixes a problem with kerberos tokens being to large for postfix to read.

User Web Folders

 User web folders added as a new feature in the web management.

This gives selected users a public_html folder in their home area that they can use for web hosting. Users also get an icon on their desktop giving a quick link to the hosted area, so they don't have to remember or type the full server path into a web browser.

Mac

Mac support added. At the moment our mac support is quite basic. Macs joined to the domain will allow domain users to log in to them and home areas are auto mounted. If the proxy settings have been set on the mac client then the mac will use kerberos for authentication to the internet.

Linux clients

Thunderbird will no longer autostart if a mail server is not configured.

Some file type associations have been changed so they open in a sensible application. For example XML files used to open in a web browser where they were nearly useless - now they open in gedit.
3
Add a comment...
People
Have them in circles
338 people
Contact Information
Contact info
Email
Story
Tagline
Linux for schools, both servers and clients
Introduction
The Linux Schools Project provides an operating system that installs a server or set of servers based on your school needs, some of the roles available are: PDC, File, Print, Web and Proxy.

Once the server role has been chosen, the services required are automatically configured for a school setting, some of the services pre-configured are Samba, LDAP, Apache, Moodle, Cups, MySQL and Joomla.

The servers are maintained via a web interface that allows easy to use and remote administration of your network and provides access to the functions of day to day jobs like creating users or changing user passwords.

Release Timeline

8th August 2013 The Linux Schools Project Version 9.0.0

9th June 2012
The Linux Schools Project Version 8.0.0

19th June 2011 The Linux Schools Project Version 7.0.3

27th February 2011 Karoshi Version 7.0.2

13th September 2010 Karoshi Version 7.0.1

2nd August 2010 Karoshi Version 7.0

22nd February 2010 Karoshi Version 7.0 Beta

17th November 2009 Karoshi Version 6.0.2

20th June 2009 Karoshi Version 6.0

11th June 2007 Karoshi Version 5.1.3 

1th June 2007 Karoshi Version 5.1.2

24th December 2006 Karoshi Version 5.1.1

7th May 2006 Karoshi Version 5.0.1

21st Febuary 2006 Karoshi Version 5.0

24th August 2005 Karoshi Version 4.2.3

21st August 2005 Karoshi Version 4.2.2

18th June 2005 Karoshi Version 4.1.1

20th Febuary 2005 Karoshi Version 4.0rc3

18th Febuary 2005 Karoshi Version 4.0rc2

13th Febuary 2005 Karoshi Version 4.0

15th January 2005 Karoshi Version 3.0.1

10th January 2005 Karoshi Version 3.0

27th December 2004 Karoshi Version 2.5.2

5th November 2004 Karoshi Version 2.5.1 

28th October 2004 Karoshi Version 2.5

26th September 2004 Karoshi Version 2.3

31st August 2004 Karoshi Version 2.2.1

15th August 2004 Karoshi Version 2.1

12th August 2004 Karoshi Version 2.0

8th August 2004 Karoshi Version 1.1