<br><font size=2 face="sans-serif">Greg,</font>
<br><font size=2 face="sans-serif">I updated your Wiki directly in a few
places, hope you don't mind.</font>
<br>
<br><font size=2 face="sans-serif">As for your question if Apache hosts
only Moodle or something else. Here's how I set it up on my test
system.</font>
<br>
<br><font size=2 face="sans-serif">/var/www/html/
<--- this is the high level directory. </font>
<br><font size=2 face="sans-serif">/var/www/html/index.php <---
this is the default home page. If I do a "http://192.168.0.77"
that is what shows up.</font>
<br><font size=2 face="sans-serif">/var/www/html/moodle <---
this is moodles directory</font>
<br><font size=2 face="sans-serif">/var/www/html/moodle/index.php
<-- this is the Moodle home page</font>
<br>
<br><font size=2 face="sans-serif">In this way, index.php can be some kind
of identifier front page, in English and Nepali. In other words,</font>
<br><font size=2 face="sans-serif">half the screen is in English, and other
half in Nepali, and so anyone can use it.</font>
<br>
<br><font size=2 face="sans-serif"> Welcome
to the OLPC School Server! (English)
Welcome to OLPC School Server (Napali)</font>
<br>
<br><font size=2 face="sans-serif">
Click here for Moodle
Click here for Moodle(Nepali)</font>
<br><font size=2 face="sans-serif">
Click here for Nepal Library Server
Click here
for Nepal Library Server(Nepali)</font>
<br><font size=2 face="sans-serif">
Click here for ....
etc.</font>
<br>
<br><font size=2 face="sans-serif">Then, I think the key would be to update
the default webpage on the XO laptop to allow for an option</font>
<br><font size=2 face="sans-serif">to connect to this server.</font>
<br>
<br><font size=2 face="sans-serif">Laptops or other machines at the school
could access the webpage also.
</font>
<br>
<br><font size=2 face="sans-serif">Thanks <br>
</font>
<table>
<tr>
<td><img src=cid:_1_06EB76D806EB731C00077F4B072573EA>
<tr>
<td><font size=1><br>
</font>
<table>
<tr>
<td><img src=cid:_2_05213A340521367800077F4B072573EA>
<td><font size=1 color=#0060a0 face="Microsoft Sans Serif"><b>Tony Pearson</b></font><font size=1 face="Microsoft Sans Serif"><br>
Senior Storage Consultant, IBM System Storage™<br>
Telephone: +1 520-799-4309 | tie 321-4309 | Cell: +1 520 990-8669<br>
email: tpearson@us.ibm.com | GSA: http://tucgsa.ibm.com/~tpearson<br>
Blog: http://www.ibm.com/developerworks/blogs/page/InsideSystemStorage
AKA: 990tony Paravane, eightbar specialist </font></table>
<br>
<tr>
<td><img src=cid:_1_052144A0052140E400077F4B072573EA></table>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>server-devel-request@lists.laptop.org</b>
</font>
<br><font size=1 face="sans-serif">Sent by: server-devel-bounces@lists.laptop.org</font>
<p><font size=1 face="sans-serif">02/07/2008 10:32 PM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
server-devel@lists.laptop.org</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">server-devel@lists.laptop.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Server-devel Digest, Vol 10, Issue 12</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2>Send Server-devel mailing list submissions to<br>
server-devel@lists.laptop.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
http://lists.laptop.org/listinfo/server-devel<br>
or, via email, send a message with subject or body 'help' to<br>
server-devel-request@lists.laptop.org<br>
<br>
You can reach the person managing the list at<br>
server-devel-owner@lists.laptop.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Server-devel digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Thoughts on redundancy (Bryan Berry)<br>
2. Re: Thoughts on redundancy (Martin Langhoff)<br>
3. Nepal project plan and requirements updated<br>
(Greg Smith (gregmsmi))<br>
