 Hello everybody, I welcome Andreas Mund who wants to explain something about new developments in Devin Edo. Just enjoy this total talk. Okay, welcome to the bath about Devin Edo. I will explain the current status and then I want to discuss how to continue with the work and how we can build on what we have today and develop the system even more. Okay, it's my very first talk at the Deppcon, so I just want to introduce myself. I have a scientific background. I studied physics and I spent several years at university doing quantum optics research. Then I worked in an optics company for about three years, but I quit that job and now I'm teaching at school and my students are in the age from 10 up to 19-20 years old and in this process switching to the work at school I started to work with Debian Edo and I'm looking forward to run a Debian system at school someday. Okay, just a small outline of the talk. I want briefly show you the history of Debian Edo. Then I will explain the system architecture and show you how the Debian Edo installation works. I will quickly go through the new features we have now implemented in our squeeze release and then I want to come to the main topic where I also ask you to bring in ideas and comments. What are our goals for VC and the future? I will discuss a few problems of Debian Edo from my point of view. Question that Debian Edo's goal is philosophy and I have some ideas and thoughts. I sketch a system which might solve some of these issues and then in the end I want to invite you to help with your input and your knowledge and your ideas. Okay, let's start with the very first point. We have to celebrate this year because Debian Edo or Schole Linux has become 10 years old now and today we have a lot of local groups in France and Germany, Norway probably much more which use this system, which modify it and which contribute to Debian Edo's goal in Linux. Okay, what is the system? What does the system look like? I brought a picture here and you see a setup I want to quickly explain. We have a main server and this main server contains all services we need for the system. So there's an LDAP database, Kerberos, KDC, home directory, web server, also Nagios and some other tools are installed on this server and apart from this server we have other profiles like you see here terminal server and workstations, work stations. These are Debian machines with a lot of educational packages and the terminal servers. They can serve these subnets here, you can see at the bottom and you can use diskless clients there or thin clients and they boot with PXE and so you have to only do the administration on the LTSP server and you can have 20 machines of this thin client for diskless clients without additional system administration. Then we have roaming workstations which are thought to be for machines that are not permanently in the network like laptops. Okay, how does, how is it possible to install such a system? It's pretty simple with Debian Edo. We have a customized Debian installer with our own artwork so you just start the DVD. You choose your language, you choose your country, a key map and then you have all these profiles I showed before to choose from. You can also combine these profiles so we can have a main server also combined with a workstation or with the LTSP terminal server so that's no problem. Then you are asked if you are happy with the automatic partitioning, you say yes, you enter the root password and all will be done for you. So the whole system will be set up depending on the profile you've chosen before and there's not much more to do than to just connect the machines as you as you planned it. Okay, what's new? With the Debian Edo squeeze release, we've now Kerberos for authentication and single sign-on. So quite some services are moved to Kerberos authentication. We don't need, we don't have the problem that we have passwords traveling through the network and things like that. It's all done with Kerberos now. So this is one feature, one new feature. Then we have a new graphical administration front-end. This is very important for schools because usually the system administration is not done by professional administrators but teachers which get some time off their usual job and it's important for them that they, that this part is as easy as possible. I don't know if you're familiar with GOSA, it's used by the city of Munich for their administration and we've now included it in our squeeze release and we have to see if it fits our needs and if it works like we expected it and then see how to continue on that topic. Okay, then as I said roaming profile for laptops is also a new innovation with the squeeze release and we've also switched to NFS version 4 which is important for the Kerberos stuff. This is not finished yet, this transition but it's all there to continue on that point. Okay, now from the past over the present to the future what are the goals for VC? I will just have a look at problems I see for current Debin Edo related this question in the Debin Edo School of Linux Philosophy. Thoughts and ideas to solve some of these issues and a sketch of the system I propose or I could imagine that it would have some advantages, of course some other disadvantages will also be there. Okay, what is our problem in Debin Edo? We have a lot of supporters, local user groups, teachers at schools which work on fine-tuning for their local area but we have much to view contributors for the Debin Edo config package. The Debin Edo config package is it's a well let's say an ugly package which at the end of the installation does a lot of tweaks to the system which are well it's just going on a little dispute if they are policy compliant or not. Most of them are probably not compliant and this Debin Edo config package is mainly worked on by sometimes zero people, sometimes one of three, one or two and three is really the largest number I've ever been seen working on that package on a on a regular basis you know and I ask myself why is this the case and well perhaps the package is simply too involved into complex. I made the experience if you can't follow the evolution of the system continue see you're quickly lost and then with every