Systemd based network setup on Debian Edu jessie workstations

This article describes how to use systemd-networkd on Debian Edu 8.x (aka jessie) notebooks.

What we have to deal with?

At the schools we support we have several notebooks running Debian Edu 8.x (aka jessie) in the field.

For school notebooks (classroom sets) we install the Debian Edu Workstation Profile. Those machines are mostly used over wireless network.

We know that Debian Edu also offers a Roaming Workstation Profile at installation time, but with that profile chosen, user logins create local user accounts and local home directories on the notebooks (package: libpam-mklocaluser). For our customers, we do not want that. People using the school notebooks shall always work on their NFS home directories. School notebooks shall not be usable outside of the school network.

Our woes...

The default setup on Debian Edu jessie workstations regarding networking is this:

  • systemd runs as PID 1
  • ifupdown manages static network interfaces (eth0, etc.)
  • NetworkManager manages wireless network interfaces
  • for our customers we configured NetworkManager with a system-wide WiFi (WPA2-PSK) profile

We have observed various problems with that setup:

  • By default, network interface eth0 is managed by ifupdown (via /etc/network/interfaces):
    auto eth0
    iface eth0 inet dhcp
    

    Woe no. 1: In combination with systemd, this results in a 120sec delay at system startup.

Résumé of our Edu Workshop in Kiel (26th - 29th January)

In the last week of January, the project IT-Zukunft Schule (Logo EDV-Systeme GmbH and DAS-NETZWERKTEAM) had visitors from Norway: Klaus Ade Johnstad and Linnea Skogtvedt from LinuxAvdelingen [1] came by for exchanging insights, knowledge, technology, stories regarding IT services at school in Norway and Nothern Germany.

This was our schedule...

Tuesday

  • 3pm – Arrival of Klaus Ade and Linnea, meet up at LOGO with coffee and cake
  • 4pm – Planning the workshop, coming up with an agenda for the next two days (Klaus Ade, Andreas, Mike)
  • 5pm – Preparing OPSI demo sites (Mike, Linnea)
  • 8pm – Grünkohl and Rotkohl and ... at Traum GmbH, Kiel (Klaus Ade, Linnea, Andreas, Mike)

Wednesday

  • 8.30am – more work on the OPSI demo site (Mike, Linnea)
  • 10am – pfSense (esp. captive portal functionality), backup solutions (Klaus Ade, all)
  • 11am – ITZkS overlay packages, basic principles of Debian packaging (Mike, special guests: Torsten, Lucian, Benni)
  • 12am-2pm – lunch break
  • 2pm – OPSI demonstration, discussion, foundation of the OpsiPackages project [2] (Mike)
  • 4pm – Puppet (Linnea)
  • 7pm – dinner time (eating in, Thai fast food :-) )
  • 20pm – Sepiida hacking (Mike, Linnea), customer care (Andreas, Klaus Ade)
  • 22:30pm – zZzZzZ time...

Thursday

My FLOSS activities in January 2016

In January 2016 I was finally able to work on various FLOSS topics again (after two months of heavily focussed local customer work):

  • Upload of MATE 1.12 to Debian unstable
  • Debian LTS packaging and front desk work
  • Other Debian activies
  • Edu Workshop in Kiel
  • Yet another OPSI Packaging Project

Upload of MATE 1.12 to Debian testing/unstable

At the beginning of the new year, I finalized the bundle upload of MATE 1.12 to Debian unstable [1]. All uploaded packages are available in Debian testing (stretch) and Ubuntu xenial by now. MATE 1.12 will also be the version shipped in Ubuntu MATE 16.04 LTS.

Additionally, I finally uploaded caja-dropbox to Debian unstable (non-free), thanks to Vangelis Mouhtsis and Martin Wimpress for doing first steps preparations. The package has already left Debian's NEW queue, but unfortunately has been removed from Debian testing (stretch) again due to build failures in one of its dependencies.