4. Git checkouts for the XS (Martin Langhoff)<br>
5. ejabberd crash (John Watlington)<br>
6. Re: Git checkouts for the XS (John Watlington)<br>
7. Re: Git checkouts for the XS (John Watlington)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 07 Feb 2008 15:28:42 -0500<br>
From: Bryan Berry <bryan.berry@gmail.com><br>
Subject: Re: [Server-devel] Thoughts on redundancy<br>
To: server-devel@lists.laptop.org<br>
Message-ID: <1202416122.7064.34.camel@dell.linuxdev.us.dell.com><br>
Content-Type: text/plain<br>
<br>
Tony,<br>
<br>
Great ideas on redundancy. I have put them on the wiki<br>
<br>
http://wiki.laptop.org/go/Nepal:Redundancy<br>
<br>
Here are some ideas I have on the questions you raised<br>
<br>
> LS fails -- students have access to local activities, XS moodle ><br>
lessons,<br>
> and internet, and whatever LS content cached on XS server<br>
<br>
We could run a script ahead of the first day of school that locally<br>
caches the library content on the XS. There likely will be some but not<br>
a ton of content on the library by April 13th (first day of school).<br>
<br>
Also, we should have a live back up Library Server that mirrors the<br>
production library server<br>
<br>
> ISP fails -- students have access to local activities, XS moodle<br>
> lessons, and whatever LS/Internet cached content on XS server<br>
What is ISP providing for "Service Level
Agreement". Can they<br>
> resolve this in a single day or two?<br>
<br>
The ISP's in Nepal are actually pretty reliable. ISP access will likely<br>
be donated along w/ volunteer support. They should be able to resolve<br>
issues quickly __for this pilot__. For broader implementation we will<br>
need service level agreements and dedicated support, be it volunteer or<br>
paid.<br>
<br>
<br>
An issue that I am concerned about: What if the mesh network crashes? I<br>
heard this happened in Mongolia and it is still not totally resolved. We<br>
need a way to fall back to non-mesh networking very quickly.<br>
<br>
> AA1 fails<br>
<br>
Don't know how many clients an active antenna can support. Need to<br>
figure that out<br>
<br>
<br>
<br>
<br>
<br>
<br>
> ----------------------------------------------------------------------<br>
> <br>
> Message: 1<br>
> Date: Tue, 5 Feb 2008 18:55:55 -0700<br>
> From: Tony Pearson <tpearson@us.ibm.com><br>
> Subject: Re: [Server-devel] Server-devel Digest, Vol 10, Issue 8<br>
> To: server-devel@lists.laptop.org<br>
> Message-ID:<br>
> <br>
> <OF18EBB7C5.4DC4F92E-ON072573E7.00064E19-072573E7.000A9B65@us.ibm.com><br>
> Content-Type: text/plain; charset="us-ascii"<br>
> <br>
> Barry,<br>
> Here are my thoughts on redundancy. The basic heuristics is
as follows:<br>
> <br>
> (a) Determine the minimum setup and identify all components that can<br>
> fail individually.<br>
> (b) For each failure, what would be the impact to the entire system.<br>
> (c) Determine an N+1 or N+2 configuration that might address the<br>
> concern.<br>
> <br>
> Let's assume that:<br>
> The LS (Library Server) is not located at the school, but somewhere
else<br>
> in the country, or hosted by the ISP itself.<br>
> There is a single ISP provider, who provides a single line to the
school<br>
> that carries the internet signal.<br>
> The ISP provides a single RJ45 terminal cable, which can be connected
to<br>
> a Hub or XS server A single four-port hub/Wifi router, which allows<br>
> laptop use, network printer, or other servers.<br>
> The School has a single XS server, two USB ports, two Active Antenna,<br>
> and that each antenna handles maximum 100 XO laptops The WiFi router
is<br>
> WEP-protected so that only teachers/principals/guests have access,
all<br>
> students on mesh-only There are 200 laptops, at least one per student
or<br>
