|00:13||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)|
|00:32||Ark74 has joined IRC (Ark74!~Luis@188.8.131.52)|
|04:11||MCMXI|2 has joined IRC (MCMXIfirstname.lastname@example.org)|
|04:15||MCMXI has left IRC (MCMXIemail@example.com, Ping timeout: 252 seconds)|
|04:28||MCMXI has joined IRC (MCMXIfirstname.lastname@example.org)|
|04:31||MCMXI|2 has left IRC (MCMXIemail@example.com, Ping timeout: 264 seconds)|
maldridge: I agree, but it's been coming for a while. I'm sure there will be a successor :)
I hope so, linux in schools needs to happen
I dunno if a built distro is the best way anymore though. Maybe massive meta packages
it really just needs to be easy and intuitive and easy to maintain
|06:04||MCMXI has left IRC (MCMXIfirstname.lastname@example.org, Ping timeout: 246 seconds)|
I think it depends on what its being used for
I'm looking at what it would take to do managed linux for schools
|06:19||alkisg_away is now known as alkisg|
maldridge: since different regions/countries/districts of schools need different default apps and different settings etc, I was thinking that the best way to serve them would be to show an option in the installer about which of those regions this setup is in,
and then to have one developer per region maintain an edubuntu-ppa-region PPA, providing a package override for edubuntu-default-apps
For example, the greek-schools-ppa then would be edubuntu-el (same for all Greece), and it would offer different packages for primary, secondary etc education, even using our own local packages here that are not in the ubuntu archives
That would be the essence of edubuntu, and it would allow small communities to develop and support their own micro-flavor
|06:26||ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)|
I've asked stgraber if he wanted to go for it, but he didn't want to, that's why I didn't invest on edubuntu much time the last years...
I'm not sure if PPAs are the best way to go about it per sé either, but if it's easy to upload/update in the archives and if it's easy to give upload rights of those packages then that could work well
highvoltage: would have to be in the archive or entirely out of it. it's not allowed to have a package in the archive add package sources or pull packages from ppas
anyway, I'm not here, it's almost 3am here and I should be sleeping :)
stgraber: heh, goodnight!
Then that policy would need to be changed for edubuntu to have an active audience... :)
Or maybe something debian-based could be spinned
eh, I run a lab where we maintain our own mirror, our official policy is that no other mirror exists, but then again, the distro we use doesn't have a concept of PPAs
only full repos
maldridge: imagine that you maintain your own ppa, e.g. call it edubuntu-maldridge. And you put your metapackages there in order to override the ones shipped by edubuntu. Those metapackages would include your mirror etc.
That means that you could have your setup ready to run right out of the edubuntu installer
And since you'd be the only uploader to your own ppa, there wouldn't be any security risks
well in our case, we also have software that is against the main mirror's policies, its kind of nice in that we can have stuff whose license would otherwise forbid distribution, since we are using it solely as an install mechanism
The ppa would have the metapackage
Your mirror would have your software
The metapackage would add your own mirror
That's also what we're doing here
And it works remarkably well
interesting, I may have to look into ubuntu again, but the systemd stuff honestly just turned me off of it. Not even from a high and mighty ideological point, just the effort to retool everything only to keep getting 4 year old software
We have 20 GB of proprietary software, some in our own repository, and some in our privater repository with ip address checking for clients
stgraber just said that ubuntu doesn't allow that
dang that's a lot of software, I assume its mostly stuff for site specific stuff?
So for a distro was to utilize that idea, either the ubuntu policy would need to be changed, or some other derivative would need to be used
It's greek educational software, originally built for windows, then packaged in .deb format by us
I really liked ubuntu for several years, we even used it to bootstrap our linux labs, but once people got over the "its not windows" bit, they got tired of things either being old
maldridge: systemd is pretty hard to avoid these days
highvoltage: in the mainstream, but there are plenty of stable distros that fill the systemd-free niche
maldridge: not many worth using though
and like I said, it was mainly the effort of retooling for it that was the issue
I agree, I believe though that the one we have settled on is quite workable
ofc for one offs or new sites that have a business need, I tend to stick closer to EL7, but then its easy since there's no baggage that needs to be brought along
alkisg: "greek educational software". I assume this boils down to things like classroom management, testing, and custom companion software for things?
