[Server-devel] XS-0.7 fakeroot package updated to solve xs-rsync issue

2013-10-01 Thread Daniel Drake
Hi,

German R in Nicaragua identified a problem with xs-rsync, where some
files in the OS builds served to XOs are sent with bad permissions.
This fails olpc-update's verification checks, and the systems can't
update.

This was a bug in fakeroot, not processing internal messages
correctly, and recording bad permissions as a result. Fixed in
fakeroot-1.18.4-1.el6.olpc1.i686.rpm, available in the usual repo:
http://dev.laptop.org/xs/repos/stable/olpc/xs-0.7/i386/

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] xs-activity-server updates

2013-09-02 Thread Daniel Drake
Hi,

2 recent updates to xs-activity-server, new version 0.4.0 published just now:

1. Dotted activity versions (e.g. Browse-149.3) are now supported.

2. Separated input and output a bit better, easier to use with puppet
and similar. Use rsync to sync your activities into
/library/xs-activity-server/activities and then run
xs-regenerate-activities when done. The files are then linked
elsewhere and the output html files are also kept separately.

3. Support for multiple activity groups. e.g. put some activities in
/library/xs-activity-server/activities/2014 and they will come up in a
new activity group at http://schoolserver/activities/2014

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Interesting opportunity to study upstream - downstream relationship Was: Root fs on XO1

2013-08-10 Thread Daniel Drake
On Sat, Aug 10, 2013 at 10:29 AM, David Farning
dfarn...@activitycentral.com wrote:
 The is an example of the opportunities and potential challenges that
 can occur between the community and the Association. This is why I was
 very pleased that the XSCE-XS thread last week shifted to
 clarification.

 The motivations and drives behind community volunteer decisions can be
 very different than the motivations and drives behind the decisions of
 an Association employee. As expressed in this thread, when working
 with large and remote deployments, the Association must be very risk
 adverse. Sending a qualified engineer to diagnose and fix a flakey SD
 card can take days... during which time their reputation takes a
 beating. I have some experience wearing those shoes :(

I think you raise a valid question but we could revisit your thought process.

By Association I assume you are referring to the OLPC Association.
(actually perhaps it doesn't even matter which association you are
referring to for the purpose of this mail)

The above paragraph suggests to me:
 1. Community projects can be deployed and it doesn't matter if they
do not work properly
 2. Association projects must be stable/reliable so that the
reputation of the company is not damaged

I disagree with both points and would reword them like this:
 1. All projects aimed for deployment (regardless of developer) should
strive for quality - which includes being risk averse.
 2. The reason for striving for quality is so that the project
actually serves the users, and is stable and reliable. (nothing to do
with reputation of the developer)

Doing a mental search-replace of those points in the rest of your mail
results in something that makes more sense to me, with the key
question of how to ensure stability and quality.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Dealing with the disruptions caused by XSCE.

2013-08-08 Thread Daniel Drake
On Thu, Aug 8, 2013 at 1:47 AM, David Farning
dfarn...@activitycentral.com wrote:
 This disruption is particularly evident in the relationship between
 XSCE and OLPC. Long term, XSCE _might_ be valuable to OLPC in their
 role as The world food bank of education. Short term. in their roles
 as a sustainable business, it is a pain in the ass. What do you say to
 a customer when they ask for features which are still in a unreleased
 version of a community project... which just showed up on their wiki
 one day.

I don't see an issue here. You can leave communication between OLPC
and its customers to the relevant parties of the communication. That
should not stop anyone from writing code.

 A first question is should the XSCE wiki remain in a username space at
 wiki.laptop.org ? Should it move to another home? Should it move to
 http://wiki.laptop.org/go/XSCE ? or should we wait 3 months and
 revisit the issue?

OLPC has historically been happy to host community project info on the
wiki and I don't see any exception here. In some cases notices are
added to pages noting that OLPC does not provide direct customer
support but I hope that does not stop any efforts.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Attempting to upgrade XO 1.5 firmware. Says activation lease not found

2013-07-18 Thread Daniel Drake
On Thu, Jul 18, 2013 at 3:15 PM, Kevin Cole dc.l...@gmail.com wrote:
 I thought I had given sufficient detail, but...

Your original mail raised several questions which the additional
detail below answer perfectly clearly, thanks.

 On the first day of summer vacation, I went downtown to look for a
 job and hung out in front of the drug store. On the the second day of
 summer vacation, I went downtown to look for a job and hung out in
 front of the drug store. On the third day of summer vacation, I went
 downtown to look for a job and hung out in front of the drug store...
 --  Cheech  Chong (Sister Mary Elephant)

 * I booted my Ubuntu laptop.
 * I inserted a 1 GB USB thumb drive.
 * I opened Chrome
 * I went to http://wiki.laptop.org/go/Release_notes
 * I clicked on Release_notes/13.2.0
 * I clicked on 4.3 XO-1.5
 * I clicked on 32013o1.zd which saved it to ~/Download/
 * I clicked on 32013o1.zd.zsp.fs1.zip which saved it to ~/Download/
 * I opened a terminal window
 * I typed:
  cd ~/Download/
  mv 32013o1.zd.zsp.fs1.zip fs1.zip
  cp -v fs2 /media/usb/
  cp -v 32013o1.zd /media/usb/
  diff fs2 /media/usb/
  diff 32013o1.zd /media/usb/
  sudo shutdown -h now

What is the fs2 thing? Can you post ls /media/usb output for double-checking?

 * I inserted the 1 GB USB thumb drive in the XO and pressed the
   power button while holding the X key on the gamepad.
 * I released the X when told it to do so.
 * I received an error about NANDblaster.  (Sorry, I don't have the
 exact text of that message.)

And if you can, post the output from the XO screen of the above. The
NANDblaster error is not interesting, but the previous lines are.

Another useful verification item: turn on the laptop, wait to hear the
boot jingle, press escape. Connect USB disk. At the ok prompt type
dir u:\
This will check that the laptop can read the USB disk successfully.

 * I booted my Ubuntu laptop.
 * I inserted the 1 GB USB thumb drive.
 * I opened Chrome
 * I went to http://wiki.laptop.org/go/Firmware
 * I clicked on XO-1.5
 * I clicked on OLPC Firmware q3c16
 * I clicked on q3c16.rom which saved it to ~/Download/
 * I typed
  mkdir /media/usb/boot
  cp -v q3c16.rom /media/usb/boot
  diff q3c16.rom /media/usb/boot
  sudo shutdown -h now

 * I inserted the 1 GB USB thumb drive in the XO and pressed the
   power button while holding the X key on the gamepad.
 * I released the X when told it to do so.
 * After a few minutes, I saw three icons, and a message at the top
   of the screen Activation lease not found.

It's not clear to me why you are holding the X key here, are you
expecting that to upgrade the firmware from the rom file?

It doesn't quite work like that. What the X does is make the laptop
boot in secure mode. Your laptop has security disabled (as you
mentioned: no wp tag) but by pressing X you are simulating
security-enabled. As designed, this then goes and looks for an
activation lease or developer key, and fails. (it wouldn't have
upgraded the firmware from the .rom even if you made it happy with the
appropriate lease/key)

Anyway, no manual firmware upgrade should be necessary. Lets figure
out why the reflashing doesn't work.

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] School networks and electrical equipment damage

2013-06-06 Thread Daniel Drake
Hi,

Those of us familiar with setting up school networks (server + switch
+ APs) in some of our deployments will be familiar with  the
occasional loss of hardware, due to surges in the low quality
electrical supply or whatever, even when the system is protected by a
cheap UPS which supposedly offers some protection.

This has often been the case in Nicaragua, so the group is now buying
more expensive UPSes, PoE switches, and PoE access points for new
schools. This means that the server and switch are connected to mains
power via a UPS which hopefully protects them, and none of the APs are
connected directly to the mains (instead they get Power over Ethernet)
which hopefully offers some isolation from bad electrical conditions.

This equipment is expensive, especially in places like Nicaragua where
lots of import taxes are applied. But the hope is that the investment
pays off in that the equipment doesn't get zapped.

However, one week after deploying this equipment in the first school,
we are left with a server that doesn't boot, 3 out of 4 access points
broken with a nice burning electronics smell, and a broken switch with
a lot of visible damage to the electronics.

And the most surprising thing - we had not even turned on the network
yet, pending some electrical work. Everything was connected up except
one crucial link - the UPS was not plugged into mains power. So all of
this damage happened without any of the devices having a connection to
the mains.

Connectivity-wise, the setup was:
WAN: Phone line - ADSL modem - XS
LAN: XS - Switch - 4 APs

And power connections: the XS, ADSL modem and switch were connected to
the UPS. The APs were connected to the switch over ethernet for both
power and data. Again, since the battery was not connected to mains
power, none of the devices had a power source.

The connectivity engineer's best bet is that a lightening bolt landed
at the school or nearby, and that this caused a power surge on the
phone line. This surge passed through the ADSL modem, server, switch,
and 4 APs, destroying everything in its path (except 1 AP that was
connected over a longer cable than the rest).

I figured this is a story worth sharing, for any other projects
considering splashing out on more expensive equipment...

Also, I'm wondering if anyone has any advice/experience here. Would
others expect this more expensive setup to be more resilient to bad
electrical conditions than a cheaper setup - will the investment pay
off?

I figure that the case of a lightening bolt might be a bit extreme,
but electrical storms are a nightly occurance here almost daily during
the 6 month rainy season.

I have seen that some UPSs (unfortunately not these ones) allow a
phone line to be passed through them, supposedly offering some
protection. Would such a system protect against a lightening bolt,
assuming thats what happened here?

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] ds-backup

2013-04-16 Thread Daniel Drake
On Fri, Apr 5, 2013 at 3:16 PM, George Hunt georgejh...@gmail.com wrote:
 Hi Daniel,

 I noticed that you were working on ds-backup recently.  I was trying to get
 XSCE running on fc18, and encountered the issue of fedora dropping
 mod-python (see https://fedorahosted.org/rel-eng/ticket/5165).

 Is it ok to just carry the fc17 version along in our repo, and try to see if
 it just works, or should we set a goal of rewriting to mod_wsgi?

Carrying along an old mod_python might be tricky, I think F18 has a
new apache version with some incompatibilities.

I would port it to wsgi.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] puppet

2013-03-19 Thread Daniel Drake
On Mon, Mar 18, 2013 at 7:17 PM, Tim Moody timmo...@sympatico.ca wrote:
 Over the years there have been a number of expressions of interest in
 puppet.  Are there any modules out there for actual XS services?

 I know about http://dev.laptop.org/git/users/martin/puppet-example/tree/,
 which has some manifests.

That's what is currently available.
If you are looking for something specific, please ask, maybe someone
can help you write the appropriate manifest.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Running complete Wikipedia offline

2012-12-16 Thread Daniel Drake
On Wed, Dec 12, 2012 at 9:28 PM, Sameer Verma sve...@sfsu.edu wrote:
 I've been debating the possibility of running a *complete* copy of
 Wikipedia (txt and images) offline on the XS. At this point, the
 targets are English (https://en.wikipedia.org) and Hindi
 (https://hi.wikipedia.org).

 The demand on the local server wouldn't be huge, given the relatively
 small footprint at the school. Storage is cheap. This would be an
 offline copy for one-way consumption, so I'm not looking for ways to
 do local edits, and push these back upstream. I'd imagine the
 Wikipedia dumps can be rsync'd once every x months over sneakernet.
 Dump data is here: https://meta.wikimedia.org/wiki/Data_dumps

When I was in Nepal we cloned Wiktionary onto the school server, and I
imagine the process is similar for wikipedia. The way we did it was:

Install mediawiki and configure it the same way that the real
version is configured:
http://noc.wikimedia.org/conf/

Install the same plugins that are running on the real version:
http://en.wikipedia.org/wiki/Special:Version

Then import the db
http://dumps.wikimedia.org/backup-index.html

Then make a few local tweaks (e.g. disable registration/editing)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] usbmount alternatives

2012-11-26 Thread Daniel Drake
On Thu, Nov 22, 2012 at 11:20 AM, Tony Anderson tony_ander...@usa.net wrote:
 The Community XS is being mounted on Fedora. Adam reports the Fedora does
 not support usbmount.