> teacher.<br>
> <br>
> LS----(ISP)---Hub----XS----AA1- - - - - XO1, XO2, ... XO100<br>
>
----AA2- - - - - XO101, XO102, ... XO200<br>
> <br>
> Failure scenarios:<br>
> <br>
> LS fails -- students have access to local activities, XS moodle lessons,<br>
> and internet, and whatever LS content cached on XS server<br>
> Is that a problem? If there is a
central LS for all of Nepal,<br>
> they should consider a secondary LS server.<br>
> Resolution: Perhaps have some LS
content permanently on a local<br>
> server, either on XS or other, in event central LS is down<br>
> <br>
> ISP fails -- students have access to local activities, XS moodle<br>
> lessons, and whatever LS/Internet cached content on XS server<br>
> What is ISP providing for "Service
Level Agreement". Can they<br>
> resolve this in a single day or two?<br>
> Resolution: class might continue without
internet access. Some<br>
> lessons might be impacted that involve LS or Internet access.<br>
> <br>
> Hub fails -- students lose access to LS and internet. Teachers
lose<br>
> access to WiFi.<br>
> Resolution: XS could be connected directly
to ISP until new Hub<br>
> replacement made available. Students continue as before.<br>
> <br>
> XS fails -- students lose access to LS, Internet and XS moodle. Can<br>
> they <br>
> mesh with each other? They can continue using activities on
their XO.<br>
> The XS failure could be either the disk
drive itself fails, or<br>
> something else on the system that prevents it from running.<br>
> Resolution: it would seem that best option
is multiple XS<br>
> servers, and perhaps mirrored disk data between the two systems.<br>
> <br>
> AA1 fails -- If one Active Antenna fails, the other Active Antenna
will<br>
> not be able to handle the total 200 XO laptops. Do we know how<br>
> many XO laptops an active antenna can
support?<br>
> If AA1 was for second graders, and AA2
was for sixth graders,<br>
> then perhaps only one grade impacted.<br>
> Resolution: Having an AA3 would
mean that any one antenna<br>
> failure, the remaining two antenna can handle the workload<br>
> <br>
> XO (teacher) fails -- An individual teacher is impacted. For
N<br>
> teachers, <br>
> you should consider N+1 XO laptops, with one or more spare<br>
> to handle this situation. The teacher
XO would be enabled for<br>
> WiFi-WEP key and have whatever extra software was needed on them.<br>
> In lieu of an XO, the teacher could have
a full PC running QEMU<br>
> emulating the XO image, in the event it takes long to repair the<br>
> original XO.<br>
> <br>
> XO (student) fails -- An individual student forgets his XO at home,<br>
> breaks it, or whatever. Too bad. Student looks over shoulder
of<br>
> a fellow student. Alternatively,
have a few XO student laptops<br>
> that can be swapped out with the broken one while the broken<br>
> one is getting repaired. Student
would lose any work unless it<br>
> was backed up to XS server.<br>
> <br>
> Here is an alternative with some redundancy built in:<br>
> <br>
> LS1----(ISP)----Hub------------------------------------------Hub<br>
> LS2 XS----AA1, AA2, AA3<br>
> <br>
> In this case, we have two Library Servers in the central location,
and<br>
> the ISP or the LS-folks handle this so that they are properly available<br>
> if one or the other is down.<br>
> <br>
> Alternatives for disk failure can include a LiveCD+USB stick. In
this<br>
> case, if the disk fails, you boot from a LiveCD, and the USB stick
has<br>
> all the modified values (conf files, IP settings, etc).<br>
> Depending on the size of the USB stick, could contain critical backups<br>
> of Moodle lesson plans, etc.<br>
> There are also ways to have a "Boot from USB stick" that
can then have<br>
> either all the modifications needed, or a second USB with the modified<br>