maldridge: no, it's software for teaching lessons, foreign languages, mathematics, geography etc etc
Our classroom management tools are open source, epoptes and sch-scripts
do you do any online testing?
maldridge: what kind of online testing?
like end of course exams or reading benchmarks, things like that
Several of the educational apps are web based and some of them do have tests for exams etc
We're packaging them, and any school that wants to use them, do so
It's up to the schools which apps they want to use, if any
|08:00||kjackal has left IRC (kjackal!~kjackal@2a02:587:3101:3500:ad6e:e2c4:4e3a:1330, Ping timeout: 246 seconds)|
ok, I'm more used to the system where all our schools are on one platform and they all have the same tests that are mandated by the state. More of those are going digital
|08:23||kjackal has joined IRC (email@example.com)|
it would be very cool to see how this packaging of software would go from separate packages to snaps/images. so one site would have one favorite snap/image and maintenance could be by anyone/anywhere. then site can get new snap/image on the server(s)
One installation plus a metapackage is 15 minutes
I don't see why snaps or images are needed
I do see the need for tools like e.g. ansible though
site admins would not need to know all different package names
What's the difference between 'package-for-secondary-schools' and 'image-for-secondary-schools'?
It's still one name they need to know
it sounds like a snap when you put it like that
The good thing with metapackages is that you don't have to worry about security issues like you do with snaps or clones
E.g. same ssh keys anywhere
Packages do have postinst scripts to (re)generate keys etc, while clones don't
is this metapackage like a file containing a list (metadata) of different packages?
This can be whatever a site maintainer wants, e.g. a collection of other packages and even some postinst settings
E.g. our sch-scripts package contains a user administration tool, a collection of software (ltsp, epoptes etc), and some default settings to have a school up and running without the admin doing anything other than installing sch-scripts
ok. cool. because i very much like the idea of less maintenance on sites, also with the servers on different sites.
Right, here we have one server per school, and the school IT teacher maintains it by installing our tools and following some simple instructions from a wiki
This model works very well, our support tickets dropped down 80% or so
this idea of improving maintenance costs is really worth, always
|08:47||gvy has joined IRC (gvy!~mike@altlinux/developer/mike)|
it's hard to implement snaps when you run servers on different sites but it could be just server reboot or restarting the snap compared to package running local installation. both snaps and packages could fail but what about recovery..
All package-based distros have fine mechanisms for recovery
E.g. if you reboot your server while installing a package, you can then just reinstall it
all host security on sites could be on smart cards or keys, using client keys
Or run `apt-get install -f` to finish what it started
yes. I know package maintenances is working like a charm but what if in some day with some user it doesn't? local admin doesn't know what he is doing and trying to reinstall a package get always same result
When package installation breaks or xorg doesn't start or the kernel doesn't see the usb ports etc etc, the user asks for remote support
vnc-dide: To share your screen with me, run this: sudo apt-get --yes install x11vnc; x11vnc -connect srv1-dide.ioa.sch.gr - this is a reverse connection, it doesn't need port forwarding etc.
I support 1000+ schools here and I still have time for development
i don't have them :)
I mean that this model works so well that we don't have many support issues anymore
I imagine if we were working with snap packages instead, we'd need tens of persons doing remote support
I would not say package model is bad or unnecessary. How is that snap would do more work for you?
it's still same place where you package. sites just get the new software differently
It would require us creating, testing, uploading and deploying a new snap, possibly very large, when shipping a new postinst script would be enough
the snap i referred to is something like Docker and Snappy images
Docker images contain the whole OS, don't they?