modification you do you break the system at some point and it takes another couple of hours if not days to fix it again. So then we have our own installer which is great of course but on the other hand to test this package we've always to do a new installation and this installation takes about half a day because there are about 25 gigabytes software installed for the main server and workstation and terminal server and yeah you fix the package you have to upload a package you have to wait until new CD is built and then you run the installation on a virtual machine and in most cases you found that you've overseen a little thing in your code and you start again and then the day is over. So this has a high frustration potential I hope you can understand this so over the years a lot of people that contributed moved more and more into a passive position where they just look what others do I got the impression and I now can really understand them because it's really yeah you get at some point you have the impression I don't learn anything anymore it's just fixing fixing and you run in a circle and with everything you fix you break something else and so you're kind of trapped and you're only if you have really really a lot of time you're able to develop something new okay I've already summarized that there are almost no resources left for new developments only keeping the status as possible and well I kind of understand this as being due to the fact that we modify the configuration of a lot of packages it's simply necessary because this the system is really working out of the box so we have to focus on a lot of small details and we use CF engine and things like that to bring this all in the shape we want to have it and of course if something changes then you have to react on these changes but if you are only a few people working on it then it takes quite a lot of time and there is a famous bug which addresses these modification of configuration files and it's like this bug it was when it was added to the bug tracking system it was thought that at some time we will solve this bug and it's just there for some time as a reminder but we're working on solving this bug but at the moment I have to say we have no time to to work in direction of solving this bug that's a question from I wonder if this half a day is when I do an installation of the main server and you have it the packages in a proxy the installation takes an hour so I'm a bit surprised even with those 25 gigabytes I wonder if your test system is so slow and if a faster test system which we could host on the net and use with KVM and people can access remotely would help for development maybe my machine is for sure not the fastest one so it's about probably five years old or something like that but even if if the installation is is faster there's a lot of things you have to do by hand like uploading the package and things like that so tedious work that yeah that that's kind of annoying well the what Debbie and Edo is is mostly some modifications to DBM so we can only test the result by our testing the installation because that is what we do so I think it's somehow inherent but maybe we should really look to get a faster machine which is available for Debbie and Edo developers so they can test on a faster machine to get this time half which is then still bad but less frustrating okay and the other thing I think one one problem we have is that and we always we have still not released our squeeze squeeze is still in the final steps of being released so we're always behind development and in the past we've been often there that Debbie and was already frozen and we could not really do changes anymore so I think this is also blocking us very much I think we should really get there that we release the squeeze very soon and then have now still a year to visa is frozen or 11 months two questions one is why wait for the CDO DVD generation can there be done on a local machine maybe self-generation and testing instead of uploading and redownloading maybe if you inject a the new package to an existing CD will be easier and the second one maybe some kind of mechanisms that also does installation with an answer answers file on a VM machine so it goes every time the CD is generated it tries an installation and saves the result I don't know for a day to or at least the log so you actually won't have to do something manually but just to connect to an installed machine and test the result I was actually doing what Lior has suggested when I was testing our installation packages which by now are the only packages we still have I used to build the package locally and inject it into the into the CD image that I had on this so all I had to do was to to burn again the CD image and that would shorten the cycle okay okay and for sure you can improve that but keep in mind and you also have to work on this this testing infrastructure and this I have the impression also takes a lot of time because we have our CD or DVD builder and all these things they have to be maintained as well and it's also that sometimes things don't work and you it takes some time until someone looks at it and then it's working fine again but yeah I thought about how how can this this we reduce this double infrastructure okay can I comment on that yeah I got an account on CD image dot debbie and org to build the debbie and Edo CDs there I just have not got around to do it so that is absolutely planned to build the CDs on the regular debbie and host and then we can get rid of that part of the infrastructure and for getting rid of the archive we need to and we used to have like 20 or something past 50 modified packages in debbie and Edo and nowadays it's only the packages starting debbie and Edo asterisk so once we have them and if once we can use them from debbie and we don't have to use our own repository anymore anymore so that will speed up things but it's because we're always lacking I think it's why we need to operate our own infrastructure in the past like five years ago it was really useful to have that but nowadays it's getting more and more blocker because there are less people working on debbie and Edo and those need to maintain this infrastructure instead