I'd be interested in confirming that usbmount is now unusable and
unfixable on Fedora, if that is what is being suggested. Can anyone
provide technical details?

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] usbmount alternatives

2012-11-22 Thread Daniel Drake
On Wed, Nov 21, 2012 at 8:35 PM, Holt h...@laptop.org wrote:
 George/Daniel/Tony/Jerry,

 Was there a conclusion here, if any?

I'm still waiting for someone to write here explaining what exactly
the problem is with usbmount.

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Post XS-0.7 plans

2012-11-13 Thread Daniel Drake
Hi,

On Tue, Nov 13, 2012 at 2:08 PM, Tim Moody timmo...@sympatico.ca wrote:
 Hi Daniel,

 Can you tell me what plans there are for the XS beyond version 0.7 and who
 would be undertaking them.

Based on recent discussions at the OLPC community summit in San
Francisco, it looks like the next version of the XS will be developed
by George Hunt and Jerry Vonau and their collaborators. I think their
plans are to continue moving in the direction that allows the XS to be
more modular, and to additionally support the ARM hardware platform.

I believe they still have some issues to solve caused from fallout
with the move to Fedora 17, and then the work will need to be posted
as patches for a technical review on this mailing list.

Thanks
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Post XS-0.7 plans

2012-11-13 Thread Daniel Drake
On Tue, Nov 13, 2012 at 4:37 PM, Tim Moody timmo...@sympatico.ca wrote:
 So would it be accurate to say that OLPC does not plan any future XS other
 than the Community School Server, currently a work-in-progress by George,
 Jerry, and others?

I can't comment on behalf of OLPC, and asking about an indefinite
future is not really going to get you a concrete answer. However it is
fair to say that OLPC has in one way already handed off the XS to the
community. The last version (0.7) was not developed by OLPC, it was
developed by the Zamora Teran foundation.

 Documentation on the Community School Server is starting to appear outside
 of the laptop.org wiki.  I feel some uncertainty as to whether this is as it
 should be or not.

The developers of that project have been encouraged not to fork a new
project, and instead simply create the next XS version. The decision
(and workload) is up to them.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] pushing activities to XOs

2012-09-06 Thread Daniel Drake
On Wed, Sep 5, 2012 at 9:09 PM, Gonzalo Odiard gonz...@laptop.org wrote:
 Maybe we can prepare a Feature for the next cycle.
 Also, we are shipping a old updater, not integrated with the changes done in
 sugar
 (sugar was changed to support different backends, as ASLO and OLPC,
 but our code does not implement the backend).

Yes. I put my notes (unfinished) here:
http://wiki.sugarlabs.org/go/Features/Automatic_activity_updates

But not planning to continue on this topic at the present time.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] pushing activities to XOs

2012-09-05 Thread Daniel Drake
On Wed, Sep 5, 2012 at 9:46 AM, Sameer Verma sve...@sfsu.edu wrote:
 Jerry,

 I had to manually add http://schoolserver/activities; to the Group
 under Software Update in the Control Panel. Then, when I run the
 update, it pings the XS and grabs new activities. Is this expected
 behavior?

Yes. For a deployment you would use olpc-os-builder to preset that address.

And yes, there is a missing link in that this currently must be
user-invoked; theres no fully automated way of pushing activities yet.
I hope to be a part of solving that in a future release cycle.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Networking issue with XS 0.7 on EPC-AT270

2012-08-01 Thread Daniel Drake
On Tue, Jul 31, 2012 at 5:57 PM, David Leeming
da...@leeming-consulting.com wrote:
 Hello,

 I am training some teachers in PNG to set up school servers. We are using
 the EPC-AT270 (brochure attached, specs on page 7) and previously have
 installed X_-v0.6 with no problems at all.

 This time I am trying XS-0.7 but we have a networking issue. It does not
 configure either of the two Ethernet ports.

Just to check one of the basic details...
Are you aware that the XS-0.7 doesnt configure network by default? You
must take extra steps.
http://wiki.laptop.org/go/XS_Installing_Software_0.7#Network_configuration

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] ARM on XS -- how can I integrate my work?

2012-06-27 Thread Daniel Drake
On Wed, Jun 27, 2012 at 9:26 AM, George Hunt georgejh...@gmail.com wrote:
 Thanks Daniel for the reality check.  I often seem to get caught up in
 wanting to learn about something without seeing the larger context.

 I was looking at the function per watt, and not seeing the
 development/testing/support costs involved in adding another distribution.

 In retrospect, I was also ignoring another fact, that the fitpci has a dual
 core atom processor that draws 7 watts just like the ARM Trimslice -- ARM is
 not really necessary to achieve low power school serving.

 All is not lost however, I enjoyed learning about ARM, and packaging rpms --
 skills I may find useful.

I think there is still a lot of interest in XS-on-ARM - are you giving up?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] ARM on XS -- how can I integrate my work?

2012-06-25 Thread Daniel Drake
On Sun, Jun 24, 2012 at 8:14 AM, George Hunt georgejh...@gmail.com wrote:
 I'm not done yet, but I've been making progress on porting XS code to ARM by
 making modifications to DSD's  XS-0.7.  Upon his suggestion, I have been
 basing my work on the srpms posted at
 http://xs-dev.laptop.org/xsrepos/stable/olpc/xs-0.7/source/.

 Now that I've got some of the services running, I'm wondering how to
 contribute to the XS codebase.  What I'd prefer is to contribute deltas from
 XS-0.7 that use `uname -p` to enable the appropriate path through the
 startup scripts.

That kind of approach would suggest supporting both CentOS and F17+.
I'm not sure if thats the direction we'd want to go - supporting 2
platforms has its costs. It might be preferred to do a full migration
to F17. You'll need clarification from this from Martin, who's away
until next month.

 Earlier, I started using the git sources at dev.laptop.org, and I discovered
 that there did not appear to be an obvious set of git repos, corresponding
 to XS-0.7. Paths for repos that had the most recent changes included:

 /packages/
 /projects/
 /bios-crypto/
 /users/martin/

 Any suggestions on how we should proceed?

I think you just need to sit down and hunt these down. It shouldn't
take you long, using version numbers found in the most recent RPM
packages, etc.

Many of the XS component webpages have links to the git repo, e.g.
http://wiki.laptop.org/go/XS-rsync

If there are ones that don't, maybe you can add the links.

And if you really get stuck, you can ask for help for a particular package.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] failed to register

2012-06-04 Thread Daniel Drake
On Mon, Jun 4, 2012 at 4:19 PM, Holt h...@laptop.org wrote:
 One XO-1.5 successfully registered back on Saturday.  It successfully then
 pushed 36MB to the XS' /library/users/SHC03801C2E (after running
 /usr/bin/ds-backup.sh on the XO-1.5 and waiting ~30min).  So we went home
 Saturday night with a false sense of confidence!

 But no XO-1.5s will fully register today (all ~50 of the school's XOs are
 XO-1.5s).
 Clearly, Jamaica's change from XS 0.6 to XS 0.7 two months ago destroyed
 reliable registration?

Can you check if the XOs have any server listed in the Network section
of the sugar settings?
If they do, clear it and try again. You may be trying to register
against an old XS hostname. (yes, this Sugar behaviour is
questionable)

Based on the rest of your mail, maybe you aren't facing this problem.
But lets check anyway.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] xs-otp tarball pkg?

2012-05-16 Thread Daniel Drake
On Wed, May 16, 2012 at 2:06 PM, George Hunt georgejh...@gmail.com wrote:
 For most of the packages, I've taken the easy way out, and used DDrake's
 source rpms at http://xs-dev.laptop.org/xsrepos/stable/olpc/xs-0.7/source/
 as a basis for my arm rebuilds.

  But I'm wondering what diff's there might be with the git directories,
 and/or if I should be trying to reconcile his builds with what's at
 https://dev.laptop.org/git/.

We dropped xs-otp because we don't think it has any users.

I don't think you should be looking at the list of git repos. Instead,
look at the list of packages included in a XS-0.7 install.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] From Marina Orth Foundation

2012-04-21 Thread Daniel Drake
On Sat, Apr 21, 2012 at 12:44 PM, Tim Moody timmo...@sympatico.ca wrote:
 How do you perform the initial installation of these XS servers?

next next next finish in the XS-0.7 installer, then we enter the
hostname, then configure the puppet server address and puppet does the
rest.

 What is your host naming convention so that each looks like schoolserver on
 the lan, but some unique name on the wan?

schoolserver.school.city.fundacionzt.org

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] From Marina Orth Foundation

2012-04-18 Thread Daniel Drake
Hi,

On Wed, Apr 18, 2012 at 3:06 PM, Luis Fernando Sanchez
direc...@fundaorth.org wrote:
 Hi Daniel, this is Luis Fernando Sanchez, Executive Director of Marina Orth
 Foundation in Medellin, Colombia. I have a question, but let me
 contextualize the situation  first . In Itagui town in Colombia they are
 going to implement an OLPC with 14.500 XO; they also have 38 schools and 38
 school servers. We would like to know if is good and practical idea to
 install a central server where they can manage everything. If so, what kind
 of server they will need and how they can implement that?

I'd say that you should implement a central management system if you
feel that you need it (i.e. if there are things that can be centrally
done), and otherwise you shouldn't burden yourself with the effort.
This really depends on what the role of the school server will be, and
how often you forsee having to update files on the machine.

As for server choice and implementation, I think such choices should
be based on the expertise locally available. However I can recommend
some systems of personal preference:

In Nicaragua we have many servers but each one is almost identical
(talking about the content that it hosts and the roles that it plays).
We manage them with a central server that runs Fedora 16 and acts as a
puppet server:
http://wiki.laptop.org/go/Zamora_Teran/Puppet
Then we run puppet on all the school servers to keep them synchronized
with the central server.

We use puppet to send out new content and tweak the configuration of
the system. With an active technical team you'll never finish
configuring your server, and puppet's design reflects this nicely.
This is a solid system but requires quite a lot of expertise.

Good luck with your project!

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] oatslite under RHEL/CentOS x86_64

2012-03-27 Thread Daniel Drake
On Tue, Mar 27, 2012 at 10:34 AM, Reuben K. Caron reu...@laptop.org wrote:
 Does this effect xs-activation installed on XS 0.7?

XS-0.7 is 32-bits only.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS on XO

2012-02-23 Thread Daniel Drake
On Wed, Feb 22, 2012 at 9:08 PM, Martin Langhoff
martin.langh...@gmail.com wrote:
 I'd recommend, on XO-1.5

 - take a 11.x.y buid
 - use the yum repos dsd prepared for XS, groupinstall the right group (OLPC
 School Server?)
 - disable the prefdm service (remove/rename /etc/init/prefdm)
 - disable NM service, enable the 'network' service (using chkconfig)

 F14 and RHEL/CentOS6.2 are very close, the only incompat I am aware of is
 the Erlang runtime, so you probably need to rebuild ejabberd...

It seems closer to F13 to me (it has the F13 version of Python, anaconda, ...)
For this reason you'll have to rebuild all the XS packages that
include python scripts as well.


Another option you may wish to explore is running CentOS6 with the
OLPC kernel on the XO. (but I haven't really thought this through,
might be missing something obvious)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 beta 2 installation successful

2012-02-23 Thread Daniel Drake
On Fri, Feb 17, 2012 at 6:58 PM, Sameer Verma sve...@sfsu.edu wrote:
 Do you have any pointers to specs on the boxes you guys are using?

