A Computer Lab with No Windows, Part II

by C T Leung

In Part I of this article, I outlined my reasons for building a Linux terminal server network for my classroom lab. I also began the explanation of how I set up the lab. Here's Part II.

Why Two Hard Drives

With an Ultra320 SCSI port, we can connect as many as 15 hard drives to the bus. However, SCSI hard drives still are expensive, and it was beyond our budget to buy more than two hard drives. In my design, the second hard drive is for backup purposes only. I did not choose RAID 0 (data stripping for better performance) nor RAID 1 (mirroring), as I wanted to do the data backup manually.

Following a Linux mini how-to I found on hard-disk upgrades, I set up my second drive exactly the same as my first. I did not choose RAID 1 basically due to performance concerns. If RAID 1 is set up, every write (save to hard drive) triggers another write on the mirror disk and more time is needed. As for teaching purposes, my users' (student) data is important but not as critical as business data. Instead of having a second write each time a user saves his or her work on the server, I wrote a simple backup script and placed it under /etc/cron.daily. With it, all users' data is backed up to my second drive at 1:00am.

Two More Linux Servers Are Needed

In order not to overload my Linux terminal server, I set up two more Linux servers, one for Apache and the other for a router and Squid. With the support of the Manitoba Chapter of Computers for Schools, I got two not-very-old servers for $75 each. One is an old Dell dual Pentium Pro server and the other is an IBM Netfinity server. I put 512MB of RAM in the router/Squid server, as I needed more RAM for Squid. With a few commands in iptables, I was able to re-route all Web requests to the Squid server without any setup required on students' workstation:


[root@router root]# cat /sbin/transquid.sh
#!/bin/sh

# written by C T Leung
# November 15, 2002
# for basic NAT function + transparent proxy using squid

# add this line to block all ip packets to/from chaos

/sbin/route add -host chaos.wsd1.org reject


IPTABLES="/sbin/iptables"       # iptables binary
INTIF="eth0"                    # internal interface
EXTIF="eth1"                    # external interface

# initialization of chains and rules
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -X    # delete any chains existing

# setting default rules for each flow (in this case, accept everything)
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

# adding masquerading function into "nat" chain
# with this, all the locals can go out to Internet
# through external interface (from internal interface)
# at the same time, every connection goes to port 80
# will be redirected to 8080, squid proxy server

#$IPTABLES -t nat -A POSTROUTING -s 192.168.1.110/24 -o $EXTIF -j
MASQUERADE
#$IPTABLES -I INPUT -s chaos.wsd1.org -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward  # to enable ip_forward by
assigning 1
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT
--to-port 8080
# listing the chains and rules set by above lines
$IPTABLES -L
$IPTABLES -t nat -L


Computer Programming with Shell Scripts, C/C++, Java and CGI

Most of the common programming languages, such as shell scripts, C and C++, are included in the LTSP download. If you want to have the latest Java development environment installed, however, you can download your choice of Java SDK from Sun and install it. Sun offers Java SDKs in both source as well as binary code. After installation, you might want to add a path to /opt/ltsp/i386/etc/lts.conf so any user can have access to the language. Here is mine configuration file as an example:


#
# Config file for the Linux Terminal Server Project (www.ltsp.org)
#
# See lts.conf.readme for a description of each configuration item
#
[Default]
        SERVER             = 192.168.1.253
        XSERVER            = auto
        X_MOUSE_PROTOCOL   = "PS/2"
        X_MOUSE_DEVICE     = "/dev/psaux"
        X_MOUSE_RESOLUTION = 400
        X_MOUSE_BUTTONS    = 2
        X_USBMOUSE_PROTOCOL= "IMPS/2"
        X_USBMOUSE_DEVICE  = "/dev/input/mice"
        X_USBMOUSE_BUTTONS = 3
        X_USBMOUSE_RESOLUTION = 400

# Keyboards
        XkbSymboles        = "us(pc101)"
        XkbModel           = "pc101"
        XkbLayout          = "us"

        USE_XFS            = N
        LOCAL_APPS         = N
        RUNLEVEL           = 5
        PATH=./:/usr/java/j2sdk1.4.1_01/bin/java:$PATH


In the final line of the config file, I added a current path (./) as well as the path for all the binary, such as JavaC and Java for every user.

The OpenOffice.org Issue

OpenOffice.org is a great package that consists of Writer, Calc, Impress and some other graphic utilities. From my experience, OpenOffice.org is 100% compatible with Microsoft Office. I use them both on a daily basis. I use Writer for all my word processing, and it can read MS Word files and save any document in Word format. I use Calc to store and process all my students' marks, and I use Impress for presentations. Impress is a great package that can read any PowerPoint file. In addition, all presentations made in Impress are saved in PowerPoint format by default. OpenOffice.org is so efficient, in fact, that students from other classes coming to my lab for the sole purpose of printing out their work in Microsoft formats. They say they like my lab because the server is always up and the printer works seamlessly all the time.