> values.<br>
> <br>
> Fedora 7 uses Linux LVM, and I suspect this level of LVM supports
disk<br>
> mirroring, which makes updates to two disks at the same time. In
the<br>
> event a single disk fails, the other disk would be used. That
needs to<br>
> be investigated. In this case, there would be two disks inside
one<br>
> server, containing identical information.<br>
> <br>
> Three Active Antenna would handle 300 laptops, so losing one can still<br>
> handle the 200 XO laptops expected.<br>
> A second hub provides wider WiFi access, more ports for<br>
> peripherals/printers, etc. In the event a hub fails, the other
one can<br>
> be connected in its place.<br>
> <br>
> For this to work, you need an XS server with at least 3 USB ports.<br>
> <br>
> Another alternative:<br>
> LS1----(ISP)----Hub------------------------------------------Hub<br>
> XS1----AA1,
AA2
XS2----AA3,<br>
> <br>
> AA4<br>
> LS2-Local<br>
> <br>
> In this example, LS2 is a local version or subset of LS1, in the event<br>
> the internet or LS1 is down, the LS2 can be used instead.<br>
> <br>
> There can be two XS servers. XS1 for second graders, XS2 for
sixth<br>
> graders. In the event either one is down, all students can use
the<br>
> remaining XS server. Each AA can handle 100 XO laptops, so assuming
100<br>
> second graders and 100 sixth graders, then this setup can handle loss
of<br>
> any two active antenna and still be able to handle all students, and<br>
> provide room for growth. XS1 and XS2 would send backups to each
others<br>
> databases to each other as needed, and if needed, an XS could handle
the<br>
> databases of both sets of students, and possibly have separate Moodle's<br>
> on single Apache instance.<br>
> <br>
> XS1 could backup to XS2 and vice versa. This can be scheduled
with CRON<br>
> and SCP. <br>
> Alternatively, LS2 could double as the backup server, with XS1 and
XS2<br>
> sending backups to LS2.<br>
> <br>
> <br>
> <br>
> <br>
> Tony Pearson<br>
> (IBM)<br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL:<br>
> http://lists.laptop.org/pipermail/server-devel/attachments/20080205/38f0<br>
> fe7c/attachment-0001.htm <br>
> <br>
> ------------------------------<br>
> <br>
> <br>
> ------------------------------<br>
> <br>
> _______________________________________________<br>
> Server-devel mailing list<br>
> Server-devel@lists.laptop.org<br>
> http://lists.laptop.org/listinfo/server-devel<br>
> <br>
> <br>
> End of Server-devel Digest, Vol 10, Issue 10<br>
> ********************************************<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 8 Feb 2008 09:59:21 +1300<br>
From: "Martin Langhoff" <martin.langhoff@gmail.com><br>
Subject: Re: [Server-devel] Thoughts on redundancy<br>
To: "Bryan Berry" <bryan.berry@gmail.com><br>
Cc: server-devel@lists.laptop.org<br>
Message-ID:<br>
<46a038f90802071259lb403003l1fb31c66fb4fa857@mail.gmail.com><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
On Feb 8, 2008 9:28 AM, Bryan Berry <bryan.berry@gmail.com> wrote:<br>
> Great ideas on redundancy. I have put them on the wiki<br>
><br>
> http://wiki.laptop.org/go/Nepal:Redundancy<br>
<br>
So far the thinking around XS redundancy seems to have been about<br>
recovering after a disastrouos XS failure -- in other words, having<br>
solid backups "upstream" and an easy restore procedure. I think
that's<br>
the main thing we have to address ATM.<br>
<br>
HA-oriented redundancy is expensive and technically hard to get right.<br>
And different locations will have different failure scenarios. IMHO,<br>
there's a more valuable payoff in focussing on recovery. The laptops<br>
are independent enough that if the XS is down for a few days things<br>
should tick right along (without the XS services, of course).<br>