Debian LTS work

In January 2016 I did my first round of Debian LTS front desk work [2]. Before actually starting with my front desk duty, I worked myself through the documentation and found it difficult to understand the output of the lts-cve-triage.py script. So, I proposed various improvments to the output of that script (all committed by now).

During the second week of January then, I triaged the following packages regarding known/open CVE issues:

  • isc-dhcp (CVE-2015-8605)
  • gosa (CVE-2015-8771, CVE-2014-9760)
  • roundcube (CVE-2015-8770)

My FLOSS activities in December 2015

December 2015 was a month mainly dedicated to work for local contractors (local schools mainly) and my employer (University of Kiel, Git server migration).

At the end of the month I had the privilege of attending the 32c3 ([1]) where we had a little sprint for the Arctica Project. Thanks to my family and esp. to my wonderful wife for letting me attend this always fascinating event at the end of each year.

Horde Hacking

One of my local customers is really interested in using a non-gated-community mail provider, so he asked me to host his company's mail addresses on my mail company's server. Something I regularly don't offer (anymore) except for dear friends and very patient customers.

This customer sponsored several more work hours on hacking on the Kolab_Storage code in Horde and proposing bug fixes upstream [2,3,4,5,6,7,8]. Thanks for supporting my work on the Horde Groupware Framework. Thanks to Horde upstream maintainers (esp. Michael Rubinsky) for reacting on my bug submissions so promptly.

Debian and Debian LTS

Locally, I did a lot of work for our Debian Edu / Skolelinux customers again this months.

MATE 1.12 landed in Debian unstable

Yesterday, I did a bundle upload of all MATE 1.12 related packages to Debian unstable. Packages are currently building for the 22 architectures supported by Debian, build status can be viewed on the DDPO page of the Debian MATE Packaging Team [1]

Again a big thanks to the packaging team. Martin Wimpress amongst others did a fabulous job in bumping all packages towards the 1.12 release series before the Christmas holidays. Over the holidays, I was able to review his work (99% perfect) and upload all binary packages to a staging repository.

@Martin Wimpress: It is really time that we make a DM (Debian Maintainer) out of you!!!

After testing all MATE 1.12 packages on a Debian unstable system, I decided to do a bundle upload yesterday.

Lessons learned about bundling Debian uploads

It absolutely makes sense to hold back package uploads of a project like the MATE desktop until all relevant packages are reviewed, pre-built and tested.

When releasing MATE packages via the team's packaging Git [2], there are normally two actions to be taken on a package release:

  • commit "upload to unstable (debian/<pkg-version>)
  • tag that commit with "Debian release <pkg-version>

When reviewing so many Git projects, it is always problematic that people commit something else during the review phase. Especially, if the review work involves many packages (i.e., Git packaging repos) and requires several days or even weeks to get finished.

NEW: Arctica Project Mailing Lists

During our development sprint at 32c3 [1] and remote, we managed to get our--long awaited--mailing list server online:

Happy subscribing to those who are interested in remote desktop computing on Linux.

Disclaimer: Please note that the Arctica Project is still in its infancy and we hope to have first releases during the upcoming year. Also we actively and intensively continue maintenance of what was formerly known as NX (version 3) [2].

light+love
Mike

[1] https://events.ccc.de/category/32c3/ (traditionally down during the event)
[2] https://github.com/ArcticaProject/nx-libs

Jolla has received financing to continue the development of Sailfish OS

The force re-awakens. Jolla has received financing to continue the development of Sailfish OS.

For futher reading, see...
https://blog.jolla.com/jolla-back-business/

People, please consider switching over to the Jolla phone and (hopefully) to the upcoming Jolla tablet.

Stop using gated community [1] products [2,3]. The efforts done by Jolla on non-gated mobiled hardware is essential and should be supported by buying those products (i.e., help generating revenue). Providing Jolla with financial support can be one means of helping open-sourcing the Sailfish OS UIX developed by Jolla.

