«Linux goes to school» virtual lab Howto

Howto
1

Hi all,

It seems Santa passed before its normal route here, and leaved an howto @alefattorini asked a lot of time ago. So here’s the BgLUG Project condensed in a virtual lab and an howto on how to configure it.

Configuration of a virtual school lab

Linux goes to school project

This work is distributed under the license Creative Commons Attribution - Share Alike 4.0 International that allows modification, use, copying and redistribution also for commercial purposes as long as it is shared with the same license.

This guide contains instructions for installing and configuring a school laboratory in a virtual environment. It is provided to lab managers or anyone who wants to check out the virtual lab environment for simulation, test, demo, or any other reason.

The school lab is designed in two parts:

  • The server with NethServer on-board, a CentOS-based GNU/Linux system which allows for an easy administration through an intuitive web interface and therefore suitable for people with little or no GNU/Linux knowledge;
  • The client with the Edubuntu distribution, a simple and complete distribution for educational purposes.

The guide was created using Ubuntu 14.04 and 16.04, but the commands should resonably also work on other Debian-based distro.

Installation Requirements

To create a virtual infrastructure which can support a lab with our configuration, it is essential to install the following tools: Ansible, Vagrant, VirtualBox and Git.

Ansible

Our solution allows (and in fact requires) to provision server and clients configurations with the help of Ansible.

The playbooks contained within the BgLUG’s GitHub repositories are based on Ansible version 2 branch, so you are required to use at least version 2.0.0, because the repositories contain options which are not available in previous versions. The simplest installation is from the official repository of Ansible via PPA:

sudo add-apt-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install ansible sshpass

FURTHER INFORMATION: sshpass library allows Ansible to simulate a password prompt for SSH connections.

VirtualBox

WARNING: Vagrant does not support Virtualbox 5.1.x, so it is recommended to install version 5.0.x.

VirtualBox is a virtualization system (technically, an hypervisor) designed for desktop use. It allows virtualization of the i386 and x86_64 architectures.

It is possible to install VirtualBox from official Ubuntu repositories as indicated below (replace trusty with your own version of Ubuntu/Debian: xenial, vivid, utopic, jessie, wheezy):

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'

Then download the GPG keys with the following command if your distro is Ubuntu 16.04 (Xenial) or Debian 8 (Jessie)):

wget -O- -q https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo apt-key add -

Or the following for all other versions:

wget -O- -q https://www.virtualbox.org/download/oracle_vbox.asc | sudo apt-key add -

Then install VirtualBox:

sudo apt-get update
sudo apt-get install virtualbox-5.0

Finally, download and install the Extension Pack from the VirtualBox website. Installation is done double-clicking the Extension Pack once downloaded; please be aware to download the correct one for your version of Virtualbox.

Vagrant

WARNING: the latest version of Vagrant (1.8.5 at the time of revision of this guide) has some problems with SSH authentication during first activation. It is therefore advisable to install version 1.8.4.

Vagrant is a system that allows to create and run virtual machines and containers in a quick and easy way. We will use the virtualbox driver to run virtual machines.

Download the installer from the official Vagrant website.

Assuming that the installer is downloaded as vagrant_1.8.4_x86_64.deb, you may install it with just a double-click or with the following commands:

sudo dpkg -i vagrant_1.8.4_x86_64.deb
sudo apt-get install -f

Git

Install it with the following command:

sudo apt-get install git

Install and configure the virtual lab

Configuring network interfaces in VirtualBox

The server uses two network interfaces:

  • One for the WAN (internet);
  • One simulating the LAN.

The WAN network interface will be configured automatically by Vagrant as a NAT interface as soon as the machine is started the first time; we will instead LAN one as a host-only interface with the following as follows:

  • Go to VirtualBox File menu, then Preferences;

  • Click on the Network section, then on Host-only networks tab;

  • Click the + button on the right to add a new virtual network interface card, which will be called for example vboxnet0. It is important to take note of this name, since it will be needed within virtual machine configuration file;

  • Double-click on the new network card you just created and set the following information:

    • IP address: 172.16.254.100 (or any other IP 172.16.254.x except .0, .1, .255);
    • Netmask: 255.255.255.0;
    • Click on the tab DHCP Server and disable the service;

Configurazione_laboratorio_scolastico_in_virtuale_01_VBox.png693×423 37.2 KB

Configurazione_laboratorio_scolastico_in_virtuale_02_VBox.png694×421 35.6 KB

Server virtual machine creation and startup

First of all clone the project from GitHub repository:

git clone https://github.com/bglug-it/server-config.git virtual-lab

Then install the Server virtual machine:

cd virtual-lab
vagrant up

Configurazione_laboratorio_scolastico_in_virtuale_03_vagrant_up.png722×229 39.6 KB

With vagrant up you will download an image (a box) containing a working NethServer 6.8 server system already set up to be run with Vagrant. After the download, vagrant up will create a new virtual machine within VirtualBox, name it NethServer and then will provision the virtual machine, setting up networking and SSH access.