<br>
As much as I love the XS, we really want to avoid being XS-centric, or<br>
too XS-dependent...<br>
<br>
cheers,<br>
<br>
<br>
<br>
m<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 7 Feb 2008 17:04:37 -0500<br>
From: "Greg Smith (gregmsmi)" <gregmsmi@cisco.com><br>
Subject: [Server-devel] Nepal project plan and requirements updated<br>
To: <server-devel@lists.laptop.org><br>
Message-ID:<br>
<B02C78B842B89E448937F82241C96A2B046E1FD4@xmb-rtp-20c.amer.cisco.com><br>
Content-Type: text/plain;
charset="US-ASCII"<br>
<br>
Hi All,<br>
<br>
The Nepal project plan and school server specification Wiki pages have<br>
been updated. <br>
See:<br>
http://wiki.laptop.org/go/Nepal#Planning<br>
<br>
We need to pick the XS server image we will deploy ASAP. Teacher<br>
training starts April 1!<br>
<br>
Will there be another XS server image blessed by OLPC beyond<br>
OLPC_XS_150.iso in the next few weeks?<br>
<br>
One open question is the status of single sign on. <br>
<br>
I see three options:<br>
1 - Don't use it in phase 1<br>
2 - Use one of the proposed work arounds. See Single Sign On section at:<br>
http://wiki.laptop.org/go/Nepal:School_Server_Specification#Requirements<br>
_Not_Specific_to_a_Core_Software_Module_<br>
3 - Use some other OLPC developed solution. (Bitfrost?)<br>
<br>
Let me know if option 3 has a chance to make a new build or if we should<br>
focus on the first two for now.<br>
<br>
Any other comments on the which of the listed requirements are addressed<br>
in which XS server build are appreciated.<br>
<br>
Also, clarifications, additions and suggestions are welcome. I will try<br>
to improve the formatting and add detail regularly.<br>
<br>
For the Nepal team,<br>
<br>
After we lock down SSO strategy, what do you want to focus on next? I<br>
think we should switch from design to implementation in less than two<br>
weeks. Hot topics we could try to flush out include:<br>
- Moodle design and usage<br>
- Backup and reliability, including storage and network aspects<br>
- Caching and filtering<br>
- Localization<br>
Something else?<br>
<br>
Pick an area and we'll try to suggest and help implement a design ASAP.<br>
<br>
Thanks,<br>
<br>
Greg Smith<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Fri, 8 Feb 2008 11:46:02 +1300<br>
From: "Martin Langhoff" <martin.langhoff@gmail.com><br>
Subject: [Server-devel] Git checkouts for the XS<br>
To: server-devel <server-devel@lists.laptop.org>, wad@laptop.org,
"<br>
Ivan Krsti? " <ivan@laptop.org><br>
Message-ID:<br>
<46a038f90802071446r661f489q374c0e81ac23efaa@mail.gmail.com><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Cloned some key git checkouts and have been reading through the recent<br>
changelogs last night -<br>
<br>
xs-callhome/<br>
xs-config/<br>
xs-livecd/<br>
xs-pkgs/<br>
security/<br>
ds-backup/<br>
<br>
is there anything I am missing? Initially, am looking at<br>
<br>
- adding the relevantdependencies for moodle and mediawiki<br>
- some postinst scripts or "configuration" packages to edit
apache's<br>
configuration for tuning to the available resources<br>
- a basic moodle package and mediawiki package (more work on moodle<br>
and mw to follow)<br>
- trying to understand where the security infrastructure is at, and<br>
how can apache of the XS get some identity information from the XO<br>
clients, the bitfrost way if possible, kludging it somehow if not...<br>
<br>
cheers,<br>
<br>
<br>
m<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Thu, 7 Feb 2008 21:26:35 -0500<br>
From: John Watlington <wad@laptop.org><br>
Subject: [Server-devel] ejabberd crash<br>
To: Robert McQueen <robert.mcqueen@collabora.co.uk>,<br>
olpc@collabora.co.uk<br>
Cc: server-devel@lists.laptop.org<br>
