DNS, DHCP and machines in GOsa

To: debian-edu@lists.debian.org
Subject: DNS, DHCP and machines in GOsa
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Fri, 29 Oct 2010 12:14:06 +0200
Message-id: <20101029101406.GA21536@flashgordon>
Mail-followup-to: debian-edu@lists.debian.org

Hi,

here is a description how to switch DNS, DHCP and machine management
over to GOsa.  As we disagree on which DNS server (powerdns or bind) to
use, I did not commit any changes so far.  The setup shown here is
using bind.  To make it work with powerdns, more changes to the
internals (of GOsa(?) powerdns(?)) are needed, which I don't have the
time to work on right now. 

First make sure to have installed the following packages:

gosa-plugin-dhcp-schema
gosa-plugin-dns-schema
gosa-plugin-sudo-schema
gosa-schema
bind9
ldap2zone

We initialize a brand new ldap tree. To do this follow this recipe:

You have to modify /etc/ldap/slapd-squeeze_debian-edu.conf to use the
bind schema:

Index: /etc/ldap/slapd-squeeze_debian-edu.conf
===================================================================
--- etc/ldap/slapd-squeeze_debian-edu.conf      (revision 70672)
+++ etc/ldap/slapd-squeeze_debian-edu.conf      (working copy)
@@ -9,22 +9,22 @@
 include         /etc/ldap/schema/nis.schema
 include         /etc/ldap/schema/autofs.schema
 include                /etc/ldap/schema/inetorgperson.schema
-include                /etc/ldap/schema/dhcp.schema
-include                /etc/ldap/schema/dnsdomain2.schema
+include                /etc/ldap/schema/gosa/dhcp.schema
+include                /etc/ldap/schema/gosa/dnszone.schema
 include                /etc/ldap/schema/kerberos.schema
 include                /etc/ldap/schema/ltspclientaux.schema

Now, make sure you load the right ldifs during ldap-bootstrap in your
machine's /usr/bin/ldap-debian-edu-install script: 

Index: /usr/bin/ldap-debian-edu-install
===================================================================
--- ldap-tools/ldap-debian-edu-install  (revision 70672)
+++ ldap-tools/ldap-debian-edu-install  (working copy)
@@ -127,16 +127,19 @@
     /etc/ldap/ipnetworks.ldif \
     /etc/ldap/netgroup.ldif \
     /etc/ldap/autofs.ldif \
-    /etc/ldap/dhcp.ldif \
-    /etc/ldap/dhcp_hosts.ldif \
-    /etc/ldap/dns_skole.ldif \
-    /etc/ldap/dns_ranges.ldif \
     /etc/ldap/samba.ldif \
     /etc/ldap/sudo.ldif \
     /etc/ldap/gosa.ldif \
+    /etc/ldap/gosa-server.ldif \
     /etc/ldap/ltsp.ldif \
     /etc/ldap/krb5.ldif
 
+## removed for gosa-sever to work: 
+#    /etc/ldap/dhcp.ldif \
+#    /etc/ldap/dhcp_hosts.ldif \
+#    /etc/ldap/dns_skole.ldif \
+#    /etc/ldap/dns_ranges.ldif \
+

Fetch the latest /etc/ldap/gosa-server.ldif from 
http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/ldap-bootstrap/gosa-server.ldif
if you don't have the latest revision available.

#To initialize the new ldap tree execute:
/etc/init.d/slapd stop
rm /var/lib/ldap/*.*
rm /etc/krb5.keytab*
rm /etc/krb5kdc/stash
/usr/bin/ldap-debian-edu-install

#If anything worked:
/etc/init.d/slapd start

# To allow GOsa to connect to ldap, replace the old password in
# /etc/gosa/gosa.conf by the new one saved in /etc/gosa/gosa.random_secret 

# bind configuration:
echo 'include "/etc/bind/named.conf.ldap2zone";' >> /etc/bind/named.conf.local
touch /etc/bind/named.conf.ldap2zone
ldap2bind
# check if anything makes sense:
less /etc/bind/db.intern
less /etc/bind/db.2.0.10.in-addr.arpa.

If anything is fine, switch off pdns:
--- a/default/pdns-recursor
+++ b/default/pdns-recursor
@@ -1,5 +1,5 @@
 # Variables for PowerDNS recursor
 #
 # Set START to yes to start the pdns-recursor
-START=yes
+START=no

--- a/default/pdns
+++ b/default/pdns
@@ -1,5 +1,5 @@
# Variables for PowerDNS
#
# Whether you want to start PowerDNS automatically.
-START=yes
+START=no

As we have no netgroups, modify /etc/exports. (I hope we can replace
that by using nfs4 and allow users with a valid kerberos ticket to
mount their home directory):

--- a/exports
+++ b/exports
@@ -9,4 +9,4 @@
 # /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
 #
 /opt/ltsp/i386 10.0.2.0/255.255.254.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.255.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)
-/skole/tjener/home0 @ltsp-server-hosts(rw,async,no_subtree_check) @workstation-hosts(rw,async,no_subtree_check) @server-hosts(rw,async,no_subtree_check)
+/skole/tjener/home0 *(rw,async,no_subtree_check)

Execute: 
exportfs -a

Now, stop all pdns services and start bind and or just reboot.  

If anything works (please report errors, I might have lost a change I
made but forgot to mention in this write-up), you can find tjener as a
dns and dhcp server in the 'systems' section of GOsa.

To add for example a new diskless workstation, use
Actions->Create->Network Device .
You can choose a name. Switch on DHCP and DNS, enter the MAC-address
(there is no autodetection (yet), perhaps we can implement that with
sitesummary). I have not prepared any pre-defined machines.

The setup needs probably fine tuning and polishing, however I hope this
recipe shows that with only minor changes (ready to be committed) and
switching to bind we have working machine management and the ability
to manage dns as well as dhcp within GOsa.

Regards,

	Andi

Reply to:

Prev by Date: Debian Edu IRC meeting, Monday, 8th of November, 21oo CET
Next by Date: Bug#601853: unblock: debian-edu-install/1.518 (freeze exception)
Previous by thread: Debian Edu IRC meeting, Monday, 8th of November, 21oo CET
Next by thread: Bug#601853: unblock: debian-edu-install/1.518 (freeze exception)
Index(es):
- Date
- Thread