Bug#996103: debian-edu-config: missing real support for LTSP chroot creation and maintenance

To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Subject: Bug#996103: debian-edu-config: missing real support for LTSP chroot creation and maintenance
From: Wolfgang Schweer <w.schweer@gmx.de>
Date: Mon, 11 Oct 2021 11:20:06 +0200
Message-id: <[🔎] YWQBxqsxDp26GniK@star>
Reply-to: Wolfgang Schweer <w.schweer@gmx.de>, 996103@bugs.debian.org

Package: debian-edu-config
Version: 2.11.56+deb11u1
Severity: important

Hi,

bug #995610 has been reported concerning possibly missing firmware when 
doing PXE installations on real hardware.

Same applies to LTSP thin clients and diskless workstations, but this 
issue slipped my attention, too. (No real hardware available, VMs only.)

As of now, after generating the SquashFS image for thin clients, the 
related chroot is removed. Updating the image after possible package 
upgrades is done via running chroot creation from scratch again; reason 
has been to don't bother unexperienced admins to deal with chroot 
issues (like temporary files, proc and devpts).

Installing firmware packages inside the thin client chroot would even 
require to adjust the sbin/debian-edu-ltsp-install tool (after having 
copied it to /usr/local/sbin). Unexperienced admins would be left w/o a 
clue if LTSP client boot fails in case of network cards needing 
firmware.

The new LTSP (as of bullseye) has an approach different to LTSP5 which 
shipped a dedicated tool to create and maintain chroots.

Such a tool should be available for Debian Edu 11. In addition, a tool 
allowing to easily install firmware packages in LTSP chroots should be 
available.

LTSP chroot creation and maintenance for diskless workstations should be 
possible (as opposed to creating the SquashFS image from the LTSP 
server's file system). It would allow one to generate dedicated client 
images with possible needed firmware w/o spoiling the LTSP server 
filesystem by installing them there.

This would also be a secure fix for #993935 (privacy issues for combined 
servers). Unexperienced admins can't be expected to copy the 
sbin/debian-edu-ltsp-install tool to /usr/local/sbin and adjusting the 
exclude list to site specific needs.

The sbin/debian-edu-ltsp-install tool (and some others) would need 
related adjustments. Related manual pages need to be adjusted/added.

A wrapper tool for the 'ltsp ipxe' command needs to be added to allow 
one to easily update the iPXE menue after changing the default netboot 
menue item after /etc/ltsp/ltsp.conf file edits.

All above mentioned changes are already in unstable (with fixes in Git).

Once tested, these should go into bullseye-pu.

Wolfgang

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Content and translation status for the debian-edu-bullseye manual
Next by Date: Processing of debian-edu-config_2.12.5_source.changes
Previous by thread: debian-edu-doc_2.12.1_amd64.changes ACCEPTED into unstable, unstable
Next by thread: Processing of debian-edu-config_2.12.5_source.changes
Index(es):
- Date
- Thread