[Server-devel] XS server addons

Tue Aug 5 05:16:13 EDT 2008

On Tue, Aug 5, 2008 at 8:07 PM, David Van Assche <dvanassche at gmail.com> wrote:
>  This is bound to be a controversial email, but its a path we have
> chosen to take in order to make the XS server more functional for a
> wider audience:

I find it understandable, but see the notes below

> 1. Install Dansguardian for content filtering

Yup, expected.

> 2. Install Shorewall for trafficshaping, routing and firewalling

Instead of that, I suggest expanding on the fw rules that
/etc/sysconfig/olpc-scripts/network_config creates - they land in the
same directory and they are defaulting to just the NAT entries, so no
firewalling.

If you add good sane fw rules on the WAN if there, then

1 - I'll incorporate them into xs-config :-)
2 - don't have to hack the network startup scripts to remove the part
that reloads rules
3 - you don't have to redo the in step 2 hack with every upgrade - as
xs-config updates will nuke your changes

> 3. Install LDAP server (non encrypted) for centralised authentication

I heavily recommend *against* it. I've done a ton of ldap work, I've
written and/or maintained the ldap plugins in moodle, and rest
assured, *no* LDAP will be part of the XS. There are far better ways
to do this - what do you want to achieve?

If you want email + moodle to all dance in sync, pick which one is master, and

 - Moodle is master: it's easy to config postfix to read Pg database
tables or even views so it reads the live data from Moodle. And the
postfix-pg configuration is easier than the postfix-ldap
configuration, and SQL is infinitely more flexible.

Note: postfix-pg documentation is nonexistent. Use the postfix-mysql
documentation, replacing mysql for pg liberally :-)

 - Postfix is master: configure moodle to use auth/imap or auth/pop3 -
easy as pie.

> 4. Install postfix and courier for email

And a webmail I guess? There are patches (by yours truly) to do SSO
between Squirrelmail and Moodle.

> 5. Install Webmin for overall (internal) gui manipulation of the server...

Ugh! Not recommended and xs-config in its current incarnation is
lilkely to just make a mess of it all. I am not too proud of
xs-config, and Webmin is too horrible for words.

> 6. Install various server monitoring tools

Install whatever tickles your fancy but do install sysstat and make
sure it's logging. If you need help, or can provide load stats, it
will be the sysstat logs that we'll want to look at.

cheers,

m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff