====== Hayes Valley Community Center Project Report ====== ===== Status ===== //As one might guess, this is the section for the latest and greatest summary report.// //**2009-01-15**// New carpeting had been put in place. Server disconnected and everything brought down as a result. Jim Stockford and Tom Haddon showed up and reconnected everything. //**2008-04-16**// Much hilarity, best described by an email sent to the SF-LUG list: A few days ago, myself and Jim Stockford started getting alerts from the Nagios instance setup on the sf-lug box telling us that there was a problem with the server at the Hayes Valley project we (and other people on this list) have been volunteering at. Fair enough. I was planning to stop by there on Tuesday in any case, so figured I'd check it out then. When I arrived, it turns out that the place had been re-painted and during that process all the computers had been moved around, cables unplugged, reconnected, etc. Basically a complete mess. This included all of the workstations in the public area of the community center, but more importantly, it also included the server in the server room. The server is configured as the network gateway, providing DNS, DHCP, as well as "content filtering" through DansGuardian in a transparent proxying setup. So basically the fact that this server was down meant that the entire network was down, so it became my first priority. First of all I sorted out the cabling mess, and then booted the server. The boot process didn't complete and I was dropped into a recovery environment with limited commands available to me. I was able to see all the drives on the server, mount and inspect each one, and verify that everything seemed okay. Except that obviously everything wasn't okay. The recovery console had been preceeded by a message about the mdadm devices not being correctly configured (software raid). To make an extremely long story not quite so long, we were able to get the server back up and running by booting into an older kernel (manually applied updates had installed a new kernel in the 120+ days since the server was last rebooted, and we thought it might be worth trying the older kernel, which sure enough it was). So at this stage we had a server booting fine. Almost. We realised that we would want to change the default kernel to be the older one so that you would be able to perform an unattended reboot. At the moment, the default kernel was the newer one that was having problems recognising the software RAID devices, and so couldn't boot correctly. So we thought it would just be a simple matter of editing /boot/grub/menu.lst. Only problem is, /boot was empty. How so? We happened to know that /boot should be /dev/sda1, so we mounted that to the /boot folder, and then edited the menu.lst file as above to use the correct kernel. We then edited /etc/fstab, which sure enough had the entry for /dev/sda1 to be mounted as /boot commented out. Simple case of uncommenting the entry and rebooting, surely? Except when we reboot, it fails, saying there's a superblock error (don't remember the exact error message) with /dev/sda1. All other filesystems are mounted, but not /boot. It recommended something like running fsck against /dev/sda1, but checking for a different superblock. Unfortunately I don't remember the exact error. So the questions here are: • How did the system boot from a device that it failed to mount (we know it was booting from /dev/sda1 because the changes we'd made to /boot/grub/menu.lst when we manually mounted /dev/sda1 before rebooting were applied)? • How can we mount a partition if it's failing to be mounted as part of the boot sequence? • What checks can we do on the filesystem to confirm it's all good? //**2008-03-11**// JasonT paid a visit to KamiG's Tuesday evening gathering. Sometimes class, sometimes open lab, sometimes self-help group? Items of note: one of the admin computers was replaced with a Win machine because the admin really wanted some MS program to produce and publish calendars rather than use Scribus and some of the other alternatives given to her. Unsurprisingly, with the continued use of 'Adult' and 'Youth' standard logins on all machines, the desktops are getting mangled on a few of them(customizations gone wrong). Probably a way to just reload Gnome defaults(upon login) from a /skel directory or something? I'll check it with the sysadmins of the group at the next LUG meeting. JimS is volunteering to transport old junk equipment to ACCRC. KamiG would appreciate a gui to DansGuardian. Retaining summaries below because all are still open issues. //**2007-12-20**// JasonT and KamiG. Verified correct operation of DansGuardian -- instigated by questions about MySpace access. Also unblocked all *.doc files in DG filter. Did not check in changes. One of the PCs has been marked off as "broken" and after a little bit of troubleshooting, I have to agree! Appears the VGA port is no longer putting out a signal. Tried a combination of different monitors and cables to no avail. Machine should get fixed or removed/replaced(by spare in server room?) **soon**. //**2007-11-29**// JimS, TomH, and JasonT in the house this evening. Along with routine maintenance(updates, hardware fixes), we dropped of the SAN donated by ACCRC. Didn't get it working but we're now in touch with LSI Logic(mfr) in hopes of at least getting documentation. Otherwise, a few longstanding issues continue to persist... Jim Stockford suggested clarification for network equipment need. So far we have: * at least 24 ports worth of hub/switch(difference btw those network layers not a big deal in this particular layout) * ability to remotely power cycle said network equipment(either through remote login cmd execution or ethernet enabled plug, preferably the former) * ?? ===== Goals ===== This section intends to outline the goals of the project and answer some questions to those joining the project at any stage as to why we've chosen our specific approach. * Provide a sustainable and up to date computer lab to as many members of the Hayes Valley Community as possible. * Provide training and support to members of the community using this computer lab. * Facilitate that computer lab through an Open Source technology platform. ==== FAQ ==== * What services will you provide? * Core Services: * Broadband Internet - using [[http://www.mozilla.com/en-US/firefox/|Firefox]] browser. * Office Suite ([[http://www.openoffice.org/|OpenOffice)]]- word processing, spreadsheets, presentations, databases. * Printing. * Basic operating system applications (calculator, dictionary, file browser, search tools, etc.) * Additional Services: * Educational applications (periodic table applications, math programs, painting programs, etc.) * Photo management and editing applications ([[http://f-spot.org/Main_Page|f-spot]], [[http://www.gimp.org/|gimp]]) * Audio editing applications ([[http://audacity.sourceforge.net/|audacity]], [[http://www.jokosher.org/|jokosher]]) * Why [[http://en.wikipedia.org/wiki/Open_source|Open Source]]? * We have chosen to base this computer lab on Open Source technology for the following reasons. * It makes it easier to maintain/administrate and is lower cost * There are no licensing fees involved with the deployment of the software, which also makes it significantly more scalable. * Linux does not suffer the same virus problems that Windows typically does. This makes maintenance in a public lab significantly easier since we don't need to worry about running anti-virus software, keeping it up to date, etc. * Security and operating system updates always free - no ongoing cost to upgrade to the latest software. * It allows us to provide copies of the software to anyone attending the computer lab to install on their own computers for free. We can therefore encourage people to continue to build on the skills they learn at the computer lab. * Supportable by the local Linux User Group and the majority of long term administrative tasks can be done remotely. * What if I need to use Microsoft Office to gain experience for future employment? * Microsoft Office is an example of an Office Suite - rather than teach skills which are only applicable to one software vendor's Office application, we are interested in teaching people the skills to use any Office application (including Microsoft Office). Therefore, we choose to use OpenOffice, as it provides the following advantages over Microsoft Office: * Truly cross-platform (available for Windows, Mac and Linux, as well as FreeBSD, OpenSolaris, etc.), multi-lingual, vendor-neutral Office suite. * Supports ISO approved ODF Office document formats, as well as Microsoft Office document formats (.doc, .xls, .ppt, etc.). * Familiar interface to users of MS Office. * Native PDF export capability. * Freely available so we are able to provide a copy to anyone at the computer lab for use at home. * What if I need to use Adobe Photoshop to gain experience for future employment? * Adobe does not currently provide a version of Photoshop for Linux. Additionally, it is not currently sustainable for us to pay the licensing costs for this application. While the photo editing software provided with Linux is not identical to Photoshop, and the User Interface is significantly different, it is functionally similar. Therefore, we are focusing on providing access to photo editing tools rather than teaching a specific proprietary software application. * What if I need to use X application for Y reason that isn't available on the technology platform you provide. * There are functionally equivalent versions of pretty much every software application available for Linux. We will be happy to work with you to determine what Open Source software is most appropriate for your needs. ===== Project Details ===== **Background** //Who/What/When/Where/Why/How?// Once upon a time... Kami Griffiths contacted Jim Stockford to see if any SF-LuG members could volunteer to assist her with a community computing project. You can follow the email path in the online archive of the mailing list by searching for her name. Long story short, after a couple of initial aborted runs, updating a computer lab at the Hayes Valley Community Center(part of the San Francisco Housing Authority?) became the task at hand. The project was helped immensely by the generous hardware donations of two SF-LuG members, Romel Jacinto(15 Dell GX150s) and Johan Martin(2 Dell PowerEdge 2300 servers). From part of an email Kami posted, "Not everyone can afford a computer and the 2007 City Survey shows that 20% of San Francisco residents still don’t have a computer or internet access. That number jumps to 30% in the Southeast and the report highlights the growing digital divide when it comes to income, education level and race. There was a push to address this issue in the late 90s, government and foundation funding was plentiful and computer labs popped up everywhere. The current administration declared that there was no longer a digital divide, funding dried up and so did the salaries that paid for trainers and technicians to keep the labs running. But people still don’t know how to use the computer even though the need to know is growing." This lab will provide computing and internet access to the under-served community around it. In addition, this collaboration(SFHA, Compumentor, SF-LuG) may serve as a blueprint for future projects. SF-LuG members have an opportunity to learn as few of us have before... by teaching. Kami has already appealed for additional volunteers to teach a variety of computing subjects, focusing on the basics initially, but open to more advanced topics as the need arises. Parse through the notes below for a look at How this lab is coming together. It will constantly be under some level of construction. Your time, expertise and insight are encouraged and appreciated! Some history: [[http://www.thefreelibrary.com/NETg+Donates+$100,000+In+Training+Software+To+Hayes+Valley+Computer...-a054181414|NETg Donation]] **Current Status** //This is a meant to be a high level, non-technical summary of the current situation that can be understood by anyone.// We have 8 working desktop computers (Dell Optiplex) running [[http://www.edubuntu.org/|Edubuntu]] (desktop edition), and 2 spare desktops in the Server room which also have Edubuntu Desktop edition installed. We have a server (through which all the desktop computers connect to the Internet) in the server room (surprisingly), running [[http://www.edubuntu.org|Edubuntu]] (server edition). All workstations connect to the Internet through the Server, and the Server provides automatic content filtering through a program called [[http://dansguardian.org/|DansGuardian]] (this only works for http:// sites, not https:// sites). Each desktop can print to the Printer located next to the Kitchen area, and has this printer set as it's default. This is an HP LaserJet 4000TN. Currently each desktop stores it's own data, has it's own users set up, and has to be administered (installing applications, updates, etc.) individually. We have two options for how to ease the administration of this. * The first is that we centralise user management on the server, and also centralise where user documents (the /home directory) is stored on the server. This would also require some kind of automated way of rebuilding a desktop if it became corrupted, or if new desktops were connected to the network. * The second option is using Edubuntu Server Edition as a [[http://en.wikipedia.org/wiki/Ltsp|Terminal Server]] with the desktop computers booting off it. We are in the process of evaluating that as an option, as it would simplify maintenance (as essentially nothing is installed on the desktops, everything is stored on the server). **User Requests** //This section documents items that have been requested by the users that have not yet been implemented. Note that there's a separate section below for administrative issues that those involved on a technical level believe that need to be done - this simply covers items requested directly by the users.// * Connect the color printer (still in the box by the server) and verify if the scanners there will work with the new equipment. * Have connected the LaserJet 4000TN printer. I believe this is black and white only. Will connect the color printer next time we visit. * Install Google Earth. * Google Earth was installed and tested, but unfortunately the computers do not have fast enough graphics cards to be able to run Google Earth. Therefore, we removed it. If at some time in the future we get donation of better graphics cards, this may be revisited. **Contacts** * Kami Griffiths, Senior Program Associate at Compumentor(kgriffiths at compumentor dot org) * Gloria ?, SFHA Hayes Valley * DSL Contacts: SBC DSL Support 877-722-3755, Netopia/Motorola 510-597-5400 x1 ===== Technical Details ===== === Server Status === There is a script in /srv/scripts that gathers an overview "server status" (commands like mount, fdisk -l, etc.) every day. This is run from root's cron, and publishes the reports into /srv/reports. If there is any other info needed about the server, it should be added to this report. Might be nice at some point to automate backing up that info for reference. === Done: === * Installed edubuntu 7.04 i386 on 8 Dell Optiplex GX150s (plus one additional that has suspect BIOS message on boot, so isn't used): * Install Ubuntu 7.04 i386 alternate install CD * Create sflug user as part of the installation * Apply any security updates released since the CD was burned (this can be done later if needed - see below) * Software installed: sudo vi /etc/apt/sources.list # Remove references to CD as software source sudo aptitude update && sudo aptitude upgrade # This does software upgrades sudo aptitude install edubuntu-desktop gcompris kalzium khangman kmplot kig kpercentage kstars tuxkart tuxtype tuxpaint keduca kbruch flashplugin-nonfree * Setup adult and youth users (uncheck Administrator privileges and Monitor System Logs privileges) * Verified working monitors * Upgraded RAM on one of the Dell Poweredge 2300 servers to 2GB PC100 and then installed Edubuntu 