Both Vagrant and Ansible will access the server VM using SSH protocol: Vagrant uses the local native vagrant account on a forwarded port (2222 on localhost), instead Ansible will access the VM as it was an host on the network (using vboxnet0 virtual interface). Ansible will use root account within init playbook, then will use the amgmt user within setup playbook.

FURTHER INFORMATION: Refer to the default password guide within the GitHub repository.

Server configuration via Ansible

Ansible will configure the virtual machine via SSH starting from the local PC. To simplify, quicken and automatize the configuration, the SSH authentication will use public/private SSH keys.

If you did’t create them already, create a pair of public/private keys with the following command:

ssh-keygen -t rsa -b 2048

It is optional to provide further information asked by the ssh-keygen command. Furthermore, we do not recommend to set a passphrase with this keys, to avoid a passphrase prompt at each Ansible run (security provided with a random-generated 2048bit key length is already much secure than a passphrase by itself).

Then run:

ansible-playbook init.yml --ask-pass

The requested password is the root user’s one, which, for a Vagrant box, is always vagrant. Please consult the default password guide for further explanation and reference.

The last command will set up SSH connection, creates the amgmt user, copy domain.yml file within the server (full path will be /etc/domain.yml), creates the /etc/facts.d directory, installs PyYAML extensions, python-libselinux and yum-utils packages.

From this moment on, Ansible will leverage SSH authentication configured with the amgmt user to authenticate itself and configure the system.

Now run the setup playbook to install and configure several packages within the server, such as SAMBA and PXE environment:

ansible-playbook setup.yml

FURTHER INFORMATION: We will clarify the role and the importance of some files within the server-config repository cloned with git:

  • hosts: contains the list of hosts that Ansible can manage. You may only find the IP address of the NethServer VM (172.16.254.1) and indications on what account to use for SSH authentication (amgmt);
  • domain.yml: contains the information Ansible will use to configure NethServer VM;
  • Vagrantfile: provides instructions to Vagrant for the automatic deploy of the virtual machine, configures its network stack and instructs Vagrant on calling Ansible to provision the newly created machine with the vagrant playbook;
  • init.yml: Ansible playbook that contains the instructions to permit further Ansible access to the server without requesting a password each time;
  • setup.yml: Ansible playbook that contains instructions to configure all necessary services within the server.

Set the Domain Administrator password

After completing the playbooks init and setup, open your favorite browser go to the following URL:

https://172.16.254.1:980

Ignore the security warning and login as root. Click on Next button to confirm all of the (standard NethServer) Wizard settings. Once you reached the Dashboard, click the Change admin’s password link, then change it to match the one indicated within the default password guide. This is really important if you want to test Edubuntu deployment within the virtual lab: the admin password must be the one indicated in the guide, unless the client deployment will fail (the machine will be unable to join domain).

Configurazione_laboratorio_scolastico_in_virtuale_04_nethserver.png787×418 40.2 KB

Create then some generic users for the teacher and the student, which will be used to access the client virtual machines.

The teacher account must belong to the docenti (teachers in english) and domusers groups.

The student account must belong to the domusers group.

FURTHER INFORMATION: The server is configured by default with the following four domain groups:

  • domadmins, Domain Admins: Members of this group can fully manage the entire internal domain. They can add machines to the domain and access the console of NethServer;
  • domusers, Domain Users: it contains all domain users. All users have a personal user folder and are authorized to access the shared folder named shared (Condiviso in italian, you will find it named like that on the desktop of the clients) in read/write mode;
  • domopers, Domain Operators: Users enrolled in this group have the ability to use the command sudo on all clients on the network;
  • docenti, Teachers: the members of this group can use Epoptes on the teacher client.

Final configurations for the server

Set the vault password that will allow the automatic domain join for clients virtual machines:

ssh amgmt@172.16.254.1
echo 'vault_password' > .ansible/vault.txt
exit

Technically, the vault is a crypted file which contains the Domain Administrator password in plain text format. This file is present in the
client configuration repository (see domainpwd.vault file
within the repository
client-pull-installation). The vault password is the key to decrypt this file, which happens on the client-side each time it starts.

Refer to default password guide to properly configure your vault password.

Creating the clients VM: the lab

After the server VM creation, the first step is always to create a teacher machine. After the teacher machine has been created, you have to leave it started and may create the client virtual machines (for the students).

NOTE: Every client is created with a local user, bglug. This user has permission to use sudo with no password prompt. As for the user password, refer to the default password guide.

Installing the teacher machine

Define manually a new virtual machine within VirtualBox GUI with the following features:

  • Operating System: Linux/Ubuntu (x64)
  • RAM: 1 GB
  • Disk: 10 GB (note: the default, 8 GB, is too narrow and the installation will fail!)

Then change the following settings:

Enable Network boot in the Boot Options between System options, they are used to start the installation process via PXE

Configurazione_laboratorio_scolastico_in_virtuale_05_sistema.png925×476 70.9 KB

Then on Network options set only the first network card with the following parameters:

  • Connected to: host-only Adapter
  • Name: vboxnet0 (the one created at the beginning after installing VirtualBox)

Configurazione_laboratorio_scolastico_in_virtuale_06_rete.png925×476 42 KB

Finally, start the virtual machine.