Nothing too exciting, just what we could get our hands on at short notice.

Regular/unbranded desktop systems with Intel motherboard, Intel G620
CPU (2.6GHz, 3M cache), 2GB RAM, 1TB HDD.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 Ometepe released

2012-02-21 Thread Daniel Drake
On Mon, Feb 20, 2012 at 3:50 PM, Daniel Drake d...@laptop.org wrote:
 Hi,

 Named after the island for which it was developed, XS-0.7 Ometepe is 
 released.

 http://wiki.laptop.org/go/XS_Installing_Software_0.7

Yesterday the above site had the download link as
http://dev.laptop.org/xs/OLPC-School-Server-0.7beta2-i386.iso
This was incorrect - sorry about that. The correct link is
http://dev.laptop.org/xs/OLPC-School-Server-0.7-i386.iso

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] How to make a public antitheft server

2012-02-20 Thread Daniel Drake
Hi,

On Sun, Feb 19, 2012 at 6:33 PM, Juan Cubillo jcubi...@fundacionqt.org wrote:
 Hello,

 Could anyone please tell me if there are up-to-date instructions to create a
 centralized antitheft server?

 Currently the wiki page http://wiki.laptop.org/go/Antitheft:Public_Server
 talks about Fedora 11 (fairly old now) and the link for the repo (
 http://dev.laptop.org/git/users/martin/xs-release.git/tree/olpcxs.repo?h=xs-0.6
 ) is not working.

Here's another option:
http://wiki.laptop.org/go/Oatslite

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 beta 2 released

2012-02-20 Thread Daniel Drake
On Sat, Feb 18, 2012 at 1:22 PM, Sameer Verma sve...@sfsu.edu wrote:
 I used the unetbootin approach to build a USB stick to boot from. I've
 had trouble with the step where it looks for the media. Says something
 like

 hd: LABEL=OLPC School Server 0.7 i386:olpcxs.ks

 and loops at that step. When I change it to

 hd:/dev/sda1:olpcxs.ks

 It continues the install, but failed twice around the part where it
 sets up partitions on the target drive. I could have a bad USB stick,
 so I'll try again later today. Is anybody else seeing this?

It took quite some massaging to get the USB install working as I have
scripted, so I'm not surprised that alternative paths do not work
right away.

Is there any special reason why you need to use netboot, or could you
instead follow the procedure at
http://wiki.laptop.org/go/XS_Techniques_and_Configuration#Installing_from_USB

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS-0.7 beta 2 installation successful

2012-02-17 Thread Daniel Drake
Hi,

Over the last 2 days, German Ruiz and I installed six XS-0.7 beta 2
test servers in Managua. 5 were installed by USB, 1 by CD.

Overall it was successful and the plan is still to produce XS-0.7
final on Monday.



We found 2 minor problems, both added to XS release notes:

The USB installer skips some steps (language, bootloader config, etc)
for unknown reasons. Most of them aren't important (you're supposed to
accept the defaults in most places anyway), but the one significant
one missing is the keyboard configuration.

Squid has been seen crashing on occasion (see squid bug #3048).
However, it restarts automatically after a few seconds of downtime.


Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 beta 1 released

2012-02-15 Thread Daniel Drake
On Tue, Feb 14, 2012 at 5:45 PM, Jerry Vonau jvo...@shaw.ca wrote:
 Hi Daniel:

 Just downloaded the install iso, before I burn this to cd should
 /isolinux/initrd.img and /images/pxeboot/vmlinuz be 0 bytes in the iso?

isolinux/initrd.img should be  30421445 bytes
images/pxeboot/vmlinuz should be 4649728 bytes

Just double checked the ISO uploaded (md5sum
7e7fac03c796031213a3fe09fefe3be6), so I think this must be something
wrong at your end.

 In /isolinux/isolinux.cfg, upgradeany is used with full install
 options, think that will force anaconda into upgrade mode.

This was copied over from the earlier XS-0.7 work. I see that XS-0.6
does not include this option. Any idea why, and what the implications
are? Should we be including the option or not?

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS-0.7 beta 2 released

2012-02-15 Thread Daniel Drake
Hi,

Repos updated, and new install media available:
http://wiki.laptop.org/go/XS_Installing_Software_0.7

Changes since XS-0.7 beta 1:
Exclude fprintd-pam from install (#11631)
Add more etckeeper checkpoints (#11632)
Update named.root (#11626)
Disable IPv6 DNS lookups (#11630)
Include simple IPv6 firewall config (#11629)

Thanks to Sam for the quick testing.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] initial notes on 0.7

2012-02-14 Thread Daniel Drake
On Sun, Feb 12, 2012 at 2:18 AM, Sameer Verma sve...@sfsu.edu wrote:
 Problem: XS seems to cause XOv1 computers to repeatedly restart X
 (brief text messages say something about dcon freeze?)
 Happening to both XO-1 and XO-1.5 running build 883. XO 1.5 HS with
 build 852 was unaffected.

I've been running 6 XOs with this build for ~8 hours now, and haven't
seen this problem. Would be interested in logs if you can reproduce.

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Old mirror URLs fixed

2012-02-14 Thread Daniel Drake
Hi,

As reported several times here, running yum update on XS-0.6 or
older wasn't working.

This should now be fixed - the old URLs should continue to work even
though we have moved things to a different server.

Testing confirmation welcome!

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] datastore is corrupt on 0.7

2012-02-13 Thread Daniel Drake
On Sun, Feb 12, 2012 at 1:54 PM, Sameer Verma sve...@sfsu.edu wrote:
 This shows up on the Moodle end of things: http://dev.laptop.org/ticket/11619

This is the same on 0.6, for client XOs running recent releases. Or
have you found a case where the same XO release works on XS-0.6 but
not on 0.7?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] initial notes on 0.7

2012-02-13 Thread Daniel Drake
On Sun, Feb 12, 2012 at 2:18 AM, Sameer Verma sve...@sfsu.edu wrote:
 Step 5: Boot server machine from USB stick using: default option
            In the from option (hard drive, CD/DVD, NFS etc.) pick:
 hard drive
            Which disk contains install medium: usually /dev/sda1
            Once installation is done, reboot server.

 Step 6: eth0 isn't up by default.
 # ifconfig eth0 up

 Step 7: Get a DHCP lease
 # dhclient eth0

 Step 8: wget isn't in minimal install
 # yum install wget

 Step 9: Add EPEL repository.

 # wget epel-release-6-5.noarch.rpm
 # yum localinstall epel-release-6-5.noarch.rpm

You can use curl (included), or just: rpm -ivh
http://whatever/epel-release-6-5.noarch.rpm

 Step 12: Use chkconfig to make sure eth0 comes back on reboot
 # chkconfig

No need to do this - xs-setup-network will take over your network
configuration.

 Step 15:

 Add a USB-to-Ethernet dongle and plug into WAN
 Must run xs-setup-network and then reboot because we added a USB
 ethernet dongle (WAN connected) and now XOs have internet access, but
 no name resolution!

There was no need to run xs-setup-network again, you could have just
added the WAN connection and rebooted. But no harm in doing so.

 Step 15b (optional):

 Had to add forwarders section to /etc/named-xs.conf.in
 Add the following line between the options opening '{' and closing '}':
 forwarders {dns-server1; dns-server2; ..};
 # xs-setup-network
 Reboot.

The fact that you had no DNS without this rings a bell - am I right in
saying you had the same problem on XS-0.6 on your network without
adding a forwarders entry?

 Problem: XS seems to cause XOv1 computers to repeatedly restart X
 (brief text messages say something about dcon freeze?)
 Happening to both XO-1 and XO-1.5 running build 883. XO 1.5 HS with
 build 852 was unaffected.

Can you run olpc-log on one of these systems after the crash happens
,and send the output?

Thanks for the detailed testing!
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 CentOS6.2 rebase - other pending items

2012-02-10 Thread Daniel Drake
On Fri, Feb 10, 2012 at 2:11 AM, Martin Langhoff mar...@laptop.org wrote:
 For users that install CentOS and *then* install our stuff, we may
 need to add a warning if we don't see our custom revision prefix. It's
 gotta be a soft warning 'cause we don't really know if it's wrong or
 not.

I'll check that in xs-services-check.

 olpc-xs-builder - pu branch ready for review.

 Looks good,
  - where do you maintain the groups file?

I was just going to stick it in public_html - any other suggestions?
It's attached.

  - does the resulting .iso file convert and now run nicely from USB
 media? this used to be flakey...

Haven't tested - will do after releasing initial test media if time permits.

 AIUI, groups can only refer to packages in the same repo -- how do you
 bring in things like puppet?

Works fine pointing at packages from other repos.

I'll start pushing and building the acked bits now.

Thanks,
Daniel
?xml version=1.0 encoding=UTF-8?
!DOCTYPE comps PUBLIC -//Red Hat, Inc.//DTD Comps info//EN comps.dtd
comps
group
 idolpc-xs/id
 defaulttrue/default
 uservisibletrue/uservisible
 display_order1024/display_order
 nameXS-server/name
 descriptionThis group is the XS server group of packages/description
 packagelist
   packagereq type=mandatoryxs-config/packagereq
   packagereq type=mandatoryusbmount/packagereq
   packagereq type=mandatoryidmgr/packagereq
   packagereq type=mandatoryolpc-bios-crypto/packagereq
   packagereq type=mandatoryxs-tools/packagereq
   packagereq type=mandatoryxs-rsync/packagereq
   packagereq type=mandatoryxs-activity-server/packagereq
   packagereq type=mandatoryxs-activation/packagereq
   packagereq type=mandatorymoodle-xs/packagereq
   packagereq type=mandatoryds-backup-server/packagereq
   packagereq type=defaultpuppet/packagereq
   packagereq type=defaultntp/packagereq
   packagereq type=defaultacpid/packagereq
   !-- packagereq type=mandatoryxs-callhome/packagereq --
 /packagelist
   /group
/comps
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS-0.7 review round 3

2012-02-10 Thread Daniel Drake
Hi Martin,

Everything acked so far has been pushed and built, output is at
http://dev.laptop.org/xs/repos/stable/olpc/xs-0.7/i386/

Pending items are:

1. Moodle - needs 'pu' branch review, and the possible updates you mentioned.
For now, the repo above includes a RPM from the pu branch (just
temporarily so that I can build).

2. xs-activation - this wasn't working, pushed a new 'pu' branch for review.

3. Version numbers of the components. I haven't bumped any of them.
Some had already been bumped for the 0.7 release when it was looking
like it might be F11/F14-based. Which ones should I bump? ds-backup,
idmgr, xs-activation, xs-activity-server, xs-config, xs-rsync,
xs-tools

4. I put xs-release as version 6 (matching epel and centos packages),
with Epoch 1 so that it is seen as an upgrade over the current
xs-release-9 in XS-0.6. Is that OK?


I've done an install based on the above repo and done quite a bit of
testing, things are looking good. We're close!

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS-0.7 ready for early testing

2012-02-10 Thread Daniel Drake
Hi,

The CentOS-based XS-0.7 is ready for early testing.

I haven't produced install media yet (hopefully tomorrow!) but the
alternative install method is now possible, where you install the XS
stuff on top of a CentOS installation.

Install CentOS 6.2 (minimal install will do) and then follow these instructions:
http://wiki.laptop.org/go/XS_Installing_Software_0.7#Installing_on_top_of_existing_OS_installation

Thanks for any feedback!
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] ejabberd-2.1.10 issues

2012-02-09 Thread Daniel Drake
On Wed, Feb 8, 2012 at 6:42 PM, Martin Langhoff mar...@laptop.org wrote:
 Ok. Following the breadcrumbe here, I get to
 https://support.process-one.net/browse/EJAB-919 which has a nice patch
 authored by the Geoff Cant, a fellow Catalyst-er. I can help w a
 rebuild here.