Message-ID: <CAAEECCA-E6BF-4D36-A5FF-90D1554FE5D4@laptop.org><br>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed<br>
<br>
<br>
ejabberd decided to eat its database again, on schoolserver.laptop.org<br>
(http://dev.laptop.org/ticket/6365)<br>
<br>
The error (from sasl.log) is:<br>
Error reading Mnesia database<br>
<br>
A number of laptops (25 or so) were registered with <br>
schoolserver.laptop.org today.<br>
<br>
Any recommendations on how to recover without nuking the<br>
database ? Any Mnesia experts out there ?<br>
<br>
And a relevant question: what will telepathy do in this case ? Will
<br>
it automatically<br>
re-register if a laptop's jabber account is deleted ?<br>
<br>
wad<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Thu, 7 Feb 2008 22:07:57 -0500<br>
From: John Watlington <wad@laptop.org><br>
Subject: Re: [Server-devel] Git checkouts for the XS<br>
To: "Martin Langhoff" <martin.langhoff@gmail.com><br>
Cc: server-devel <server-devel@lists.laptop.org>, Ivan Krsti?<br>
<ivan@laptop.org><br>
Message-ID: <8C15203C-012D-4ECC-B69C-6316F5657E9C@laptop.org><br>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed<br>
<br>
<br>
On Feb 7, 2008, at 5:46 PM, Martin Langhoff wrote:<br>
<br>
> Cloned some key git checkouts and have been reading through the recent<br>
> changelogs last night -<br>
><br>
> xs-callhome/<br>
A crusty turd best ignored (tunelling over ssh to allow access to <br>
servers behind NATs)<br>
<br>
> xs-config/<br>
> xs-livecd/<br>
> xs-pkgs/<br>
<br>
These are the core of the schoolserver build. One to gather the <br>
packages, one<br>
to configure them, and one to package them onto a self-installing CD.<br>
<br>
> security/<br>
<br>
Currently not used on the schoolserver. I was letting the security
<br>
implementation<br>
mature on the laptop before stealing it for the school server. I
<br>
think it is still<br>
maturing too quickly.<br>
<br>
> ds-backup/<br>
<br>
Let Ivan finish this before reviewing/using.<br>
<br>
> is there anything I am missing? Initially, am looking at<br>
><br>
> - adding the relevant dependencies for moodle and mediawiki<br>
To xs-pkgs<br>
<br>
> - some postinst scripts or "configuration" packages
to edit apache's<br>
> configuration for tuning to the available resources<br>
To xs-config<br>
<br>
> - a basic moodle package and mediawiki package (more work on
moodle<br>
> and mw to follow)<br>
<br>
These can be added to the repositories on xs-dev. We can exchange
<br>
account<br>
info in separate email. In the meantime, you can redirect the <br>
kickstart script in<br>
xs-livecd to include your own repositories, or to a local mirror of <br>
ours which includes<br>
your new packages.<br>
<br>
> - trying to understand where the security infrastructure is
at, and<br>
> how can apache of the XS get some identity information from the XO<br>
> clients, the bitfrost way if possible, kludging it somehow if not...<br>
<br>
The school server's current identity model is that a child is <br>
represented by their laptop.<br>
The username is the laptop serial number (guaranteed unique), the <br>
password is the<br>
laptop UUID (large, random, and never exposed). Authentications
<br>
other than disaster<br>
recovery use a public/private key pair, which is generated when a <br>
user first opens a laptop.<br>
Other IDs include a hash of the public key (IIRC) used by the <br>
presence (ejabberd) service<br>
to represent a user. There is also a nickname, which is not <br>
guaranteed to be unique<br>
within a school but is nonetheless used in our UI.<br>
<br>
There is no security infrastructure currently. Even SELinux is <br>
turned off in the interest<br>
of making things work. A student could theoretically access a <br>
school server, but<br>
they would have to know to use their serial number as the username.<br>