so it's just antoher apt/yum for maintenance work
Ubuntu snappy images can do a subset of what .deb packages can do, indeed, but of course they have a lot less infrastructure for deploying them
not the whole OS but yes they need the whole depencies (images) docked before that what you want to run works
My postinst can e.g. modify /etc/default/rcS which isn't even in the same package
It's a bit against the policy and it wouldn't go into Debian etc, but it's fine for site administration
I don't know if docker or snappy images support that
Ansible of course does support it, but it requires me having root ssh to each school, which isn't something that we want to impose to schools
I haven't used the docker much either. They fit much more with internet of things and web services
i look forward with this LTSP development. I was just thinking that local adminstrations could live without package installations
That idea was related to edubuntu, not to LTSP
But edubuntu doesn't want it, so it'll stay an idea, unless maybe if the debian-edu people like it or something
For us here it works fine, we do have our ppa and local private repository etc etc, but we don't have anything to lose if others don't want to use it
np. i don't have anything to lose with the idea either. i could us it very well
* I could use the metadatapackage
|10:10||gvy has left IRC (gvy!~mike@altlinux/developer/mike, Ping timeout: 240 seconds)|
|10:16||fnurl has left IRC (fnurl!3cf8605f@gateway/web/cgi-irc/kiwiirc.com/ip.184.108.40.206, Ping timeout: 264 seconds)|
|10:22||gvy has joined IRC (gvy!~mike@altlinux/developer/mike)|
|10:25||robb_nl has joined IRC (firstname.lastname@example.org)|
|10:26||adrianorg has left IRC (email@example.com, Ping timeout: 240 seconds)|
|10:28||adrianorg has joined IRC (firstname.lastname@example.org)|
|10:45||robb_nl has left IRC (email@example.com, Ping timeout: 248 seconds)|
|11:44||Faith has joined IRC (Faith!~paty_@unaffiliated/faith)|
|11:50||kjackal has left IRC (firstname.lastname@example.org, Ping timeout: 240 seconds)|
|12:06||markit has joined IRC (email@example.com)|
|12:06||robb_nl has joined IRC (firstname.lastname@example.org)|
|12:39||kjackal has joined IRC (kjackal!~kjackal@2a02:587:3101:3500:3914:7f2a:68cb:8b51)|
|12:45||bennabiy has left IRC (bennabiy!~bennabiy@unaffiliated/bennabiy, Remote host closed the connection)|
|12:50||bennabiy has joined IRC (bennabiy!~bennabiy@unaffiliated/bennabiy)|
|12:53||robb_nl has left IRC (email@example.com, Ping timeout: 248 seconds)|
|13:08||mgariepy has left IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy, Read error: Connection reset by peer)|
|13:11||mgariepy has joined IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy)|
|13:15||robb_nl has joined IRC (firstname.lastname@example.org)|
|13:20||robb_nl has left IRC (email@example.com, Ping timeout: 252 seconds)|
|13:29||zama has left IRC (zama!~zama@unaffiliated/stryx/x-3871776, Ping timeout: 276 seconds)|
|13:31||zama has joined IRC (zama!~zama@unaffiliated/stryx/x-3871776)|
|13:43||robb_nl has joined IRC (firstname.lastname@example.org)|
|13:57||Softeisbieger has joined IRC (Softeisbieger!~Softeisbi@ip-88-152-12-13.hsi03.unitymediagroup.de)|
|13:57||ben_roose has joined IRC (email@example.com)|
|14:13||zamba has left IRC (firstname.lastname@example.org, Ping timeout: 268 seconds)|
|14:13||Faith has left IRC (Faith!~paty_@unaffiliated/faith, Quit: Leaving)|
|14:15||zamba has joined IRC (email@example.com)|
|14:23||gvy has left IRC (gvy!~mike@altlinux/developer/mike, Quit: Leaving)|
|14:39||professor_ has joined IRC (professor_!bb422a82@gateway/web/freenode/ip.220.127.116.11)|
|15:50||markit has left IRC (firstname.lastname@example.org, Ping timeout: 276 seconds)|
|16:14||moricef has joined IRC (email@example.com)|
Hi I want to install a chroot thin client educational distro based on a debian jessie on a debian jessie headless amd64 server. but I don't how to do that because ltsp-build-client use the root of the server to build the client.
moricef: a thin client by definition logs into the server's GUI, so you need the server to have a GUI setup even if you don't ever locally start an X screen
if you're making a fat client, that's different...
even with thin, it's mostly just some extra disk space
That's mean I can't have a raspberry as terminal and a fat client on the server?
moricef: No, ltsp-build-client doesn't use the server's root, it builds a separate chroot filesystem for the thin client.
it's means i can't have ... (sorry for my english)
Can't have what?
|16:51||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
but ltsp-build-client install something like a x server in the separate chroot ? I can't have a raspberry as terminal and a fat client on the server?
|16:52||themis21 has joined IRC (themis21!2506199a@gateway/web/freenode/ip.18.104.22.168)|
The server is the server; it isn't a client for anything.