As you've seen - getting this old version to build is difficult.
Getting it to run is even harder.

I think I've found the issue: it is a client bug, now exposed through
ejabberd getting stricter:
https://support.process-one.net/browse/EJAB-1533
https://bugs.freedesktop.org/show_bug.cgi?id=45853

And I have an ejabberd patch to apply (attached) until we've fixed the
client and let the fix propogate for a while.  We need to fork the
ejabberd package again, at least for the time being.
Would you prefer for this fork to be named 'ejabberd' (with xs-setup
modifying the EPEL repo file to exclude ejabberd upgrades from epel),
or ejabberd-xs as before?

Thanks
Daniel


persist-all-pubsub.patch
Description: Binary data
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS-0.7 CentOS6.2 rebase - other pending items

2012-02-09 Thread Daniel Drake
Hi,

I now have an XS fully up and running and passing all my basic tests.
Here are the remaining items that need addressing before we have a
test release:

ejabberd - see the other thread. Need to decide on forking the package
as 'ejabberd' or 'ejabberd-xs' to move forward. Once that is done, I
will update xs-config (if needed) and then push and release all the
other components you have already reviewed.

moodle - pu branch ready for review. If you're going to pull in moodle
updates as well, now is the time :)
I have tested this quite well, including the interaction with mod_admin_extra.

xs-release - how do we go forward with this? I think we should drop
the old approach (of *replacing* the system release package) and take
the epel-release approach of just (additionally) installing our repo
files. But I'm not sure how you want this in git - existing branch of
existing repo, new repo? Or maybe I could create a new
packages/xs-release repo, with all the files contained in the spec
file repo (i.e. doesn't pull in a tarball, just ships the trivial repo
files directly).

xs-logos - Haven't really looked what this has. Given that we don't
face copyright/trademark restrictions of the logo package in CentOS,
can we just drop this?

usbmount - I had to update to the latest version. It no longer uses
any patches (they are all obsolete/upstream). How do I take care of
this w.r.t. your existing usbmount git repository, where you actually
forked the source? Perhaps we could just drop/obsolete that git repo,
and create a new packages/usbmount repo with the simple .spec file?

olpc-xs-builder - pu branch ready for review. Might need tweaking
based on the outcome of the above. I dropped the idea of running
xs-setup during the install, since the user might choose a hostname
that doesn't start with schoolserver.. The installation instructions
will require the user to run xs-setup after the install completes.

repos - I have reorganised slightly http://dev.laptop.org/xs/
repos is now a subdirectory there, which will be our main URL from now on.
But the other URLs still work: http://dev.laptop.org/xsrepos/
http://dev.laptop.org/~martin/xsrepos
Also, I have created aliases at http://dev.laptop.org/xs/stable and
http://dev.laptop.org/xs/testing for the repos. This means that if we
update the DNS of fedora.laptop.org, we will fix yum update / yum
install for the existing XS's in the field, which use such addresses.
What do you think?


I had to bring some packages in from Fedora, these are:

bitfrost-1.0.15-3.el6.i686.rpm - not in RHEL/EPEL. Recompiled for EL6
from rawhide.
mtd-utils-1.3.1-3.fc14.i686.rpm - dep of bios-crypto, imported from F14

kernel-2.6.42.2-1.fc15.i686.rpm - as previously agreed, imported from F15
(kernel-* subpackages too)
grubby-7.0.16-5.fc15.i686.rpm - dep of kernel, imported from F15
linux-firmware-20110601-1.fc15.noarch.rpm - dep of kernel, imported from F15
module-init-tools-3.16-2.fc15.i686.rpm - dep of kernel, imported from F15
acpid-2.0.9-1.fc14.i686.rpm - imported from F14. Needed for compat
with new kernel.

rssh-2.3.3-2.el6.i686.rpm - imported from EPEL-6 updates
syck-python-0.61-12.el6.i686.rpm - dep of ds-backup, not in RHEL/EPEL.
F14 version recompiled for EL6.
syck-0.61-12.el6.i686.rpm - dep of syck-python

Is it OK to stick these in the core xs-0.7 RPM repo, or would you
prefer a separate fedora-ports repo to be created? (I vote just the
one :))


Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS rebase review

2012-02-08 Thread Daniel Drake
On Wed, Feb 8, 2012 at 5:32 AM, Martin Langhoff mar...@laptop.org wrote:
 xs-config: pu branch recreated. Changes since yesterday:

 I think that the new pu branch you pushed out is incomplete. It has a
 very short run of patches, a massive diff from the pu I reviewed, and
 it ends at

  11bdbdb Add setup.d hooks

Pushed an old branch - please look again now.

 ds-backup: pu branch ready for review

 Looks good.  We'll make a server  client release together. I have a
 buglet to fix client-side.

OK, hopefully this will be ready today or tomorrow? :)

 idmgr: pu branch ready for review

 Much nicer layout, thanks! In fact, if you want to move it to
 /var/lib, or /library... you got my nod as well.

 Request: list_registration is a command for sysadmins;
  - rename it (xs-list-registration?), put it on the path
  - maybe make it root-only?

I'll do that, I assume this gets your approval once those changes are
put in place so that I can push today?

 Remaining bits from the core packages:

 Moodle - seemed to fail on first boot, worked on second.  Using
 moodle-xs-1.9.5.xs2-1.xs11.noarch. Need to dig further.

 I'll look into merging w 1.9.x latest, for security and stable
 goodies. How much time have we got?

Need to get it done this week really - latest on Monday.
Hoping to be able to release this on Wednesday 15th for deployment at
test schools in Managua on Thursday 16th.

 ejabberd - runs, accepts connection, but shows no presence info. Need
 to look into this.

 Hmmm, perhaps it's not getting the automagic Online group created?
 Look in the ejabberd-xs.init script, run the commands from
 setup_online_srg() by hand. The change in the ejabberd control module
 changed the syntax of commands slightly.

The online group is created. Any further debugging hints appreciated,
I'm not exactly sure where to start.

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] New XS release very soon

2012-02-07 Thread Daniel Drake
Hi,

To avoid leaving the other threads dangling:

I have been working on a new XS release in collaboration with the
Zamora Teran Foundation (http://www.fundacionzt.org/). The underlying
goal here is to move the XS to a new OS base, which supports new
hardware. The foundation has recently had a fair amount of trouble
finding hardware that is compatible with the dated Fedora 9 release.

As agreed and directed by Martin this will become the next OLPC XS release.

There are 3 major changes compared to XS-0.6:

1. CentOS 6.2 is the base (which is equivalent to Fedora 13/14), but
we have included Linux 3.2 from Fedora 15 for maximum hardware
compatibility.

2. It will be released as both a traditional install CD only requiring
a couple of commands after the install to get up and running, but also
as a set of packages that can be added to an existing CentOS
installation (which probably also works with RHEL/Scientific
Linux/etc). Some steps have been taken for these packages to be easier
to install and run on existing networks (e.g. you can now run parts of
the XS without the requirement that you surrender your networking
setup and layout to the strange configuration that the XS ships). The
usual take over my network option will still be there though.

3. If you choose to let the XS take over your network: Networking
setup is reworked and greatly simplified. No more bonding, no more
mesh support. eth0 is now the LAN, and eth1 is now the WAN (based on
the thinking that if you only have 1 interface, you're going to want
LAN, not WAN). eth0 runs on a single subnet (not 3) and all the
services bind to 0.0.0.0, and we rely on iptables to drop traffic from
the WAN to the school-internal services.


Here in Nicaragua, the Zamora Teran Foundation has the task *this
month* of deploying One Laptop per Child to every child on the
mythical and beautiful island of Ometepe
(http://en.wikipedia.org/wiki/Ometepe). Unfortunately the hardware
received for these 32 school servers is not compatible with XS-0.6, so
we are under pressure to deploy this very very soon. This means the
plan is to release this as an official XS release *next week* to be
installed on servers immediately shipped to the island. Any help
testing this before we ship it off will be greatly appreciated.

I'll post installation instructions and some test media within a day
or two - there are just a couple of obvious bugs remaining that need
to be washed out first.

cheers
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] New XS release very soon

2012-02-07 Thread Daniel Drake
On Tue, Feb 7, 2012 at 2:07 PM, Sameer Verma sve...@sfsu.edu wrote:
 How will this play with XS on ARM?

It won't at all, yet.

However, the liberation of the packages from the base install is the
first step in this direction.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-AU registration issue Fwd: Upgrade from XO 1.5 Firmware Q3B19 to Q3B22 results to Registration Failed Error

2012-02-06 Thread Daniel Drake
On Sat, Feb 4, 2012 at 8:22 AM, Mitchell Seaton msea...@ekindling.org wrote:
 Hey Guys and dev lists,

 You haven't seen this issue with XO build 883, and XS-AU 0.7?

 Can't be firmware issue as he says, must been OS or XS-AU issue/config. If
 'schoolserver' resolves on XO and registration shows up in
 list_registration.. why could a failed registration message return - are
 there particular logs we should look at? I can't remember the logs, and
 don't have a machine available (at my current home) right now to test
 XS-AU/XO registration.

Check the network settings in the control panel. If a server is set
there (for example: the address of an old XS that you previously
registered to), it will use that server address rather than
'schoolserver'.

I just got bitten by this.

(is this behaviour new? It doesn't feel quite right for the field.)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] CentOS hardware support doubts

2012-02-03 Thread Daniel Drake
On Thu, Feb 2, 2012 at 9:09 PM, Martin Langhoff
martin.langh...@gmail.com wrote:
 I assume here that CentOS is reasonably in sync with RHEL. Does
 http://elrepo.org/bugs/print_bug_page.php?bug_id=126 help? More
 generally, does any of the external repos have a kmod-staging or
 kmod-atl1e that works for you?

I've returned that system now; if I get the time and opportunity to
test again, I will do so. Where is the list of external repos?

I'm worried about the expertise required in order to identify such
repos and packages. We need this process to be doable without me in
the room.

 My assumption is that RHEL/CentOS have fairly decent hardware support
 from backported drivers, some in the RH kernels, EPEL or external
 repos (in order of decreasing quality expectations...).

I assume that RHEL is pretty good for server-class hardware found in
US/EU; I can imagine why the support of desktop-class hardware found
in the poorer parts of latin america may be lesser so.

 I wonder if you've been unlucky in the mix of hw you got there; or
 whether the driver support situation for essential things like NICs
 and disk controllers is weaker than I had expected. Maybe others with
 more practical experience with current RHEL/CentOS can comment...?

I've now seen 3 failure cases - the AR8152 mentioned above, and
another case which I only had time to do a quick boot check of
F9/C6/F16 (F16 was the only one that recognised the onboard NIC of the
asrock motherboard).

Yesterday we received 10 servers based on an Intel motherboard (and 12
more will be coming next week). F9 doesn't recognise the onboard NIC.
C6 recognises the onboard NIC but isn't able to send/receive packets.
F16 works fine (using e1000e driver). As these boards only have 1 PCI
socket it is not possible to have 2 NICs (unless we resort to USB...)
unless we move beyond C6.
Also, F9 and C6 do not recognise the SATA DVD drive in these systems -
no /dev/sr0 created, error in dmesg during boot. This will be a pain
for field work. With F16 this works fine.

I haven't yet found a case where the F9--C6 upgrade adds hardware
support for any hardware that we have here.


I like your idea of using a F16 kernel on top of CentOS 6.2. So far,
his seems to be working fine (and solves all of the compatibility
problems mentioned above). If this continues to work I would like to
push it as the default for XS install media.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Who wrote http://wiki.laptop.org/go/XS_Install_Server?