of developing debbie and Edo okay well I want to ask a few basic or more say radical questions about how we how we address or what's what are what the goal of our system is up to now it has been it has been the goal that you install the system and it works out of the box and of course this is a really challenging goal because you're installing a system for a whole school and the only thing the guy that that installs the system has to know is his password more or less he has to have an idea about the system infrastructure what machine he wants to install at the moment and then he as I showed in the beginning he just enters chooses his language and few other things and the system is set up and it was very strictly demanded that this stays the same for example it it makes a lot of work to use the password you enter also for your KDC and for some other tools you you're using because you have to usually you don't have the clear text password so you have to tweak in the installer to keep that clear text password and use it also for other services which also might be a security issue and well it was said we don't want to have two passwords or something more complicated because our goal is to have this as simple as possible and I ask myself if we really need such a system which is so simple will a guy that depends on the simplicity of the installation will he be happy with the system in the end and I think the answers no because shortly after the installation there will be there will pop up things that are not perfectly solved and if he just is able to click on a few installation things and not more then he will be lost anyway so I want to ask if this is really a valid goal at the moment okay another argument in that direction is a lot of local groups I mentioned earlier used Devin Edo but they I know of no group which really use it it as out of the box there for sure are groups or schools but the the main or the most known groups at least I know in Europe they heavily tune the system for their needs they take it as an inspiration they use what they think is a good idea but they sometimes massively modified and so another argument for not taking to taking this this goal that anything everything works out of the box and is as simple as possible maybe relaxed at some point okay then of course you have different types of school schools with small children with almost grown up students and the packages you provide depend heavily on the on the school you're installing the system currently the focus is a bit on yeah I would say up to 1415 children primary school something like that and it's a bit of a waste that we don't open this up a bit and make it also more flexible related to the package selection so that you can for example choose for primary school or for secondary school or some school where perhaps even grown-ups are taught so this is also a point I I want to stress okay then how can we how can we find more people interested in in the system how can we find more developers and more users and if you look at the system you see the system the networking part it's completely general and it's no in no way special to a school so you could also use that for a small enterprise or for some association which runs a little office or a university work group they could use this system as well as every school and I would like to develop the system in a more flexible and more modularized way so that these groups also can can use it why of course you can use a lot of synergies between this a broader user and developer base and if you modularize it more it's it's easier to focus on one part of the system so if someone is a specialist for networking he doesn't have to look which packages are installed for the primary school so his job is to make the system work the networking so by choosing more a more modularized system I hope that part time developers are able to work on the system and will not after being away for two or three months can be completely lost and not not understand anymore what what happened and of course it also helps with testing and testing the single components for these different profiles this is a goal I want to look in myself is perhaps it's possible to to use five fully automatic installation and I can imagine that you provide different classes different five classes for example for school for primary school you have a class for a small enterprise you have a class and our users can also modify these classes and it's easy to include them then in the next release so that it's simple for the for the say downstream to provide their ideas for inclusion in our system but this is just an idea I haven't worked on it up to now but I want to start on that I think I think Ronnie arson is doing that he uses fight to install so Ronnie Ronnie Zeppelin IRC is doing that I think okay so you can ask him for that classes okay now I've sketched a proposed system which is a very radical change you could start with a standard Debian installation then you run a script which does all the stuff currently done by a BN data Debian Edu config this is at the moment included in the installation so you may scream odd it's not allowed but nothing else happens when when the Debian Edu installation is run so then you have your main server with all the stuff you need and in addition you have these the five packages and corresponding glasses as I explained it just now and then you install the other machines over the network you could you wouldn't need any installer CD DVD nothing no need to work on that the modifications are much more transparent to users and developers because you have this set of scripts which does all modifications everybody can easily send a patch for that it's it's clear how it works there's no installer tweaking which is rather complicated which is difficult to test and of course on the downside it does not work out of the box there for the first point that you don't need customized CDs or DVDs how would you get your your updated packages because you don't want to rely on Debian's latest stable distribution you want your own packages inside so it's no no so at least in the in your customized CD you can inject your own packages or at least the a school in a