At first start, a menu should appear, in which you can select the voice Installa nuova macchina DOCENTI (Install a new TEACHERS client in english), then 64bit:

Configurazione_laboratorio_scolastico_in_virtuale_07_pxe1.png640×502 165 KB

Configurazione_laboratorio_scolastico_in_virtuale_07_pxe2.png640×502 164 KB

The installation of the teachers’ client will go on automatically.

Configurazione_laboratorio_scolastico_in_virtuale_07_pxe3.png640×502 8.77 KB

Once the preseed phase of installation will end, the client will reboot automatically twice. During these reboots, Ansible will configure the client and instructs it to join the domain.

When installation and configuration are complete, you can log in with any domain user you configured before (e.g. admin, teacher or student users).

Installing the students’ machines

The installation of the client machines, those for the students, is identical to the one for the teachers, with the following differences:

  • The teachers machine must be turned on while installing the client machines. During the configuration of the latter, Ansible downloads the certificate of the Epoptes server from the teachers’ machine (Epoptes is the software that allows to control the lab clients from the teachers’ PC);

  • Boot over the network (PXE) and choose the item Installa nuova macchina CLIENT (Install a new CLIENT machine in english).

After installation of the other lab machines, you may verify that within Epoptes on the teachers’ PC the newly created machines will appear as active.

Configurazione_laboratorio_scolastico_in_virtuale_08_epoptes.png800×408 118 KB

Caveats

Problems with VirtualBox 4.3.x

With the VirtualBox version provided within official repos in Ubuntu 14.04 and its Extension Pack, the creation of the server VM with vagrant up will fail:

==> NethServer: Importing base box 'nethserver-6.8' ...
There was an error while executing `VBoxManage`, CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.

Command: [ "import", "n", "/home/paolo/.vagrant.d/boxes/nethserver-6.8/1.0.0/virtualbox/box.ovf"]

Stderr: 0% ... 10% ... 20% ... 30% ... 40% ... 50% ... 60% ... 70% ... 80% ... 90%. ..100%
Interpreting /home/paolo/.vagrant.d/boxes/nethserver-6.8/1.0.0/virtualbox/box.ovf ...
VBoxManage: error: Details: code NS_OK (0x0)
VBoxManage: error: Context: "Interpret" at line 328 of file VBoxManageAppliance.cpp

Problems with Vagrant 1.8.5

IMPORTANT: Do not use the version 1.8.5 of Vagrant because of an issue with the key authentication; at some point after the command vagrant up, the following error appears then the setup will go in timeout:

...
==> NethServer: Booting VM ...
==> NethServer: Waiting for machine to boot. This may take a few minutes ...
    NethServer: SSH address: 127.0.0.1:2222
    NethServer: SSH username: vagrant
    NethServer: SSH auth method: private key
    NethServer: Warning: Remote connection disconnect. Retrying ...
    NethServer:
    NethServer: Vagrant insecure key detected. Vagrant will automatically replace
    NethServer: this with a newly generated keypair for better security.
    NethServer:
    NethServer: Inserting generated public key Within the guest ...
    NethServer: Removing insecure key from the guest if it's present ...
    NethServer: Key inserted! Disconnecting and Reconnecting using new SSH key ...
    NethServer: Warning: Authentication failure. Retrying ...
    NethServer: Warning: Authentication failure. Retrying ...
    NethServer: Warning: Authentication failure. Retrying ...
    NethServer: Warning: Authentication failure. Retrying ...
    NethServer: Warning: Authentication failure. Retrying ...
...

Hope someone will like it and try it :slight_smile: We will appreciate any feedbacks.

And Merry Christmas to anyone here :slight_smile:

10 Likes
2

What should I say? That’s a huge gift from your team to the whole community!
Hope that the @education_team will help you to test it thoroughly.

1 Like
3

Thnx a LOT @syntaxerrormmm!! I will give it a spin asap…
In the meantime I am busy installing NethServer on a server for a friend of mine. He comes from Zentyal 3.2 that I installed 4 years ago.
I decided to go the ‘easy way’: backup data and reinstall, then install necessary modules and restore data to the samba share.

2 Likes
4

That’s a great shot for our @education_team how can we consolidate that work in a module?

1 Like
5

Quite interesting and challenging task :slight_smile: In a lot of modules, you would better say.

I do think I should explain what you obtain once you have built the Server machine and maybe how to change configurations (at least something basic, all is needed to make modifications to our repository is reading the Ansible manual), but then we should review the features and find which one is interesting enough in Educational environments to be implemented with modules.

I know @paspo is working on reversing the Ansible Pull mechanism (from clients that pull configurations from the server and applying it to itself to applying changes pushing configurations from server via e-smith events and a webGUI). This will also mean to rewrite (again) the doraemon daemon (yes, plus @paspo’s forked php_rewrite has a WebGUI already). But that work is long and difficult.

Also something we have to concot is a way to manage localization (you will have clients in Italian only).

Also, we are still working on 6.8. So porting it to NS7 (managing also upgrades) would be a challenge in itself.

I’m doing a short list of roles of the server, but don’t hold your breath waiting :wink:

3 Likes