HOWTO : Penguinzilla (DRBL) on Ubuntu 8.04.1

Penguinzilla or Diskless Remote Boot in Linux (DRBL) is developed by The National Center for High-Performance Computing (NCHC), Taiwan which is also the developer of Clonezilla.

DRBL is quiet difference from LTSP. Actually, DRBL is a NFS and NIS server.

Penguinzilla (or DRBL) is an Open Source software which is ideal for schools, libraries and cyber cafes. The current version is 1.9.1-26 which also supports remote boot Windows system by the technology of ATA over Ethernet (AoE). The current version of DRBL supports one NIC on the server.

However, I am not going to demonstrate how to configure AoE for Windows system. I am targeted to Linux only. I set up a worse but not the worst testing environment for this howto. The main purpose is to test the performance of the DRBL under this environment so as you can predict the performance under the modern hardwares.

The installation of DRBL and related softwares require about 4 hours as the server of the DRBL is very slowly.

The onboard NIC that manufactured on or beyond the year of 2001 supports boot from LAN (PXE).

Hardware
DRBL server – Athlon XP 2600+, 1GB DDR RAM, 200GB IDE HDD, 100Mbit NIC
Client (1) – IBM ThinkPad T23 (Intel P3-M 1.2GHz, 1 GB SDRAM, 100Mbit NIC)
Client (2) – VIA Eden 1.6GHz, 1GB DDR RAM, 100Mbit NIC
Router – Planet XRT-401E 10/100Mbit Broadband Router
HomePlug – LevelOne PLI-2020 85Mbit X 2

Software
Operating System – Ubuntu Desktop 8.04.1 or my remastered Ubuntu SE 8.04.1

Basically, the bandwidth of the testing environment is less than 85Mbit due to the HomePlugs limitation. The installation is done on the server only.

Installation

Step 1 :
Install Ubuntu Desktop 8.04.1 as is. The filesystem can be ext3 or reiserfs. The /boot should be ext2/ext3 only. Create a /tftpboot partition in ext3 or reiserfs in the size of 200MB per client at least, i.e. if you have 20 clients, the size of the /tftpboot should be 20*200MB (4GB). Reiserfs is slightly faster than ext3 under this testing environment.

Step 2 :
After installing the Ubuntu, you should download and add the GPG key for the DRBL.

wget http://drbl.nchc.org.tw/GPG-KEY-DRBL
sudo apt-key add GPG-KEY-DRBL

Step 3 :
Append the following lines to /etc/apt/sources.list.

deb http://free.nchc.org.tw/ubuntu hardy main restricted universe multiverse
deb http://free.nchc.org.tw/drbl-core drbl stable

Step 4 :
Update and upgrade the system before installing the DRBL. The process will take over 4 hours as the server of NCHC is very slowly.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install drbl

Step 5 :
Configure the DRBL server. Follows the instructions of the script. The first 2 questions should be answered as default (N). The third questions should be answered as 2 if you have clients come with modern CPU; otherwise, choose “0” for i386 and “1” for i586. The warning and briefing messages are in yellow that is very hard to read under a coloured terminal.

sudo /opt/drbl/sbin/drblsrv -i

Step 6 :
After that, it is high time to configure the clients but it is setting on the server. The first question should be answered “Y”. Follows the instructions of the script. I choose not to capture the MAC addresses of the clients and not to assign the same IP to the clients in my testing. Therefore, I cannot use Wake on LAN command. If you want to, you should make a file with a list of all MAC address of your clients.

You should know how many clients you have and make them under the instruction for this script. I do not choose assign public IP to the clients but allow NAT for the clients so as they can surf the internet. Lastly, make sure you save the configuration file by answering “Y”. Mostly, the default setting is okay.

sudo /opt/drbl/sbin/drblpush -i

Step 7 :
Now, you go to your clients and set the BIOS to boot from NIC (i.e. PXE or boot from LAN). Boot your clients now.

Step 8 (Optional) :
If you added some softwares on the server or added some clients, you should run the Step 6 again. If you have switched off the server, you should run the following command on the server when you boot it up every time.

sudo /opt/drbl/sbin/drblpush -c /etc/drbl/drblpush.conf

Step 9 (Optional) :
I chose auto login for all clients and the password for each client is at /etc/drbl/auto_login_id_passwd.txt.

Control Panel
The control panel of DRBL is at /opt/drbl/sbin/dcs and you can also ssh to control it.

sudo /opt/drbl/sbin/dcs

Performance
I have choose Full DRBL and SSI mode. SSI mode is slightly faster but it cannot save the individual setting of each client. SSI mode requires same hardware configuration of every clients.

The booting speed under this testing environment is more or less similar to boot up a Live CD/DVD on the client. The application softwares executing speed is also similar to running a Live CD/DVD.

If you boot all clients (two in my testing environment) at the same time, it will take longer time to boot up for every client. It is recommended to boot all the clients before the students coming into the computer room.

Conclusion
Penguinzilla (or DRBL) is a nice Open Source application that ideal for classrooms, libraries and cyber cafes. The Clonezilla features can clone the clients’ hard drive vice versa. It is very easy to setup and configure.