2012-01-31 Thread Daniel Drake
On Mon, Jan 30, 2012 at 11:40 AM, George Hunt georgejh...@gmail.com wrote:
 I met Tony Anderson in Haiti, and again at the San Francisco OLPC Summit in
 late 2011. He prevailed upon me to spend some time trying to figure out how
 to rebase XS on a more recent Fedora Core.

Yesterday I also started looking at that task. Martin explained that
he'd like to see it based on Centos 6.2 and installable as a group of
packages on top of a vanilla base install. Hopefully he will send a
few more details soon (he's travelling).

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] CentOS hardware support doubts

2012-01-31 Thread Daniel Drake
Hi,

Like others, I'm interested in moving the XS to a newer OS base. My
key motivation for this is that the Foundation Zamora Teran (OLPC
Nicaragua) is having difficulty buying servers for new schools being
added to the project - Fedora 9 is too old to support this hardware.

For the next XS release, Martin suggests that CentOS 6.2 (or another
RHEL equivalent) is used as a base. As my contribution here will
likely be limited to just this rebase, I'm prepared to accept that
preference.

However, having installed/run CentOS 6.2 for the first time I now have
my doubts about this. I installed it on a server where the network
interface does not appear with F9 (but does work with more recent
Fedora). With CentOS, the same problem as F9 is presented: no network
adapter.

Digging further, I see that support was added to the Linux kernel for
this particular network adapter (Atheros AR8152) on February 16th,
2010. However, since CentOS 6.2 uses a kernel from 2009, it does not
support this hardware. This seems excessively old for a distro that
was released in December 2011, and I imagine that we will see many
such problems if we run with this.

With this in mind, is there still a strong preference to go with
CentOS, or would a more recent Fedora (e.g. 16/17?) be a better
choice?

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] [PATCH] xs-activation: Support creating rtcreset signatures with master key

2011-12-30 Thread Daniel Drake
If the master keypair is available as lease.public/lease.private,
use it to create rtc reset signatures (rather than relying on
delegations).

The UUID of the client must be known to the server, stored in
the moodle database.
---
 oat.py  |   51 ++-
 xs-activation-signer.py |   48 
 2 files changed, 98 insertions(+), 1 deletions(-)

For the moment this patch is just for review as sample code - it relies
on the addition of UUIDs into the moodle database, which will happen at
a later date.

diff --git a/oat.py b/oat.py
index bb22a23..7ad78c9 100644
--- a/oat.py
+++ b/oat.py
@@ -63,6 +63,23 @@ class oat:
 
 return False
 
+def get_uuid(self, sn):
+if not self.mdb_available():
+return False
+
+mdbh = self.get_mdb_handle()
+mdbc  = mdbh.cursor()
+sql = SELECT uuid
+ FROM   mdl_oat_laptops
+ WHERE serialnum=%s
+   
+mdbc.execute(sql, [sn])
+if mdbc.rowcount == 1:
+rows = mdbc.fetchall()
+return rows[0][0]
+
+return False
+
 def mark_served_stolen(self, sn):
 Returns False or the string 'STOLEN'
 
@@ -256,11 +273,19 @@ class oat:
 return response
 
 def get_rtcreset(self, sn, currentrtc, nonce):
+newrtc = datetime.datetime.utcnow().strftime(%Y%m%dT%H%M%SZ)
+
+# use the master key to generate the rtcreset, if it is available
+kpath = self.get_master_lease_key_path()
+if kpath:
+uuid = self.get_uuid(sn)
+if uuid:
+return self.generate_rtcreset(sn, uuid, currentrtc, nonce, 
newrtc)
+
 # attempt to build a sig02 delegated rtcreset
 kpath= self.get_key_path()
 ldpath = self.get_lease_delegation_path(sn)
 if kpath and ldpath:
-newrtc = datetime.datetime.utcnow().strftime(%Y%m%dT%H%M%SZ)
 return self.generate_delegated_rtcreset(sn, currentrtc, nonce, 
newrtc)
 
 def mdb_available(self):
@@ -286,6 +311,14 @@ class oat:
 else:
 return False
 
+def get_master_lease_key_path(self):
+path = os.path.join(self.BASEDIR, 'keys', 'lease.private')
+if os.path.exists(path):
+# strip .private suffix
+return path[:-8]
+else:
+return False
+
 def get_lease_delegation_path(self, sn):
 path = os.path.join(self.BASEDIR, 'lease-delegations',
 sn[-2:], sn)
@@ -324,6 +357,22 @@ class oat:
 
 return lease;
 
+def generate_rtcreset(self, sn, uuid, currentrtc, nonce, newrtc):
+(fh, tmpfpath) = tempfile.mkstemp(dir='/var/lib/xs-activation/tmp')
+os.write(fh, uuid)
+os.close(fh)
+
+fname = rtc01_%s_%s_%s_%s_%s % (sn, currentrtc, nonce, newrtc, 
hexlify(os.urandom(8)))
+reqpath = '/var/lib/xs-activation/req/' + fname
+os.rename(tmpfpath, reqpath)
+
+rtcreset = self.get_signed_output(fname)
+if rtcreset == None:
+self.log_error(Timed out waiting for signed response)
+raise RuntimeError(Timed out waiting for signed response)
+
+return rtcreset
+
 def generate_delegated_rtcreset(self, sn, currentrtc, nonce, newrtc):
 fname = rtc01delegated_%s_%s_%s_%s_%s % (sn, currentrtc, nonce, 
newrtc, hexlify(os.urandom(8)))
 reqpath = '/var/lib/xs-activation/req/' + fname
diff --git a/xs-activation-signer.py b/xs-activation-signer.py
index 46ccec2..5383b1a 100755
--- a/xs-activation-signer.py
+++ b/xs-activation-signer.py
@@ -225,6 +225,52 @@ def generate_multiple_delegated_leases(dirpath, fname, 
fpath, params):
 destpath = '/var/lib/xs-activation/done/' + fname
 save_atomically(destpath, cjson.write([1,leases]))
 
+def serve_rtcreset(dirpath, fname, fpath, params):
+# read UUID
+fd = open(fpath, 'r')
+uuid = fd.read()
+fd.close()
+os.unlink(fpath)
+
+if not uuid:
+raise RuntimeError('Missing UUID')
+
+randid = params.pop()
+newrtc = params.pop()
+nonce = params.pop()
+currentrtc = params.pop()
+
+sn = params.pop()
+if not validate_sn(sn):
+raise RuntimeError('Invalid SN')
+
+if len(currentrtc) != 16 or currentrtc[15] != 'Z' or currentrtc[8] != 'T':
+log_error(Unrecognised rtcreset timestamp)
+exit(1)
+
+if not nonce.isdigit():
+log_error(Unrecognised rtcreset nonce)
+exit(1)
+
+# find uuid and signing key
+myoat = oat.oat()
+
+kpath = myoat.get_master_lease_key_path()
+if not kpath:
+log_error(No master signing key available)
+exit(1)
+
+# prep params
+cmd = ['/usr/bin/obc-make-rtcreset',
+   '--signingkey', kpath,
+   sn, uuid, currentrtc, nonce, newrtc]
+log_error(cmd)
+rtcreset = subprocess.Popen(cmd,
+  

Re: [Server-devel] mesh and newer builds

2011-10-12 Thread Daniel Drake
On Wed, Oct 12, 2011 at 4:53 AM, Sameer Verma sve...@sfsu.edu wrote:
 1) I have a XS-on-XO-1 which shows up in the Neighborhood as
 school-mesh-0 but when I connect the XO client, I get a
 169.254.xxx.xxx address and the XO won't register. If I connect to
 mesh1, I get a 172.18.xxx.xxx address, and the XO registers.

As Jerry says, we need more description here. How are you connecting
to school-mesh-0, and how are you connecting to mesh1? I have never
seen either of those terms appear in the UI - can you be more
specific, take a screenshot, etc?

 2) I am seeing similar behavior with a mesh antenna (prototype black
 box with screw-on antenna) in Bhagmalpur
 (http://bhagmalpur.wordpress.com/)

 I take it that this change of behavior is due to dropping support for
 mesh in newer builds? Any way to change this on the server to gain
 expected behavior ?

When you say newer builds which versions are you referring to specifically?
We have not intentionally or knowingly decreased the mesh support
since early 2010 when we dropped support for Mesh Point Portals, but
that is not what you are working with.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] deregister laptops

2011-05-25 Thread Daniel Drake
Hi David,

On 16 May 2011 01:21, David Leeming da...@leeming-consulting.com wrote:
 I tried sugar-control-panel -c registration and get this error:

 sugar-control-panel: Failed to contact configuration server; some possible
 causes are that you need to enable TCP/IP networking for ORBit, or you have
 stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/
 for information. (Details -  1: Failed to get connection to session: Did not
 receive a reply. Possible causes include: the remote application did not
 send a reply, the message bus security policy blocked the reply, the reply
 timeout expired, or the network connection was broken.)

Can you confirm that you are running this command as the 'olpc' user,
and not as root or someone else?

Please double-check this by running the whoami command immediately
before sugar-control-panel -c registration

Thanks,
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 plans -- your thoughts please...

2011-01-18 Thread Daniel Drake
On 18 January 2011 19:29, Martin Langhoff martin.langh...@gmail.com wrote:
 So -- going back on the traffic we've see in the last 24 months, what
 would you highlight? What have people asked for (that wasn't
 easy/trivial/possible)? What problems have we heard that were hard to
 diagnose...?

Some items that spring to mind:

1. activity-server support for dotted activities

2. can't register if your name includes a :

3. automatic olpc-update via OATS (code was posted, but we never
finished deciding exactly how to integrate it)
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] oatslite: Report stolen and fix

2010-08-29 Thread Daniel Drake
On 28 August 2010 17:19, Martin Langhoff mar...@laptop.org wrote:
 Working in LR, fixed a bug in oatslite, plus minor improvements. Maybe
 we are looking at the wrong repo or otherwise using stale code?

 The code as-is could not have worked as it's missing a \n that is
 required in the format...

Thanks, applied both. Sorry about that.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Schoolserver development in Uruguay

2010-08-19 Thread Daniel Drake
On 19 August 2010 18:25, Bernie Innocenti ber...@codewiz.org wrote:
 == Jabber ==

 There are two people working on Jabber. They have been using ejabberd
 and, quite surprisingly, they've not seen any issues of high CPU load
 and database corruption. Tomorrow I'll get to work more with them.

XS-0.6 and some of the package updates that come later fix a few bugs
related to ejabberd CPU/DB. I guess in Paraguay they are still on 0.5.

 This is a black hole in all deployments I visited.

 Redundant storage is too expensive. One cheap 500GB hard-drive is
 typical. In one year, 3 of the 10 schoolservers in Caacupé developed a
 hard drive failure.

But it's not a huge issue because the XOs also have a copy of the
journal. So, if technical resources are available for a quick XS
repair, disruption should be minimal.

 Journal backups, however, amount to a whopping 238GB of rapidly
 changing, mostly uncompressible and undeltable data. Quite not the ideal
 case for an incremental backup. With today's available resources, we
 could afford to backup everything *but* the journals.

You're giving numbers but missing an important consideration - the XS
backup system makes multiple backups. And it'll continue to do make
more and more copes until it meets a certain threshold based on disk
size (likely to be 238GB in your case). At this point, it will purge
the oldest backups before making new ones.

Saying that you've hit 238GB after a year isn't conclusive because its
likely that you'll meet the threshold when you're measuring an active
school over such a long time period. It's the design - use the
available space.

It's possible that within that space you have 10 backups of every
journal. So you could possibly get away with a disk half the size, and
only retain 5 copies. I'm inventing numbers (and they aren't
strictly copies either), but you can provide real ones - how many
backups (on average) are there of a journal in this server? What's the
disk space used if you only total the space used by the most recent
backup of each journal? Also, is it possible that your space-measuring
script is counting a 5mb file with 2 hardlinks as 10mb of used disk
space?