7.04 i386 Server Edition * Noted 'WAN' IP address and option of 5 fixed routable LAN IP addresses * Server Configuration * Configured two network cards with static IP addresses * eth0: 192.168.0.1 * eth1: 192.168.1.200 * Serving DHCP to internal LAN clients from eth0 * Print Server HP LaserJet 4000 TN at 192.168.0.15 * DNS is still currently being served from the DSL router on 192.168.1.254 * Physical cable setup LAN Clients -> eth0 on server -> eth1 on server -> DSL router -> Internet - all clients go through the server to get to the Internet. Using IPTables to forward traffic from eth0 -> eth1 (see /etc/network/interfaces for details). This means that if this server goes down, none of the clients will be able to connect to the Internet. * Installed Dansguardian/URL Blacklist/Squid and tested – works through transparent proxying - we just redirect all traffic on port 80 to Dansguardian on 8080. The policy setting (/etc/dansguardian/dansguardianf1.conf) is set to 100 for sensitivity. We need to ensure identd server is installed on each client so that we can identify users, and thereby set access policies for content based on that. * / is mirrored 9GB drives, /home is mirrored 36GB drives (software mirroring). * Confirmed working status of all lab net plugs/cables * Set hard disk as primary boot device, and put a BIOS setup password on the computers (same password as for administrative user) so that someone has to know that password to be able to boot from a different device. * Tested performance of booting from the server (LTSP) - normal applications work fine, but video was a little choppy and no sound (could possibly be overcome, but didn't have time to investigate further). * Got scanner working following the advice of [[https://bugs.launchpad.net/ubuntu/+source/sane-backends-extras/+bug/88672|this bug]] == Time Spent == * Sunday July 8th: 2 x 6 hours, 1 x 3 hours * Monday July 9th: 2 x 3 hours * Wednesday July 18th: 5 x 4 hours? * Thursday July 19th: 4 x 3 hours * Saturday August 11th: 4 x 2.5 hours * Sunday September 30th: 3 x 4 hours * Thursday Jan 15th 2009: 2 x 1 hour === To Do: === == Immediate == * Post support information (how to contact us) somewhere, possibly with some troubleshooting steps. * Labeling of workstations, monitors * Confirm if drive /dev/sde is bad and if so remove * Transparent proxying through Dansguardian * Administration/backup/monitoring of the server – need to figure out some kind of plan * First thing is whether there's an email address that we can send log files/alerts to. * Would be better for each user to set up with their own account and login with that. (Eventually remove the sflug account?). Key based login much preferred. * LDAP/NFS mounting of /home so that we have user data stored on the server and effectively user can login to any workstation * Lock down user profiles * Script to rewrite/overwrite user profile if needed * Get details of Internet connection/who to call in case of Internet outages * Document current network layout, noting all node speeds (just acknowledging implication) * Autolog as possible auto logout tool (we want to do auditing of usage once we have LDAP in place) == Longer Term == * Setup other server as well (may need Johan's help with this) * as standby/backup * Gigabit connection between Server and hub/switch that clients connect on * Setup other lab accessories(printer(s), scanner(s), etc..) * Optimize video and audio settings on workstations === To Discuss: === * Giving people their own login if they're going to come back – allows for personalisation and better sense of ownership * Proprietary Codecs, etc. * Other possible software * Video Editing, etc. * Network layout * On 2007-09-14 Tom Haddon went to the management company and took the following pictures of their network area, which we believe overlaps with the network setup at HVLC (their building is immediately behind HVLC): * {{sf-lug:img_4287.jpg?linkonly|image1}} * {{sf-lug:img_4288.jpg?linkonly|image2}} * {{sf-lug:img_4289.jpg?linkonly|image3}} * {{sf-lug:img_4290.jpg?linkonly|image4}} * Where/what is that plan for sustainable operation of the lab? === Technical Questions: === * LTSP vs. networked file system setup? (See above - tested LTSP and found video stream choppy and no sound) * If LTSP, should/how to ensure local device access? (USB, CD, disk?) * If network file system, which? Distribute client boot image from server? * Other partitions setup? RAID status? Filesystem readout leaves me confused. === Other Stuff === * Work-In-Progress(WiP) [[http://www.sf-lug.com/projects/hayes_valley_community_center_lab/network/ |network diagram]] * [[http://www.sf-lug.com/projects/hayes_valley_community_center_lab/ |Dell PowerEdge 2300(servers) service manual and user guide]] * [[http://support.dell.com/support/edocs/systems/opgx150/en/ug/index.htm |Dell Optiplex GX150]] * [[http://www.sf-lug.com/projects/hayes_valley_community_center_lab/photos/class1/ |Pictures]] from first class with 6 of the donated computers, all running Edubuntu * {{sf-lug:hvlc_logo_ideas.pdf|Logo ideas}} * {{sf-lug:2882ug.pdf|SAN documentation}} ===== Volunteer Timetable ===== This timetable outlines dates and times that the center would like to have volunteers available at the center to "manage the lab" and/or provide technical assistance, and who is willing to provide that. ^ Date ^ Time ^ Volunteer(s) ^ The Skinny ^