The bottleneck is on the speed of the hard drive and the bandwidth of the network. I recommended to use Gigabit network and NICs for all clients and server; the hard drive of the server should be RAIDed (such as RAID 0 or 5) or the server should be clustered.

HOWTO : Intrusion Detection System made easy

An Intrusion Detection System (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer system, mainly through a network, such as the internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.

EasyIDS is currently built from CentOS 4.6 and Snort. It is a passive system. EasyIDS is installed to a dedicated personal computer. It is very easy to setup or almost nothing to setup. For the installation and setup please refer to her website Documentation section.

EasyIDS at least requires two network interface cards (NICs), 384MB RAM or more and 8GB hard drive or larger. The system can be configure by mean of web GUI with your browser.

I put my EasyIDS behind my ZeroShell, a firewalled PC-based router, and connected to the other servers and clients by switches.

Home Network with Passive IDS

Home Network with Passive IDS

Switch with port mirroring is very expensive and hub is hardly to be purchased in Hong Kong nowadays. You can make a DIY network TAP according to this link.

The colour code of the cable and jack (I purchased 4 CLIPSAL jacks and 1 CLIPSAL panel) :
1 = orange/white
2 = orange
3 = green/white
4 = blue
5 = blue/white
6 = green
7 = brown/white
8 = brown

8 7 3 6
4 5 2 1

*If you have unplug and replug the cable(s), you should reboot your EasyIDS; otherwise, it will not work properly.

I am now working on turning the EasyIDS to be an Intrusion Prevention System (IPS).

Security is very important even at home!

Reference link :
IDS/IPS placement on home network
Construction and use of passive Ethernet TAP
Simple SOHO IDS with Snort & a DIY Network TAP
Building an Ethernet TAP

HOWTO : Home made NAS server with Ubuntu 8.04.1 – Part VII

Some personal NAS in the market comes with iTune music server. However, iTune is not an Open Source software.

Sockos is an Open Source personal music server that written in Java. She requires Sun’s Java Runtime. IcedTea is not compatible so far.

Sockos is a cross platform software and requires no installation. She can run on a standalone personal computer or on a server. For running on personal computer with GUI, please refer to her official site.

The client computer requires no mp3 player to play the music but may need Flash (optional). Flex player requires no installation of music player on the clinet computer. Other formats, such as WMV, OGG and Flac, require pre-installed music players that fit for the special formats.

The advantage of Sockos is that you can listen to your mp3 files at anytime and anywhere under the condition that fast internet connection is available. The disadvantage is that you should have at least IEEE 802.11g (54M) Wifi connection for smooth operation. GPRS and HSDPA do not work properly in my testing.

I am going to talk about running Sockos in Ubuntu Server 8.04.1 (without GUI).

Step 1 :

Install the Sun Java and runtime in the Ubuntu server (NAS).
sudo apt-get install sun-java6-bin sun-java6-fonts sun-java6-jre sun-java6-plugin

Download the Sockos from the official site. Extact it on your home directory of your Ubuntu server. If your server (NAS) is detached the keyboard and monitor, plug in them now.

wget http://sockso.pu-gh.com/downloads/sockso-latest.zip
unzip sockso-latest.zip
cd sockos-1.0.9

Step 2 :

Create a directory at /var for storing the database files.
sudo mkdir /var/sockos
chmod -R 0755 /var/sockos

Step 3 :

Run the server as user (such as samiux) at the physcial server at tty1 (Ctrl+Alt+F1) at /home/samiux/sockos-1.0.9.
sudo sh linux.sh –nogui –datadir /var/suckso

A directory namely “covers” and files “database.lck”, “database.log”, “database.properties” and “database.script” will be created on /var/sockso.

A console will be prompted and telling you that your IP address and the port 4444 to be used for the music server.

Step 4 :

Now, create the paths for the mp3 that located in the music server (your NAS – Ubuntu Server).

For example, if some mp3 files are storing at 3 locations, such as :
/home/samiux/music, /home/john/mp3 and /home/mary/songs.

At the console (at the server), type the following commands :
coladd /home/samiux/music
coladd /home/john/mp3
coladd /home/mary/songs

collist to list all the paths that you just created. You can delete the path by coldel command.

Step 5 :

You can create a user, e.g. samiux by the following command or create at the web interface.
useradd samiux 9876543210 samiux.com@gmail.com

(where 9876543210 is password and the other is your email address)

Your Sockos Music Server is ready but you should not exit the console; otherwise, it will terminate the Sockos. Leave it alone and press Ctrl+Alt+F2. You can revisit to the console again by pressing Ctrl+Alt+F1. Type “help” for assistance at the console.

Step 6 :

Go to your personal computer (client) and open a browser, e.g. Firefox and type the following on the address.
http://192.168.0.15:4444

(where 192.168.0.15 is your NAS address behind a router, 4444 is the port that Sockos to be used)

Warning

If you want to share your music files with others over the internet, you should beware the copyright law in the music industry or you may in serious trouble – lawsuit. You have been warned.

Enjoy your loving music at anywhere and anytime!!!