 Paraguay uses Puppet. We're very happy with it.
 Uruguay uses CFengine. They seem to be very happy with it as well.

 Both employ a flat hierarchy with one puppet master controlling all the
 schools, which is simple and straightforward, but requires excellent
 connectivity.

Excellent is a bit subjective, but yes, the fact that it requires
any form of connectivity is a roadblock in many cases. However, we
came up with a way around this (ideas only, for now, but wouldn't be
hard to implement) for puppet:
- clone all the puppet repositories and the config files and put them
on a USB disk (and do this periodically)
- install puppet-server on all the XSs (but dont run it by default)
- go to a school with said USB disk, plug it in and run puppet-server
- run puppet-client, connecting to localhost
- stop puppet-server, unplug USB disk, go home

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] wifi setup

2010-08-04 Thread Daniel Drake
On 3 August 2010 23:56, James Cameron qu...@laptop.org wrote:
 Just now I've set up three access points with the same essid; a NetComm
 NB600W and two WRT54G running OpenWrt.

 XO-1.5 and XO-1 development build os304 for release 10.1.2 shows a
 single icon in the Neighbourhood View, and clicking on it chooses one of
 the access points.

 XO-1 stable build os802 for release 8.2.1 shows the same thing.

 iwlist eth0 scan shows three separate access points with different
 address but same essid.  They are on different channels.

This is indeed the way to achieve what was asked for. But be careful -
not too long ago, someone from Uruguay (on de...@lists.laptop.org)
investigated a setup like this and found that the XO's behaviour in
picking the best access point (and changing once the signal got to
weak) was quite sub-standard. definitely needs some testing before
deployment, and please share your results.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Help for unreliable ADSL and cable modems: bounce-eth0.sh

2010-07-26 Thread Daniel Drake
On 26 July 2010 17:22, Martin Langhoff mar...@laptop.org wrote:
 [ What I remember is that the NIC was a 'mii' device on an IBM
 SOHO-style minitower server. The cablemodem is a Motorola modem I've
 used before without trouble with Linux boxes. Cannot remember model,
 apologies. ]

I've had 3 motorola cable modems in the past and all of them have had
a web admin interface, where you can control the DHCP behaviour when
it is offline. That would solve one of the problems at least.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] automatic OS updates from school server

2010-05-10 Thread Daniel Drake
In my opinion one of the bigger holes left in the school server is the
fact that we can't push OS updates to the XOs. And the team here in La
Rioja keep asking about it,

Actually the hard work is all done (XS has updates server, XO has
update client, both work well), the only missing bit is a section in
the OATS server implementation which actually tells the XOs about the
updates.

And I already did most of the work, anyone interested in continuing?
http://lists.laptop.org/pipermail/server-devel/2009-October/004261.html
The conclusions from that thread is that MyConfigParser can probably
be reimplemented as a trivial ConfigParser subclass (diff it against
Python's copy, it's a trivial change IIRC) or we could switch to the
external iniparse module.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] documentation for customizing XS ISO

2010-05-04 Thread Daniel Drake
On 4 May 2010 12:58, Martin Langhoff martin.langh...@gmail.com wrote:
 On Tue, May 4, 2010 at 11:15 AM, Daniel Drake d...@laptop.org wrote:
 I thought I saw some official documentation once for how deployments
 can customize kickstart, add more packages, etc. Can't find it now.
 Was I dreaming?

 A wikipage, a mirage...
 http://wiki.laptop.org/go/XS_Techniques_and_Configuration#Making_customisations_to_your_install_process

That's under the USB section. Intentional?

 Right now we are struggling because installation media is not
 available during %post.

 Should be during %post --nochroot as it's explained in the wiki. I
 tested this from USB sticks -- it's known to work with CDROMs but I
 did not test it explicitly so YMMV.

It's not available. It gets unmounted before %post is executed.
(google and you'll see many other people running into this headache as
well)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel



Re: [Server-devel] OATs delegations -- change in procedure -- need to use sig01 format too...

2010-04-28 Thread Daniel Drake
On 28 April 2010 14:54, Martin Langhoff martin.langh...@gmail.com wrote:
 All fixed now, see my earlier messages. The truncated needs fixing
 was related to the brokenness of dynlibs in olpc-bios-crypto and the
 -utils splitoff.

 I have reverted both temporarily and built an RPM that works well.
 Still builds the SOs but the binaries are all statically linked.

OK

But nothing on the XS side needs changing, right?
Just the format of the files that are sent to it.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] problems installing xs-activation on F12

2010-04-27 Thread Daniel Drake
http://fedora.laptop.org/xs/stable/olpc/xs-0.6/i386/xs-activation-0.2.39.g2277cdf-1.xs9.noarch.rpm

Straightforward rpm -ivh of the RPM gives dependency errors. It needs:
olpc-contents
python = 2.5
python-json
usbmount
xs-tools


olpc-contents and python-json easily installed by yum.

xs-tools requires python 2.5.

usbmount installs with the RPM.

The packages that need python-2.5 install their files in the wrong
place for a python-2.6 system.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] problems installing xs-activation on F12

2010-04-27 Thread Daniel Drake
On 27 April 2010 10:34, Peter Robinson pbrobin...@gmail.com wrote:
 Does a recompile of this against a F-12 system not fix the python 2.5
 - 2.6 problem?

Probably yes, but not so sure I want to leave such a task in the hands
of the deployment here, as this is something that will have to be
repeated for time to come.
The mail was mostly to inform Martin that its not such a smooth ride
as we hoped for in another thread.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] olpc-bios-crypto - relative vs abs symlinks?

2010-04-27 Thread Daniel Drake
On 27 April 2010 11:44, Martin Langhoff martin.langh...@gmail.com wrote:
 Curious - I see in your makefile and spec fixups you've changes the
 obc-* symlinks from abs to relative. Is it better in some sense in the
 context of an RPM?

Can't recall, but I suspect it would have been something in fedora
package guidelines, or a complaint from rpmlint.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] olpc-bios-crypto - relative vs abs symlinks?

2010-04-27 Thread Daniel Drake
On 27 April 2010 11:51, Daniel Drake d...@laptop.org wrote:
 On 27 April 2010 11:44, Martin Langhoff martin.langh...@gmail.com wrote:
 Curious - I see in your makefile and spec fixups you've changes the
 obc-* symlinks from abs to relative. Is it better in some sense in the
 context of an RPM?

 Can't recall, but I suspect it would have been something in fedora
 package guidelines, or a complaint from rpmlint.

Now I recall. I was bringing it (and the spec) in line with normal packaging:

In most packaging systems, make install is run with DESTDIR as some
build root (in this case, the RPM build root), and then all the files
are moved to / during installation.

If the symlinks are made absolutely and consider DESTDIR, then they
will be broken at time of package installation (still pointing into
the RPM build root).

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] OATs delegations -- change in procedure -- need to use sig01 format too...

2010-04-26 Thread Daniel Drake
On 25 April 2010 01:40, Martin Langhoff martin.langh...@gmail.com wrote:
  - We should make --act a no-op, so we just forget about it in the
 future. Gonzalo and Daniel have been working on the scripts and I am a
 bit behind on what they've done. Guys, would be great if you apply
 this -- or I'll patch it later in the week.

Done.

Does the XS need a software update now?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] make-server-delegations output and importing to XS

2010-04-26 Thread Daniel Drake
On 26 April 2010 10:07, Gonzalo Odiard godi...@gmail.com wrote:
 I can do a python version.
 I don't like having hundreds of files opened, it's ok with you?

I just wrote one, committing now.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] make-server-delegations output and importing to XS

2010-04-23 Thread Daniel Drake
On 23 April 2010 12:54, Martin Langhoff martin.langh...@gmail.com wrote:
 On Thu, Apr 22, 2010 at 4:50 PM, Daniel Drake d...@laptop.org wrote:
 OK, no problem.
 Just curious though, whats the justification behind this? is there an
 existing project that runs in this way?
 The single file model just doesn't seem so scalable.

 Thanks!  If we have a utility script that splits up such a file, I am happy.

 From the PoV of the programmers of the inventory systems we interop
 with, the simplest thing is to export a single file. That is what I
 want to ask from inventory backends.

 A single file simplifies little corner cases like what when a school
 disappears / stops having XOs ? (empty file? file removal?).

 There are number of such corner cases, and  by putting them clearly on
 our side of the interoperability we make them our problem, and we can
 work to make sure we handle them correctly.

OK, I pushed our work to git along with a README.delegation, comments
appreciated.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Roadblocks for a central OATS server

2010-04-23 Thread Daniel Drake
Hi Martin,

As discussed we're planning on putting a central internet-accessible
OATS server in La Rioja, in addition to the ones in the schools.
The purpose is to be able to deactivate stolen laptops before their
lease expiry (assuming the thief doesn't take the laptop to the
school, but does put it online somewhere else).

We're not yet in the stages of implementing this part of the system
(still working on the in-school OATS server and delegation
technicalities, obviously more important) but our discussions have
brought up some things which you'd probably be interested in
commenting on:

1. Our central internet-accessible server for this task runs Fedora 12
and will need to be kept up to date with any security fixes, distro
EOLs, etc.
Your olpc-bios-crypto package does not install on F12 (dependency hell).
While me doing a F12 rebuild is any easy option for me, I don't feel
comfortable leaving that process with the deployment team. So we've
showed them how to install it from git in a home directory, which is
easy, documented, and sufficient for these tasks. Problem solved, for
now, but OLPC really needs to get olpc-bios-crypto into Fedora...

2. Installing an OATS server
We need to actually install an OATS server on this F12 system and...well...how?
I assume installing the xs-activation RPM would pull in a lot of XS
packages, and perhaps has implicit dependencies on certain XS elements
(moodle?).
Another option is oatslite, but that doesn't support stolen
notifications and doesn't support delegations -- Guillermo decided
that we can't put the OATS master key on this server so we have to
produce keys for it, and give it delegations for all 60k laptops.
(trivial to add this code to oatslite, but this point remains as
something undecided and uninvestigated for now)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] make-server-delegations output and importing to XS

2010-04-22 Thread Daniel Drake
Hi Martin,

We're working on the antitheft stage where the private signing server
generates delegations and sends them to the internet-accessible
antitheft server.

We can work with the scripts that are already in bios-crypto but we're
a bit confused by their design. Perhaps we are missing something, or
maybe we're just encountering a disconnect being the first project to
be doing this.

The make-server-delegations script handles all laptops for all
schools, but is written in a model where all output data goes in 1
directory, separated by school, where the school name is embedded in
the output filename.

But the XS expects something quite different -- if you're putting
these on USB, it expects one-directory-per-school (where directory
name = school name), and within that directory it looks for very
specific names (e.g. d-lease.sig) which do not embed the name of the
school. And if you're going to be setting up an internet-based sync
service instead of using USB, the same structure makes sense, since
each school just rsyncs an entire directory and then passes it to
xs-activation-import.

While it's not hard to write a script to take the
make-server-delegations output and put it in the form expected by the
XS, we're wondering why this is necessary. Surely every deployment is
going to need to do this.

We're also a little unsure of the design -- it maintains 1 open file
handle per school. Thats 400 here, or presumably thousands if we're
talking a bigger deployment.


I propose a different design:

make-server-delegations works for 1 school, with 1 key, to produce a
single file full of delegations. The input file is:
SN1,UUID1
SN2,UUID2
and the output goes to stdout. (designed to be redirected to a file)

That way, the user gets much more control over the output structure.
Here, we'd run it one time for every school we want to process.

Thinking on an ongoing basis, it also means that it's much easier to
only generate delegations for the schools where the lists of laptops
have changed. You can store md5sums of the one-file-per-school laptop
lists and only re-run that school through the delegation generator if
it has changed since yesterday.