<br>
wad<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Fri, 8 Feb 2008 00:32:46 -0500<br>
From: John Watlington <wad@laptop.org><br>
Subject: Re: [Server-devel] Git checkouts for the XS<br>
To: Martin Langhoff <martin.langhoff@gmail.com><br>
Cc: server-devel <server-devel@lists.laptop.org>, Ivan Krsti?<br>
<ivan@laptop.org><br>
Message-ID: <76F5F838-7C34-4759-B2A7-95AB2D70D4B4@laptop.org><br>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed<br>
<br>
<br>
You forgot the idmgr package. See:<br>
http://wiki.laptop.org/go/XS_Software_Repositories<br>
<br>
wad<br>
<br>
On Feb 7, 2008, at 10:07 PM, John Watlington wrote:<br>
<br>
> On Feb 7, 2008, at 5:46 PM, Martin Langhoff wrote:<br>
><br>
>> Cloned some key git checkouts and have been reading through the
<br>
>> recent<br>
>> changelogs last night -<br>
>><br>
>> xs-callhome/<br>
> A crusty turd best ignored (tunelling over ssh to allow access to
<br>
> servers behind NATs)<br>
><br>
>> xs-config/<br>
>> xs-livecd/<br>
>> xs-pkgs/<br>
><br>
> These are the core of the schoolserver build. One to gather
the <br>
> packages, one<br>
> to configure them, and one to package them onto a self-installing
CD.<br>
><br>
>> security/<br>
><br>
> Currently not used on the schoolserver. I was letting the security
<br>
> implementation<br>
> mature on the laptop before stealing it for the school server.
I <br>
> think it is still<br>
> maturing too quickly.<br>
><br>
>> ds-backup/<br>
><br>
> Let Ivan finish this before reviewing/using.<br>
><br>
>> is there anything I am missing? Initially, am looking at<br>
>><br>
>> - adding the relevant dependencies for moodle and mediawiki<br>
> To xs-pkgs<br>
><br>
>> - some postinst scripts or "configuration" packages
to edit apache's<br>
>> configuration for tuning to the available resources<br>
> To xs-config<br>
><br>
>> - a basic moodle package and mediawiki package (more work
on moodle<br>
>> and mw to follow)<br>
><br>
> These can be added to the repositories on xs-dev. We can exchange
<br>
> account<br>
> info in separate email. In the meantime, you can redirect the
<br>
> kickstart script in<br>
> xs-livecd to include your own repositories, or to a local mirror of
<br>
> ours which includes<br>
> your new packages.<br>
><br>
>> - trying to understand where the security infrastructure
is at, and<br>
>> how can apache of the XS get some identity information from the
XO<br>
>> clients, the bitfrost way if possible, kludging it somehow if
not...<br>
><br>
> The school server's current identity model is that a child is <br>
> represented by their laptop.<br>
> The username is the laptop serial number (guaranteed unique), the
<br>
> password is the<br>
> laptop UUID (large, random, and never exposed). Authentications
<br>
> other than disaster<br>
> recovery use a public/private key pair, which is generated when a
</font></tt>
<br><tt><font size=2>> user first opens a laptop.<br>
> Other IDs include a hash of the public key (IIRC) used by the <br>
> presence (ejabberd) service<br>
> to represent a user. There is also a nickname, which is not
<br>
> guaranteed to be unique<br>
> within a school but is nonetheless used in our UI.<br>
><br>
> There is no security infrastructure currently. Even SELinux
is <br>
> turned off in the interest<br>
> of making things work. A student could theoretically access
a <br>
> school server, but<br>
> they would have to know to use their serial number as the username.<br>
><br>
> wad<br>
><br>
<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Server-devel mailing list<br>
Server-devel@lists.laptop.org<br>
http://lists.laptop.org/listinfo/server-devel<br>
<br>
<br>
End of Server-devel Digest, Vol 10, Issue 12<br>
********************************************<br>
</font></tt>
<br>