You can have a mix of both fat and thin clients, if you do the work to set it up that way.
And yes, ltsp-build-client will install the X server in the chroot.
so I can have a separate chroot filesystem with a distro wich is different than the server?
Yes. You'll have to set that chroot up on a server that's the same distro, but after you have the chroot, you can serve it from a different server.
for example a server with jessie and a client with gentoo, fedora or suze?
It'll take some work to set up, but there's no reason in principle why it wouldn't work.
You'd obviously have to do a lot of work to make it happen.
Back in a bit; have to go visit my mom.
the distro i want to install as client is based on jessie but have some extras repositery like ubuntu and others. it's a french educationnal distro Primtux
|17:18||dtcrshr has joined IRC (dtcrshr!~datacrush@2801:88:f7a:100:240:a7ff:fe2d:d7c0)|
|17:18||dtcrshr has joined IRC (dtcrshr!~datacrush@unaffiliated/datacrusher)|
alkisg: bossman says he wants 10 of those machines...
@ 122USD each shipped 4G ram with a this case/psu: http://www.newegg.com/Product/Product.aspx?Item=N82E16811154107
|17:58||alkisg_web has joined IRC (alkisg_web!4d31fc7d@gateway/web/freenode/ip.22.214.171.124)|
|17:59||alkisg_web has left IRC (alkisg_web!4d31fc7d@gateway/web/freenode/ip.126.96.36.199, Client Quit)|
gehidore: nice! :)
moricef: it's possible to have a headless server with xorg install and just not use xorg on the server
That will make it much easier for you, the clients will use the server's xorg, while the server will not use it
moricef: what are you client specs? cpu and ram?
raspberry pi 2 only?
raspberry pi 2 only
so no fat client i think
I think you want it to be fat, but let's see
Fat clients are diskless netbooted clients
Thin clients the same
The difference is that thin clients run the apps of the server
Fat clients run the apps of the chroot, locally on the client
So if you want to use a distribution designed for pi, with access to gpio etc, you want a fat chroot
If you want the raspberry to be only a keyboard and a monitor and to run the apps of the server and only transmit the screen to the client monitor, you want a thin chroot
Is primtux available for raspberry?
yes, it's the second case : thin client
no it's an i386 debian
OK, then the easiest way is to install primtux on the server, with xorg and everything, and create a thin chroot
raspberrypi: (#1) Ubuntu/LTSP on Pi 2: https://help.ubuntu.com/community/UbuntuLTSP/RaspberryPi, or (#2) Debian/LTSP (with raspbian chroot) on Pi: http://cascadia.debian.net/trenza/Documentation/raspberrypi-ltsp-howto/, or (#3) unofficial Ubuntu/LTSP (with raspbian chroot) on Pi: http://pinet.org.uk/
The #2 option there
oh, that documentation is a bit rusty
more of a proof of concept than documentation
|18:39||Softeisbieger has left IRC (Softeisbieger!~Softeisbi@ip-88-152-12-13.hsi03.unitymediagroup.de, Ping timeout: 276 seconds)|
no i don't want to install primtux on the server because it's a young distro (2015) with extra repositories. Not enough stable for a server. And in the future, maybe the server will be use for another things. primtux is too specific
raspberry can use a i386 thin chroot
raspberry pi needs to run a raspberry pi compatible operating system ... but that operating system can connect to servers of other architectures
moricef: if you run raspberry as a thin client, then it needs to connect to the server and run primtux on the server
That can happen if the server installation is primtux, which is the easiest way,
or it can happen in a virtual machine on the server that runs primtux,
or in a fat primtux chroot on the server with a special sshd configuration with chrootdirectory etc, which is a rather advanced setup
so better separate your ltsp server from any other "more stable" services that you want, and just run primtux on the server
but with fat client, are raspberry ressources sufficient?
thin client, not fat
run primtux on the server and use a thin chroot
if you want *other* services not related to ltsp, use another server or virtual machines
but with "a fat primtux chroot on the server with a special sshd configuration with chrootdirectory etc, which is a rather advanced setup", it's possible to run primtux without installed it on the server
Yes, well basically you need some kind of virtual machine, either chroot, schroot, lxc, kvm, vbox...
