Loading
A Computer Lab with No Windows, Part II
Finishing the lab setup, the benefits of OpenOffice.org and looking to the future.
In Part I of this article, I outlined my reasons for building a Linux terminal server network for my classroom lab. I also began the explanation of how I set up the lab. Here's Part II.
With an Ultra320 SCSI port, we can connect as many as 15 hard drives to the bus. However, SCSI hard drives still are expensive, and it was beyond our budget to buy more than two hard drives. In my design, the second hard drive is for backup purposes only. I did not choose RAID 0 (data stripping for better performance) nor RAID 1 (mirroring), as I wanted to do the data backup manually.
Following a Linux mini how-to I found on hard-disk upgrades, I set up my second drive exactly the same as my first. I did not choose RAID 1 basically due to performance concerns. If RAID 1 is set up, every write (save to hard drive) triggers another write on the mirror disk and more time is needed. As for teaching purposes, my users' (student) data is important but not as critical as business data. Instead of having a second write each time a user saves his or her work on the server, I wrote a simple backup script and placed it under /etc/cron.daily. With it, all users' data is backed up to my second drive at 1:00am.
In order not to overload my Linux terminal server, I set up two more Linux servers, one for Apache and the other for a router and Squid. With the support of the Manitoba Chapter of Computers for Schools, I got two not-very-old servers for $75 each. One is an old Dell dual Pentium Pro server and the other is an IBM Netfinity server. I put 512MB of RAM in the router/Squid server, as I needed more RAM for Squid. With a few commands in iptables, I was able to re-route all Web requests to the Squid server without any setup required on students' workstation:
[root@router root]# cat /sbin/transquid.sh #!/bin/sh # written by C T Leung # November 15, 2002 # for basic NAT function + transparent proxy using squid # add this line to block all ip packets to/from chaos /sbin/route add -host chaos.wsd1.org reject IPTABLES="/sbin/iptables" # iptables binary INTIF="eth0" # internal interface EXTIF="eth1" # external interface # initialization of chains and rules $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F -t nat $IPTABLES -X # delete any chains existing # setting default rules for each flow (in this case, accept everything) $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # adding masquerading function into "nat" chain # with this, all the locals can go out to Internet # through external interface (from internal interface) # at the same time, every connection goes to port 80 # will be redirected to 8080, squid proxy server #$IPTABLES -t nat -A POSTROUTING -s 192.168.1.110/24 -o $EXTIF -j MASQUERADE #$IPTABLES -I INPUT -s chaos.wsd1.org -j DROP echo 1 > /proc/sys/net/ipv4/ip_forward # to enable ip_forward by assigning 1 $IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 8080 # listing the chains and rules set by above lines $IPTABLES -L $IPTABLES -t nat -L
Most of the common programming languages, such as shell scripts, C and C++, are included in the LTSP download. If you want to have the latest Java development environment installed, however, you can download your choice of Java SDK from Sun and install it. Sun offers Java SDKs in both source as well as binary code. After installation, you might want to add a path to /opt/ltsp/i386/etc/lts.conf so any user can have access to the language. Here is mine configuration file as an example:
#
# Config file for the Linux Terminal Server Project (www.ltsp.org)
#
# See lts.conf.readme for a description of each configuration item
#
[Default]
SERVER = 192.168.1.253
XSERVER = auto
X_MOUSE_PROTOCOL = "PS/2"
X_MOUSE_DEVICE = "/dev/psaux"
X_MOUSE_RESOLUTION = 400
X_MOUSE_BUTTONS = 2
X_USBMOUSE_PROTOCOL= "IMPS/2"
X_USBMOUSE_DEVICE = "/dev/input/mice"
X_USBMOUSE_BUTTONS = 3
X_USBMOUSE_RESOLUTION = 400
# Keyboards
XkbSymboles = "us(pc101)"
XkbModel = "pc101"
XkbLayout = "us"
USE_XFS = N
LOCAL_APPS = N
RUNLEVEL = 5
PATH=./:/usr/java/j2sdk1.4.1_01/bin/java:$PATH
In the final line of the config file, I added a current path (./) as well as the path for all the binary, such as JavaC and Java for every user.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Designing Electronics with Linux
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- Validate an E-Mail Address with PHP, the Right Way
- Build a Skype Server for Your Home Phone System
- Tech Tip: Really Simple HTTP Server with Python
- Why Python?
- A Topic for Discussion - Open Source Feature-Richness?
- Not free anymore
3 hours 25 min ago - Great
7 hours 13 min ago - Reply to comment | Linux Journal
7 hours 21 min ago - Understanding the Linux Kernel
9 hours 35 min ago - General
12 hours 5 min ago - Kernel Problem
22 hours 8 min ago - BASH script to log IPs on public web server
1 day 2 hours ago - DynDNS
1 day 6 hours ago - Reply to comment | Linux Journal
1 day 6 hours ago - All the articles you talked
1 day 9 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
Re: A Computer Lab with No Windows, Part II
Adding . to PATH:
PATH=./:/usr/java/j2sdk1.4.1_01/bin/java:$PATH
is not secure. E.g., I can create an executable 'ls' in my directory, and trick you into cd'ing to my directory and typing 'ls'. Then you get my version of 'ls' which can do whatever I want, with your permissions.
Re: A Computer Lab with No Windows, Part II
First off, This system seems pretty effective, great use of resources.
I recognize that this could pick up a command in a local directory, but does the shell look for commands from left to right in the PATH variable? So if "ls" is at /bin and ., and "PATH=/bin:." then it will grab the one from /bin first right?
After closer inspection, I noticed the example has it the other way.
Re: A Computer Lab with No Windows, Part II
Just tell me, how often you mistype "ls" and write
sl -la
ls- la
ls-l a
each of these could be a "trojan" planted in a search path
Re: A Computer Lab with No Windows, Part II
PATH is searched until it finds a match. So, yes, order matters. In the example you've provided, any matches in /bin will go before ./. If you put ./ first, you're asking for trouble.
If you must have ./ in your path, it should come at the end. But it might be better to just specify the /full/path/to/executable, or drop your executables into /usr/local/bin (or other suitable place).
Re: A Computer Lab with No Windows, Part II
It is not safe to have ./ last in the path. It only takes a little more to compromise. What you do is instead of creating an executable file ls you creat all files wich is typical misspelling of ls and is not a command in the path. You could creat an executable calles la for example and if a user types in la instead of ls in that directory he will run your script instead of what he thought he would. How many times have you not misspelld a command.
One other downside with having ./ in path is that you might belive you are running a command in the current directroy but you are not. A god example is test. If you just going to test something what better name to call the executable then test. So you creat the test in your home dir and the you run the command "test". Just to se that it does nothing. No matter what you do with that executable it still do nothing. Just because you are not running that executable you are runing /usr/bin/test wich with no arument does nothing. I know bean there done that. This /usr/bin/test is problebly installed an all Linux machines. So I think manny people fall in this trap.
If you do not have ./ in youre path the you just simple have to put ./ before youre command when you want to run something in the current dir. So to run my test executable I would have typed "./test" and then my test and not the one in the /usr/bin/test would have been executed and I would have been a much happier human with better thinks to do that writing long misspelled comment abouth why ./ in path is not so great idea.
/Ryz
Re: A Computer Lab with No Windows, Part II
"In fact, with my old terminal server, I have to set Icewin (a lightweight X manager) as my default desktop manager and put GNOME and KDE off-line."
I'm sure you wanted to say IceWM instead of Icewin.
And, yes, IceWM (http://www.icewm.org) it's a great window manager. Combined with Rox (http://rox.sourceforge.net) it realy rulz.