config but here how would you do it you want to answer we don't want our own customized packages we want them in Debian we have them in Debian not customized packages even the installer or the config which is although it might be only one package you still want the latest version yet that that's the script that's the script mentioned here you run a script so this will done by the script now yeah sure I'm not the most active in school Linux but I try I believe I can clarify that little issue there what is currently done by school in is correct me if I'm wrong it's not extra packages that needs to be part of the DVD but it is the the triggering mechanism of deep kind of preceding needs to be done very early with the current thing that he's proposing to do afterwards instead of integrated directly with the devian installer yeah just to be clear on the answer so you want people to install Debian and then download the separate script and run it but if there's a change to the script and it's already in Debian you won't have the updated version or may I maybe I'm missing something yes it is tricky it is if you have time enough to read bug 31 1188 let me try to summarize it that it's it's everything is in Debian school in Linux exist in Debian school in Linux uses makes use of this this configuration package in a different way than can is possible to do with standard Debian CD they need to set a flag in the CD media so that it uses Debian in a different way than Debian is possible to use Debian okay are you following me so so everything is in Debian the scripts that that Andreas wants to invoke after the installation is currently in school Linux invoked by the Debian installer and if you invoke it by the Debian installer then it violates Debian policy if you don't invoke it by the installer then it's not packages doing it it's okay I'm wrong here I'm stopping up my name is Peter Reynolds and the person behind the philosophy of school Linux and the initial design and the architecture and all that stuff anyway Jonas has some good points but there is disagreement between me and him on what's actually policy compliant I read the policy to mean that when you install a packet it will not do some things while he reads it that if you install a packet and do some configuration it will still not do some things basically in school Linux we set some flags and do some preceding to make sure we tell our packages to behave a certain way and configure some things I believe that to be policy compliant and you must do not but that's a question of interpretation the thing we agree on is that it's a bad idea to do it the way we do because it breaks upgrades so we should get rid of that anyway but that's why I was shaking my head for Jonas's comment on breaking the policy when that is said there's so much things I could say about the proposals from from Andreas and we probably should discuss it but I'd rather you completed your talk first and then we'll go into the long discussions maybe I just continue it's it will be finished in about three minutes I guess and then start with the discussion okay I already said that all other machines are then installed over the network and in the first goal we in the first for these machines we should try to get rid of these these modification of config files so all customization should be done by preceding so then we have a first step where we can work on if where we have a chance to win because these these machines in the network are not so complicated so that's really something we should be able to do and what are the advantages you have a clear split between main server other machines you have with these glasses you can simply do easy prototyping of new new sort of machines things like that and that can also do every every user and if he has a nicely working machine he can send us his his glass and we can include it and well okay and also upgrade re-installation of machines other than the main server should work without problems after that okay so now we already started with some discussion I already set up the goby thing maybe I can just start it here and you're welcome to did I lose the connection right maybe we can feel free to discuss the topics I've written what I said down here and now and I do large enough fine or okay so to give some comments on the design of school Linux a lot of the things you have described has been always part of the original design of the school Linux systems and your indication there is a conflict between ease of installation and flexibility I don't think that's a true conflict I believe it's perfectly possible to both have a simple installation that works out of box and a flexible system that can be tuned whichever way you want and it's always been a goal in school Linux to make that possible even if the features have been hidden most of the time because it's always been a goal for us to be able to convince unsure or hostile users to actually try school Linux and for that to happen you need to have a very easy to install system where you can actually get up and running and get a feeling of the advantages before they make the commitment to actually move to Linux and of course convincing people to move to Linux has always been the goal of school Linux not convincing Linux users to move over to school Linux because the Windows users and the Macintosh users are the the goal of the project the others are already on our side we don't really need to convince read that users use Linux there are so few of them that's not worth the effort so I think you should definitely move ahead then and continue making the system more flexible and making it more easy to to customize some of the initial designs were of course based on limitations in Debian installer and the framework we had available and also the limited resources we have we've gotten us a long way as Holger said we started with a lot of customized packages and have been a have been able over the years to convince a lot of maintainers to modify their installation system to allow preceding to configure all the things at least all the important things we needed we've dropped a few features as well because we decided it wasn't important enough to keep differences from