You need to run the chroot on the server in order for the clients to connect to it
|18:57||Ark74 has left IRC (Ark74!~Luis@188.8.131.52, Ping timeout: 248 seconds)|
ok thanks. I must go now. thanks again.
|18:59||moricef has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|19:00||moricef has joined IRC (email@example.com)|
|19:02||Ark74 has joined IRC (Ark74!~Luis@184.108.40.206.cable.dyn.cableonline.com.mx)|
|19:08||robb_nl has left IRC (firstname.lastname@example.org, Ping timeout: 252 seconds)|
|19:10||alkisg is now known as alkisg_away|
alkisg_away: in your testing did you test with both 4 and 8G or only 8G?
alkisg_away: was ltsp-trunk ready for release as far as you're concerned?
|19:22||robb_nl has joined IRC (email@example.com)|
|19:53||Ark74 has left IRC (Ark74!~Luis@220.127.116.11.cable.dyn.cableonline.com.mx, Ping timeout: 248 seconds)|
|20:07||kjackal has left IRC (kjackal!~kjackal@2a02:587:3101:3500:3914:7f2a:68cb:8b51, Ping timeout: 246 seconds)|
gehidore: I only tested with 8 GB and only for a while, I'll test it as an LTSP server in a school in a week though
|20:19||alkisg_away is now known as alkisg|
vagrantc: yup, ltsp-trunk is ready to go
epoptes-trunk too, if you have some more time... :)
nbd-client: To try mounting the NBD image from the client initramfs: nbd-client 192.168.67.1 -N /opt/ltsp/i386 /dev/nbd0
alkisg: ok, will try to work them in :)
alkisg: i overhead the conversation the other day about dropping the ubuntu-specific changes to ltsp?
|20:25||robb_nl has left IRC (firstname.lastname@example.org, Quit: I'm gone, bye bye)|
vagrantc: yup!! Hopefully I'll be able to just run syncpackage now, if I have enough rights for it...
If not, we'll have to call the big guns again... stgraber :)
vagrantc: at some point I was asking to commit this, wrt LDM_AUTOLOGIN: http://paste.debian.net/418440/
I think it belongs in ltsp, but I also think you don't like that particular implementation there, so I'll keep it in sch-scripts, right?
For the use case where one does want to autologin or guestlogin in all the subnet (no hostnames set), then he'd have to use a different HOSTNAME_BASE
alkisg: that snippet looks like it unsets LDM_AUTOLOGIN/LDM_GUESTLOGIN if HOSTNAME isn't ltsp* ?
...if it *is*
If the hostname is "random" then it's probably a new client that was added in the lab, but not in lts.conf, so the automatic LDM_USERNAME won't work
The user either needs to define LDM_USERNAME explicitly, or set a HOSTNAME, or use a different HOSTNAME_BASE to notify that it's not a "random" hostname
so that would break labs where we've set it up to autologin on ltsp*
And it will fix the aforementioned issue
So on those labs, sysadmins will need to define for example HOSTNAME_BASE=pc
it seems overly complicated
for default behavior, anywys
I've settled with that after getting 10+ times the same issue from IT teachers
feature to enable this new behavior?