I wish everyone reading this a good transition into 2016 and a fine 'Twelfth Night' (German: Rauhnächte) period.

light+love from 32c3 [4]
Mike

[1] https://media.ccc.de/v/32c3-7550-opening_event#video
[2] http://www.apple.com/iphone/
[3] http://www.android.com/
[4] https://streaming.media.ccc.de/32c3/

First impressions of my new Jolla Smartphone

"It" has arrived [1]. Finally...

Summary first...

In a nutshell: Support Jolla, support the Mer Project, support the development of Sailfish OS!!! If you are brave enough, even get a Jolla device yourself and find out what it's like.

Impressions then...

First impression... Go and get one yourself. Jolla smartphones are awesome.

Second impression... Wow, there are some bugs here and there that require being fixed. Dropping the idea of giving away Jolla phones for X-mas to family members for now...

Third impression... The Jolla Oy company currently goes through some sort of a death valley [2] that startups regularly face. Let's keep fingers crossed that the company survives. Well, then...

Fourth impression... The hosting location of the source code of the free parts of the SailfishOS is not always evident. I am still investigating this... Especially software offered via http://openrepos.net does not always come with a reference to the source code of provided binary blobs.

Overall impression... If you are a nerd or brave enough otherwise, go and get one!!! Especially if your N900 gradually starts falling apart. Personally, my impression is that the Jolla smartphone is the best of an "up-to-date" Free Software phone, we can get at the moment.

My FLOSS activities in November 2015

November 2015 was a month where I could not work on much FLOSS, unfortunately. Due to family members and myself being ill, things got stalled and delayed. Local customer projects always receive prioritized attention in such phases.

Ayatana Indicators

As already posted in a separate article [1], I spent quite some time on studying the architectural design of Ayatana/Ubuntu Application Indicators. For the pure purpose of studying I forked various code projects around Indicators and tested them on Debian unstable. Unfortunately, I did not come to a point where things really started working at runtime. Git projects of the various Ayatana Indicators compenents can be found on Github [2].

Debian and Debian LTS

For Debian LTS, I had to dispatch several of the open hours to other team members, because things got delayed here. I spent 6.5h on backporting a patch for CVE-2015-1335 [3] to lxc 0.7.x (as found in Debian squeeze and Ubuntu 12.04) [4]. This is still work in progress and I hope for a solution before X-mas.

Locally, I did a lot of work for our Debian Edu / Skolelinux customers, but there has not been much to contribute back to the FLOSS realm, so far.

My FLOSS activities in October 2015

October 2015 has been mainly dedicated to contracted/payed work. Only a few issues I could address during the last month:

  • Fix FTBFS of Arctica Greeter on non-Ubuntu systems
  • Co-working on renewed Xinerama support in nx-libs
  • Development of GOsa² Password Management Add-on
  • Improving Debian Edu main server upgrade documentation (from Debian Edu squeeze to Debian Edu jessie)
  • Fixing my personal Horde Groupware installation for access via mobile devices
  • Learning Dovecot et al.

Arctica Project

While having a week off from work, I managed to get Arctica Greeter to build on non-Ubuntu systems. The issue was very simple. The build crashed during the test suite run and it was caused by the XDG_DATA_DIRS variable not being set in my clean build environment. Furthermore, I added various more session type icons to Arctica Greeter (XFCE, LXDE, MATE, OpenBox, TWM, Default X11 Session, etc.) and also rebased the Arctica Greeter code base against all recent commits found in Unity Greeter for Ubuntu 15.10 / upcoming 16.04.

Together with Ulrich Sibiller, I continued our work on the new Xinerama implementation for the remote X11 server nxagent (used as x2goagent in X2Go). However, this is unfortunately still work in progress, because various theoretical monitor layout issues became evident that require being handled in the new code before it can get merged into nx-libs's current 3.6.x branch.

Also, I managed to do some little work on https://arctica-project.org, the still too rudimentary project homepage.

Syndicate content