Students can bring in their work either on a disk--I enable local disk access--or downloaded from an external FTP server. I control my printer with lpc, thus the simple command lpc enable all turns the print spool on and lpc disable all turns off the print spool. Before they can print anything, they have to obtain approval from me, thus eliminating unnecessary print jobs.

Before I put the new Xeon server on-line, I simply pulled the whole OpenOffice.org package off the menu option, as it requires a lot of server resources. In fact, with my old terminal server, I have to set Icewin (a lightweight X manager) as my default desktop manager and put GNOME and KDE off-line.

With my new dual Xeon server, I have 1024x768, 16-bit color resolution, KDE, GNOME and OpenOffice.org on-line for every student in my lab.

Performance Comparison between LTSP and Windows

The new dual Xeon server, with 2 2.4GHz CPUs, 4GB of RAM and an Ultra320 SCSI hard drive (no RAID), supports 28 diskless workstations smoothly. After entering the user's password, it takes about seven seconds to load up a KDE desktop. It takes about five seconds to load Writer, Calc or Impress. In order to have the same performance in a Microsoft environment, each workstation would need, at minimum, a 2.0GHz CPU, 512 MB of RAM and a SATA drive.

With only 512MB of RAM on my Squid/router server, most students agree that we have the best Web access in the whole school building. In fact, many students from other classes come to my lab for Web surfing during their lunch breaks.

I believe the Linux terminal server network is, in fact, the best environment for teaching computer programming, operating systems and networking. The shell offers an introduction to operating systems and basic programming skills (simple shell scripts). With a rich library of TCP/IP dæmons and clients, Linux also is the perfect platform for teaching networking. Even though it might be a bit more difficult to start, using text-based command-line input instead of drag-and-drop, most students agree they understand concepts of networking and TCP/IP much more thoroughly when Linux is taught. Many graduates who now are studying at the university/college level said they are considerably farther ahead than their classmates who have exposure only to Windows.

Before I switched my lab to the present Linux terminal server setup, it was sometimes hard to run Java applets for testing on Microsoft Windows. Most Windows browsers (IE or Netscape) do not have Java support by default, and it sometimes took many steps simply to re-run an applet. When doing Java with Windows, we had to go to the command prompt to execute the Appletviewer. On the other hand, Appletviewer works quite smoothly on X.

How to Monitor and Stop a User

Linux terminal server environments follow a typical central computer processing model. It is almost exactly the same as working on a mainframe or minicomputer, except it provides an elegant X window manager, such as KDE. As such, many shell commands are available that an administrator/teacher can use to monitor and control the server. Here are some that I use on a daily basis.

1. Log in as root to the terminal server and use as xterm session to run the following commands:

  • w: find out who is doing what on the server, a simple but powerful command

  • finger: find out details about all the users on-line (their real names, for example)

  • df -h: amount of free disk space in human readable format

  • top: resource monitoring (RAM, swap, processor resources, processes)

  • lpc enable all: enables printer spooling

  • lpc disable all: disables printer spooling

  • lpq: checks the printer que

  • lprm: removes a print job from the printer que

  • stop: a script I wrote that allows root to kick any user off the server, shown below


#!/bin/sh
# stop
# script to logoff a student
#

if [ $1 != "root" ]
then
   for i in $(pgrep -u $1)
   do
      kill -9 $i
   done
else
   clear
   echo "Can't kill the root!!"
fi

2. Log in as root to the router/Squid server and use view /var/log/httpd/access_log to review Internet access records from any system. To block access to an Internet site, I wrote the following script:


#!/bin/sh
# block
# written by C T Leung
# November 15, 2002
# add this line to block all ip packets to/from chaos

/sbin/route add -host chaos.wsd1.org reject

chaos.wsd1.org was set up so network technicians from our school division could download drivers, and its usage is limited to authorized people. In the above example, the uncontrolled Web proxy server chaos.wsd1.org is blocked with a single line of code. Without Linux or without direct programming access to the school router, network technicians have to set up blocks on each student's Windows computer, which is both time consuming and error-prone.

Further Development

With the existing 32-bit CPU (Xeon or AMD MP series), the maximum amount of RAM on the server is limited to 4GB. When a bigger--say, over 40 workstations--computer lab is needed, a 64-bit CPU such as the AMD Opteron should be used.

The performance of SCSI drive is great but the price tag is still high. I have tried SATA drive on workstations and found the performance is much better than the parallel IDE and the price is about the same. To build a cheaper and better Linux terminal server network in the future, I would like to try a dual AMD Opteron CPU with 8GB or more of RAM and a SATA drive.

If anyone has set up a terminal server supporting more than 40 users, I would like to hear his/her experience for future improvement.

Load Disqus comments