Debian so but I really think it's important to keep the installation system out of the box to be actually working but it's perfectly possible to have one more question like do you want the advanced features and then you get heaps of more questions and heaps of more options but if I want my religion's teacher from high school to actually install anything he will not be able to understand half of the question that's all there already and we don't really want to increase the cognitive strain of the person trying out school linux for the first time without a really good reason so I'd like to remind that there's besides preceding the other policy compliant way to modify packages to drop configuration files into the directory like Apache Conf D these things so we can also use that doesn't have to be preceding and what I don't understand in your proposal is you're proposing to replace Debian Edu config by a script to make things easier but Debian Edu config is basically a script yes but it's it's it's much more complex because if you tell someone he wants to change this and that then he has to set up his the whole CD building stuff and has to build on his his own Debian Edu config package but if you have just the script it's easy to hack the script for his special needs but you can just run post-ins and you can run post-ins and that's the script what he means that the actual script is the post install script which you can just edit and re-run whenever you want so there's might be a package that actually packages the script but it's generally the same thing yeah but it's it's combined with some other features in some other stuff in Debian Edu config okay returning to some of your previous points you mentioned that you want to have a very simple installation that not many people would want to do and after a configuration after the installation on the other hand you mentioned that the complexity is a blocker and the third point was that people actually do modify their systems so I think we should better think we should better rethink about which is the target audience because if people do modify the installation afterwards we might convert some of the complexity of the scripts to good documentation and just let them do it by hand afterwards we still need some basic version that will work out of out of the box but on top of that we can just let them do additions and changes manually of course it would have to be wrapped in some way so they won't just edit files or hack the packages but something that is still can be done relatively easily to give a quick summary of what the school Linux Debian Edu actually is it's a set of preceding for the installer it's a press set of preceding for the packages packages being installed it's a partitioning set of partitioning rules and there is a bunch of packages being installed packages packages election selection and last there is some rewriting on configuration file at the end to make sure that the packages that didn't support preceding will get a proper configuration in the end that are all the parts that's school Linux and of course the configurations the set of configuration changes preceding or otherwise that's like the concept in in action but for the installer it's basically just setting up the preceding of the of the partitioner based on the profile you ask for and then it selects the packages you want based on the profile you ask for then it's continuous and install them and then eventually end up rewriting I don't remember if we actually rewrite more than one or two files I think the squid config maybe and some one more so there's very little left being rewritten at the end of the installation because almost all the packages have been precedable for like five years now and the complexity we can get rid of is it's not really much left there the scripts that's been running by from DB and you do config is the thing that's rewriting thing at the end and there is almost nothing left there of course installing the packages you want that's a meta packet or actually it's a task cell task but it also meta packet and partitioning well we do have some expectations on the partitioning you need this size for us are we need we want to have LVM and the installer can be preceded any way you want if you want to change the password of the root system or well we can do all sort of thing for example I've done some installation where we changed the partitioning but we also have some interesting complexities in the installer we run a background job to check if the file systems are full and extend them if they are to be able to install extra extra packages you can actually precedes outside the Debian system we have done this with PXE installation of a DB need you you can precede extra packages and when you you do that you actually can install extra more packages and if you install like open JDK that was a problem earlier you will fill up us are because it's a huge packet and to handle that they actually made a background package that the process that will resize partitions on the fly during installation but that's just sugar on top it's not part of the installation that's a vital part you just have to make sure the partitions are big enough so I hand over the mic for the last question or last remark so the background process during the installer that resizes the volumes sounds like something that would be really useful for Debian installer in general if you could contribute that back to Debian installer that would be great and then my other question was just that if there are only a couple of packages whose config files are being mangled by this post-inscript if you filed bugs against those packages asking for debcoff parameters to do what you need them to do because if you haven't it would be great to have those bugs so we have the documentation okay thanks so thanks thanks for this fruitful discussion I'm really sure we can continue it and it will be continued I'm trust on you and I but for several years and I really hope that Debian it will be a success I'm really proud on this project the next part of the next talk will be also here in the zoom the Debian science roundtable so feel free to join and thank you Andreas yeah thank you