Thoughts?
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] make-server-delegations output and importing to XS

2010-04-22 Thread Daniel Drake
On 22 April 2010 17:39, Martin Langhoff mar...@laptop.org wrote:
 I propose a different design:

 Works for me as long as you also craft a script that handles the run
 from a whole CSV file.

 In other words, the main workflow starts with a single 3-field CSV
 file exported from an inventory system...

OK, no problem.
Just curious though, whats the justification behind this? is there an
existing project that runs in this way?
The single file model just doesn't seem so scalable.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Now completely fixed - ejabberd crashes when segregating presence by course...

2010-02-16 Thread Daniel Drake
On 29 December 2009 12:37, Martin Langhoff martin.langh...@gmail.com wrote:
 Thanks to Devon's good reporting, a few peeks at the server, and some
 discussion with the ejabberd dev team, this is completely fixed.

 Short version:

   yum --enablerepo=olpcxs-testing install moodle-xs ejabberd-xs

Should this be moved into stable now?

cheers
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] OpenDNS instructions don't work

2010-02-03 Thread Daniel Drake
http://wiki.laptop.org/go/XS_Techniques_and_Configuration#Use_OpenDNS
This doesn't work - xs-config.make says it shouldnt be used for
named-xs.conf, and named doesn't work afterwards since the config file
is borked.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] xs-activation and OS update info

2009-10-29 Thread Daniel Drake
2009/10/27 Martin Langhoff martin.langh...@gmail.com:
 Right... makes sense. I am a bit intrigued with the custom config file
 parser / writer (that is 3x the sloc of the whole xs-activation ;-) ).

It's not really a custom config file parser. It's a trivial change to
Python's own ConfigParser class. The only change is in the constructor
IIRC, which now lets you use a custom dictionary type.

 I am guessing the key motivator is that YAML, JSON and other config
 formats won't preserve ordering correctly, right?

I didn't feel that JSON is appropriate for a config file, especially
so in oatslite (which allows more per-OS configuration). I don't know
anything about YAML.

  - is MyConfigParser used anywhere else?

I don't understand this question. My patch only adds it for
xs-activation purposes.

  - odict is only needed on F9, correct?

It is needed up until Python 3.0, unless you know of a python ordered
dictionary class which is shipped with your distro-of-choice. (I don't
know of any, meaning that it will still be needed even with F12)

It's a bit ugly with these 2 classes but at least their importance is
trivial to explain and they can sit independently, and we have a path
for getting rid of them (Python 3.0).

 What is needed in terms of config parsing is pretty simple -- I
 suspect there are a couple of simple ways we could avoid depending on
 the ordering of the config file, with less code.

Alternative implementations/suggestions welcome :)
In my opinion the ordering is the main purpose of having to use a
config file here.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] xs-activation and OS update info

2009-10-29 Thread Daniel Drake
2009/10/30 Martin Langhoff martin.langh...@gmail.com:
 It is about avoiding maintaining a bespoke lib. If you say it is a
 variant on a python standard lib, do you think we can subclass it? Or
 is there a reason not to?

Yeah it can probably be subclassed.

 It is needed up until Python 3.0, unless you know of a python ordered

 I saw a commend mentioning that something wouldn't be needed w 2.6. On
 F11 we have 2.6... but maybe I misunderstood.

Ah yes, I forgot the specifics. odict is needed until Python 3.0, but
Python 2.6 adds the dict_type constructor parameter for ConfigParser
so MyConfigParser is not needed with python 2.6.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] PolicyKit dependency chain for headless machines

2009-10-25 Thread Daniel Drake
2009/10/23 Martin Langhoff martin.langh...@gmail.com:
 Working on the OLPC XS rebase to F11 -- I end up with random bits of
 gnome and kde, brought in by PolicyKit, which wants a
 PolicyKit-authentication-agent.

 Yum only seems to know of KDE and Gnome authentication-agents.

 How does PK handle users logging in in a VT? What is the
 authentication agent there?

The authentication agent is used only when a specific application
requests an operation which the local authority has marked as
requiring authorization. It is not used when logging in. I don't know
of any command line applications that make policykit requests, and I
don't know of any commandline authentication agents.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] minor xs-activation-httphandler bug

2009-10-23 Thread Daniel Drake
xs-activation-httphandler.py does:

lease = myoat.get_lease(sn, 300)
if lease is not None:
myoat.mark_served_lease(sn)
resp[lease] = lease

However, get_lease doesn't look like it will ever return None.
Instead, it returns False if there is no lease. So we get a response
with lease:false and the lease is marked as served for that SN.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Nepal XS customizations

2009-10-23 Thread Daniel Drake
2009/10/23 Martin Langhoff martin.langh...@gmail.com:
  - a script to simplify eth0 configuration

 How does that work?

http://hg.olenepal.org/NEXS_scripts/file/tip/netsetup.sh

 Notes on self test:
  - 32 tests performed, to check that: hostname has been set, both
 ethernet interfaces present, all the regular XS services running

 How does that work? Without the Nepal specific bits, that might be a
 nice addition to the XS...

A bash test wrapper and a series of tests:
http://hg.olenepal.org/NEXS_scripts/file/tip/tests

  - a clone of http://en.wiktionary.org  - an English definition dictionary
  - a clone of www.nepalisabdakos.com - a Nepali definition dictionary

 How do you mirror those?

Sabdakos: our personal contacts with the site sent us their db and source
Wiktionary: blog entry coming up whenever I have time, there were a
few challenges...

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Nepal XS customizations

2009-10-22 Thread Daniel Drake
Here are the customizations we're making on top of XS-0.6 here in
Nepal. This version will start being distributed to the field on
Monday.

Kickstart file modifications:
 - no GUI, just use text mode
 - auto reboot at the end of installation
 - no interactivity during installation
 - timezone and root password hardcoded
 - packages added: dansguardian, dependencies for nepal's E-library
system (www.pustakalaya.org) e.g. mysql, some php modules,
ImageMagick, java
 - added a nepal-specific nexs-custom customization package, and a
script from that package to run on firstboot (details below)
 - nepal-specific XS build number written to /etc/motd and /etc/issue

Build scripts including the customization file can be found at
http://hg.olenepal.org/NEXS-image-builder/

The customizations from nexs-custom:
 - udev rules to make sure that onboard LAN is eth1, and USB ethernet
adapter (for WAN) is eth0
 - apache configs to set up aliases for our various content components
and E-library
 - mysql config file to enable storage in /library and
1-file-per-table innodb setting
 - a script to simplify eth0 configuration
 - a self test system (details below)
 - various usbmount scripts to enable automatic content installation from USB

The firstboot script from nexs-custom:
 - configure and enable dansguardian
 - setup admin user account, with a predetermined SSH public key and password
 - configure and enable mysql
 - enable moodle admin account and set a predetermined password
 - beep and print some instructions to the screen

Notes on self test:
 - 32 tests performed, to check that: hostname has been set, both
ethernet interfaces present, all the regular XS services running,
Nepal content has been installed
 - it runs on every boot, logging the test results and info into
/var/log (max 500 logs kept)
 - it can also be run from a usbmount script which is triggered by a
file named nexs-run-self-test on the USB disk. In this mode it will
use aural beep codes to indicate test success and failure, in addition
to logging the test results and info back to the USB disk.

nexs-custom code is found at http://hg.olenepal.org/NEXS_scripts/

The content that we add:
 - Fedora Commons (www.fedora.info) and Fez frontend, and huge content
collection -- a clone of pustakalaya.org
 - a clone of http://en.wiktionary.org  - an English definition dictionary
 - a clone of www.nepalisabdakos.com - a Nepali definition dictionary
 - wikipedia for schools (http://schools-wikipedia.org/)
 - latest full version of OLE Nepal's huge educational content
activity, including the whole years worth of lessons (this is also
present on the XOs but only for a certain time period at a time -- the
overall activity is split into 6 different XO activities which are
distributed at different times through the year, the full version is
too big to store on XO)
 - some world maps, an atlas, and educational videos

some scripts we use for supporting the above content installation can
be found at http://hg.olenepal.org/NEXC-maint/

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] create_user and re-registration

2009-10-12 Thread Daniel Drake
Hi,

If an XO re-registers with the XS, its key is once again appended to
.ssh/authorized_keys. Since introducing automatic registration in
nepal we end up with many duplicate copies of the keys... any chance
this small patch could be added? or that we could overwrite instead of
append to the authorized_keys file?

Thanks,
Daniel


create_user_keys.patch
Description: Binary data
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] create_user and re-registration

2009-10-12 Thread Daniel Drake
2009/10/12 Martin Langhoff martin.langh...@gmail.com:
 Hi Daniel,

 Reasonable request... I reviewed the patch, expecting you'd be running
 `sort -u` over a tmp copy of authorized_keys, but it does nothing like
 that.

 How does it help, then?

What does sort -u do? The man page doesn't make it very clear.

The awk command I inserted simply removes all lines from a file that
are a duplicate of another. Or at least I hope it does - I don't
really know awk but have used this command in a handful of projects
now! So if there are 3 copies of the key in the file, 2 of them will
get removed.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.6 -

2009-10-08 Thread Daniel Drake
2009/10/7 Martin Langhoff martin.langh...@gmail.com:
 65d0816e002fe83f4e0130b6a92577377b9fd2e3  OLPC-School-Server-0.6-i386.iso
 c872907f1f696ea7bb1bb6e95319fa27e62ce76c  OLPC-School-Server-0.6-i386.img.gz

Great!

What's changed since 0.6d5?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] what is xs-callhome?

2009-10-06 Thread Daniel Drake
I just noticed for the first time this xs-callhome thing.
What's the intended purpose of it?

It seems quite broken at the moment. It is launched by cron every few
hours, but looks for configuration in the wrong place
(/etc/sysconfig/callhome instead of
/etc/sysconfig/callhome/callhome.conf). Can it be fixed or removed?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] noisy service dhcpd status

2009-09-24 Thread Daniel Drake
Running XS-0.6d, service dhcpd status is unusually noisy. It looks
like it is regenerating the config file every time I check its status.
Is this intentional?


# service dhcpd status
/etc /
xs-commitchanged -m 'Dirty state' dhcpd-xs.conf
#SERVERNUM := 1
#BASEDNSNAME := testxs.olenepal.org
cp /etc/sysconfig/olpc-scripts/dhcpd.conf.1 dhcpd-xs.conf.tmp
sed -i -e s/@@BASEDNSNAME@@/testxs.olenepal.org/ dhcpd-xs.conf.tmp
mv dhcpd-xs.conf.tmp dhcpd-xs.conf
xs-commitchanged -m Made from
/etc/sysconfig/olpc-scripts/dhcpd.conf. dhcpd-xs.conf
/
dhcpd (pid 3312) is running...


Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Troubles running F9 mock chroot under F11

2009-09-17 Thread Daniel Drake
2009/9/16 Jerry Vonau jvo...@shaw.ca:
 That should be do-able using mkslim (read it first) from xs-livecd's git
 repo, along with my idea to use a pre-configured updates repo on the
 iso.

 http://lists.laptop.org/pipermail/server-devel/2009-February/002937.html

Thanks! Got it working as follows:
 1. extract ISO
 2. copy in new ks file
 3. add more RPMs to Packages/ (using creative use of yumdownloader to
make sure that deps come with the new RPMs)
 4. createrepo --database --groupfile repodata/comps.xml .
 5. remove stuff that mkslim removes
 6. mkisofs

no need to mess with bdb stuff any more :)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Troubles running F9 mock chroot under F11

2009-09-17 Thread Daniel Drake
2009/9/17 Jerry Vonau jvo...@shaw.ca:
 Well not quite the way I would of done it, I was hoping someone else
 would test my idea, but glad you got what you needed done. Mind sharing
 the yumdownloader routine? I might try to use something like that to
 populate my updates repo, then remove any duplicates in the rpms what
 would take extra space on the iso.