They were thinking that xorg was broken because it was constantly restarting
They didn't understand that it was LDM_AUTOLOGIN=True in an unknown client
autologin doesn't handle login failures well at all
generally prefer guestlogin for that reason
And I really don't want to patch LDM for that :) I've decided to settle for those 5 lines, it's only a matter if it'll go in sch-scripts or if you want it in ltsp
np from me
I don't want to invest time in getting ldm to handle autologin/guestlogin gracefully...
i can see the value of solving that issue in LTSP, though i'd like to not break backwards compatibility
How many sysadmins have implemented the "have a user for all the subnet" idea? Maybe four? They'll see that it no longer logs in, and they'll ask here and put HOSTNAME_BASE, end of story :D
no idea how many ... i've seen more than 4 questions on ltsp-discuss, for sure
and there are instructions for configuring such an environment
I feel that those who have been bitten from xorg restarting on unknown clients would be at least 10 times more than that
But again, np from, it's your call
My users will get it from sch-scripts so I don't mind at all
it's a change in defaults, and there's no way to override it ... i guess that's what's frustrating
even adding an additional configuration option to disable/enable the behavior would be good enough from my perspective
(although i'd rather rewrite as a case statement for the matching)
They can put LDM_USERNAME="$HOSTNAME" in lts.conf :)
The case doesn't match digits
case ltsp[0-9]* means any character can follow after the digit
It's not a regexp
a lot more legible, though.
alkisg: having to put LDM_USERNAME in lts.conf for every machine seems way too much.
We can write it as a function in ltsp-common-functions if necessary
Not for every machine
that actually works?
i didn't think it expanded variables
Yup... it also allows running things :)
The curse of eval
needs the "" though?
No no that's just there to prevent globbing
i still would prefer adding an option to enable the behavior, then i'd be fine with ti.
...how would you call such an obscure option?
nah it's not even that
|20:58||* alkisg would prefer the "LDM_USERNAME=auto" syntax there, but you don't like it when our booleans become tristate or strings :D|
OK, and then they would just unset LDM_AUTOLOGIN_EXCLUDE?
(and GUESTLOGIN too?)
or set ...
(10:58:13 μμ) ***alkisg would prefer the "LDM_USERNAME=auto" ==> sorry I meant LDM_AUTOLOGIN=auto there
OK, I can do that, should I have two of them, one for AUTOLOGIN and one for GUESTLOGIN?
that is awkward, isn't it...
I wouldn't want to document those in lts.conf, but they could be documented in the source for those that need that particular use case
"If LDM_AUTOLOGIN=True and LDM_USERNAME/LDM_PASSWORD are not set, then they default to HOSTNAME. If HOSTNAME is also not set, then it is assumed to be an "unknown" client that is not defined in lts.conf, so LDM_AUTOLOGIN is automatically unset. To bypass that protection, set HOSTNAME_BASE="something other than ltsp". The previous paragraph applies for LDM_GUESTLOGIN as well."
That, I could see in lts.conf...
*in the docs
|21:06||ogra_ has left IRC (email@example.com, Ping timeout: 276 seconds)|
Anyway, I leave it up to you to commit it however you like it, or not at all :) Or postpone it for some other time...
|21:07||ogra_ has joined IRC (firstname.lastname@example.org)|
alkisg: clearly, i'm inclined to postpone it indefinitely ... though i see the value in solving the issue somehow
No worries then, let's just leave it in sch-scripts until ltsp 6
At that point it won't even say "LDM_" anymore, so there won't be any compatibility to break
we've certainly postponed a lot for LTSP6 :)
i think we should just jump to 7.
LTSP 6 will break compatibility
And you want to be compatible to ... ltsp 1 :P
i made some effort to be compatible with 4.x, though wasn't set on perfect compatibility
i only got involved when the LTSP5 idea was in development
but LTSP5 should at least be consistant with LTSP5 ... which other people haven't shared my opinion :/
We introduced e.g. 50 more lts.conf variables since ltsp 5.0.0, we could easily have bumped the number to 6 or 7 and tell sysadmins to re-read the lts.conf docs once in a while
reading docs, what arcane magic is that...
alkisg: that would also require writing them :)
It's not like we made a consistent api that we don't want to break, a lot of the variables were introduced after a couple of minutes' thought...
i've done my share of them, i'm sure, but in general, tried not to introduce things that broke compatibility
|21:29||ben_roose has left IRC (email@example.com, Remote host closed the connection)|
|21:40||alkisg is now known as alkisg_away|
|21:47||ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)|
|23:49||ben_roose has joined IRC (firstname.lastname@example.org)|
|23:51||ben_roose has left IRC (email@example.com, Remote host closed the connection)|