During the build script:

cat EOF  yum.conf
[main]
reposdir=$(pwd)/yumrepos
cachedir=/var/cache/yum-xs
EOF

pushd ${isocopy}/Packages
yumdownloader -c ../../yum.conf --resolve mysql-server mysql php-mysql
expect ImageMagick graphviz php-tidy java-1.6.0-openjdk
java-1.6.0-openjdk-devel
popd


yumrepos/ then contains 2 repo files, one for F9 and one for F9 updates.

The only slightly awkward thing is that the added packages have to be
listed twice, once above and once in the kickstart file. Of course, we
could automate the construction of the ks file but that's adding more
complexity than I'd like to leave behind in Nepal.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [PATCH] create_user: fix handling of parameters - fixes empty authorized_keys

2009-09-15 Thread Daniel Drake
2009/9/15 Martin Langhoff mar...@laptop.org:
 We need doublequotes for interpolation. Single quotes look more
 symmetrical in if [ $a == 'x' ] constructs but we want the left
 side to be interpolated and the right side to be taken literally.

oops, I ran into the same issue with my own patch but looks like I
completely forgot to send a fixed one. Thanks for taking care of that!
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [PATCH] create_user: fix handling of parameters - fixes empty authorized_keys

2009-09-15 Thread Daniel Drake
2009/9/15 Martin Langhoff martin.langh...@gmail.com:
 On Tue, Sep 15, 2009 at 12:28 PM, Daniel Drake d...@laptop.org wrote:
 oops, I ran into the same issue with my own patch but looks like I
 completely forgot to send a fixed one. Thanks for taking care of that!

 Bad boy! Question: have you got other forgotten patches? Now'd be a
 good time to hear of them...

Not at the moment. I'm now tying up my work on the XS, which has
basically been modifying it to enable easy installation of Nepal's
pustakalaya E-library as well as all the other webapps they install
(wiktionary, wikipedia for schools, a Nepali dictionary, ...)
primarily using usbmount scripts.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Troubles running F9 mock chroot under F11

2009-09-15 Thread Daniel Drake
2009/9/15 Jerry Vonau jvo...@shaw.ca:
 Are you just adding rpms to the install media? Or are you trying
 something more difficult? I have a process in mind if you're just adding
 rpms to the mix...

Just adding RPMs would be enough, but also we're customizing the
kickstart file a little.

 However, I see that the older buildinstall(s) are not present any
 more(?)! (File a bug I guess)  If you were to add the buildinstall from
 F9's anaconda in revisor's script directory as F9-buildinstall, then the
 buildinstall from F9 should be used instead of the one on the host
 system.

I did that and it now fails at a later point. I first had to modify pungi.py
+buildinstall.append('--output')
 buildinstall.append(self.topdir)

and the end result is:

Linking in release notes:
 100.0%
Size of the installation tree is 518 MB
Traceback (most recent call last):
  File /usr/lib/python2.6/site-packages/revisor/__init__.py, line 528, in run
self.base.run()
  File /usr/lib/python2.6/site-packages/revisor/base.py, line 106, in run
self.cli.run()
  File /usr/lib/python2.6/site-packages/revisor/cli.py, line 44, in run
self.base.lift_off()
  File /usr/lib/python2.6/site-packages/revisor/base.py, line 867, in lift_off
self.buildInstallationMedia()
  File /usr/lib/python2.6/site-packages/revisor/base.py, line 1478,
in buildInstallationMedia
f = open(os.path.join(mypungi.topdir,isolinux,isolinux.cfg),rw+)
IOError: [Errno 2] No such file or directory:
'/var/tmp/revisor-pungi/0.5.2/xs-f9-i386/i386/os/isolinux/isolinux.cfg'
Traceback occurred, please report a bug at http://fedorahosted.org/revisor

The size should be more like 850mb.

Did you have any luck in your own experiment?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] disable makewhatis

2009-08-31 Thread Daniel Drake
Hi,

By default, makewhatis runs every day on the XS. Seems like a waste of
resources. Could we turn it off by default? The setting is in
/etc/man.config

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] idmgr broken in latest 0.6

2009-08-18 Thread Daniel Drake
Hi Martin,

Latest idmgr in the XS is broken. No laptops can register because the
database is still in the v2 format.

/home/idmgr/create_registration only creates a v2 database, and marks
the fs accordingly:
echo 2  /home/idmgr/storage_format_version

The spec file would then ordinarily cause the upgrade_2_to_3 to be
run, but it doesn't because commit 5ef89de945 makes the spec file
update that file to '3'

I think you should remove the line of code that updates
/home/idmgr/storage_format_version from the spec file (since
create_registration does that), and update create_registration to make
a v3 db.

Also, xs-restore needs the attached patch. Can you throw that in at
the same time?

Thanks,
Daniel
--- create_user.orig	2009-07-29 15:55:26.0 +0545
+++ create_user	2009-07-29 15:54:19.0 +0545
@@ -37,16 +37,26 @@
 exit 1
 }
 
+PASSWD_ONLY=0
+# this option allows the homedir setup (including dealings with ssh key)
+# to be skipped. useful when restoring from backups.
+if [ '$1' == '--passwd-only' ]; then
+	PASSWD_ONLY=1
+fi
+
 read username
 read full_name
-read uuid   #unused!
-read pubkey
+if [ '$PASSWD_ONLY' == '0' ]; then
+	read uuid   #unused!
+	read pubkey
+fi
 
 # check for sane values
 export LC_ALL=C
 echo $username | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$'  /dev/null || die bad username
-echo $pubkey | grep -s -E '^[A-Za-z0-9+/=]+$'  /dev/null || die bad public key
-
+if [ '$PASSWD_ONLY' == '0' ]; then
+	echo $pubkey | grep -s -E '^[A-Za-z0-9+/=]+$'  /dev/null || die bad public key
+fi
 
 homedir=/library/users/$username
 XO_USERS_GROUP=xousers
@@ -68,6 +78,8 @@
 NEW_USER=1
 fi
 
+[ '$PASSWD_ONLY' == '1' ]  exit 0
+
 #from here, if a new user was created, a failure will leave the user
 #there but unconfigured. So rather than simply dying, we try to clean
 #up first.
@@ -90,4 +102,4 @@
 chmod 600 .ssh/authorized_keys  || clean_up_and_die Unable to chmod authorized_keys
 chown -R $username .ssh || clean_up_and_die Unable to chown .ssh
 
-#clean_up_and_die goodbye
\ No hay ningún carácter de nueva línea al final del fichero
+#clean_up_and_die goodbye
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] idmgr broken in latest 0.6

2009-08-18 Thread Daniel Drake
2009/8/18 Daniel Drake d...@laptop.org:
 The spec file would then ordinarily cause the upgrade_2_to_3 to be
 run, but it doesn't because commit 5ef89de945 makes the spec file
 update that file to '3'

Also upgrade_users_2_to_3 doesn't work if idmgr was running. The
wasrunning check is broken - /var/lock/subsys/idmgr is never created.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] how to copy activation leases to XS?

2009-08-10 Thread Daniel Drake
2009/8/10 Joshua N Pritikin jpriti...@pobox.com:
 Is there an easy way to disable security on 30 laptops besides
 requesting dev keys, etc?

You could send the 30 serial numbers to OLPC and ask if they will
create developer keys on your behalf.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] revisor-2.1.8 rebuilt for F9

2009-08-06 Thread Daniel Drake
Hi,

In case anyone is interested... the revisor in F9 (used for XS builds)
is quite out of date.
It downloads everything twice, which is a real pain for Nepal. The
revisor developers told me this is fixed in the latest version, so I
rebuilt it for F9.

everything you need is here:
http://dev.laptop.org/~dsd/20090806/

I'm running a build with it now, so I'm not yet sure if it works or of
it actually does avoid the duplicate downloading

cheers
Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] revisor-2.1.8 rebuilt for F9

2009-08-06 Thread Daniel Drake
2009/8/6 Daniel Drake d...@laptop.org:
 I'm running a build with it now, so I'm not yet sure if it works or of
 it actually does avoid the duplicate downloading

It didn't work. Revisor is quite tied into anaconda, and revisor takes
advantage of various new changes in anaconda. It fails with the old
one shipped in F9. Getting new anaconda running on F9 looks like a big
headache.

:(

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] skipping or automating anaconda during install

2009-08-04 Thread Daniel Drake
2009/8/3 Jerry Vonau jvo...@shaw.ca:
 Might be an anaconda bug, can't recall off the top of my head.
 Are you being prompted for language/keyboard/timezone info only?
 Try # out interactive in the ks.cfg file.

That did it, thanks!
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS backup/restore feature

2009-08-04 Thread Daniel Drake
Here are new, tested versions of the backup/restore scripts.

They are more robust (not using temporary disk space any more), which
has a small speed penalty but should improve reliability and decrease
disk space requirements.

xs-backup now has a --uncompressed option which produces an un-gzipped
version suitable for rsync or similar.

could these be included in xs-tools? :)

cheers
Daniel


xs-backup
Description: Binary data


xs-restore
Description: Binary data
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] skipping or automating anaconda during install

2009-08-03 Thread Daniel Drake
Hi,

Does anyone know how to automate the anaconda step of the XS install?

I placed the details that we want (disk layout, root password and
timezone) in the .ks file but anaconda still prompts for that
information and more or less ignores all of my additions except for
the default disk layout changes.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS automount design

2009-08-03 Thread Daniel Drake
2009/8/3 Martin Langhoff martin.langh...@gmail.com:
 The other thing that bothers me is that unmounting it automatically
 makes a mess for anyone working interactively with USB sticks from the
 commandline.

 Remounting it RO at least leaves the mountpoint in place, and it's
 relatively easy and clear what to do.

That would work.

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS automount design

2009-07-31 Thread Daniel Drake
2009/7/30 Martin Langhoff martin.langh...@gmail.com:
 I don't know if usbmount is sane in the face of triggering the unmount
 from the mount-post-processing scripts.

It works fine and the usbmount code is already crafted to cleanly
handle such a situation. how do you feel about this 98-umount mount.d
trigger?

Daniel


98-umount
Description: Binary data
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] the first user is admin moodle policy

2009-07-30 Thread Daniel Drake
2009/7/30 Joshua N Pritikin jpriti...@pobox.com:
 If you guys need any help testing the XO laptop autologin stuff, don't 
 hesitate to
 ask. I'll do whatever I can to help you figure out why it's not working for 
 us.

I did a fresh XS-0.6d2 install and it works just fine here. Is anyone
else experiencing this problem?
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS automount design

2009-07-30 Thread Daniel Drake
It seems a little strange to me that the XS scripts that process files
on USB sticks do not unmount the disk after use. In fact they don't
even mount the disk in read-only mode.

Do we encourage users to login as root and unmount the disk before
unplug, or are we actually encouraging users that unmount is not
necessary?

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS automount design

2009-07-30 Thread Daniel Drake
2009/7/30 Martin Langhoff martin.langh...@gmail.com:
 No, we encourage them to wait for the done bells. Let me explain.

  - we don't have any scripts that write, but we will likely do, so
 mounting ro is not a good idea

  - we're either mounting sync or with the not-so-lazy async that was
 introduced a few kernels ago, so the sync is not delayed

 Are you getting the I'm done bells properly?

Yes. However I don't think it's safe to unplug a rw-mounted filesystem
at an arbitrary time, even if sync is enabled.
We could either mount it ro, or we could mount rw but umount when done
(just before the 2nd set of bells).

 I don't know if usbmount is sane in the face of triggering the unmount
 from the mount-post-processing scripts.

I'll try :)

Daniel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


  1   2   >