Difference between revisions of "Cool Solution - Using UCC as Image-Distribution-Server for other Univention Corporate Clients"

From Univention Wiki

Jump to: navigation, search
m (Reviewed)
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Version|UCC=1.0}}  
+
{{Version|UCC=1.0}}
{{Cool Solutions Disclaimer}}
+
{{Cool Solutions Disclaimer|Repository=no}}
 +
{{Out of Maintenance}}
  
= Introduction =
+
== Archive ==
  
The default partitioning of a Univention Corporate Client separates user data and system data. This allows a complete replacement of the system image with a newer one without loosing user data or the domain join status. Usually, these images are distributed through a NFS share created automatically on the Univention Corporate Server that has the UCC-App installed.
+
There is a version of this article for [http://wiki.univention.com/index.php?title=Cool_Solution_-_Using_UCC_as_Image-Distribution-Server_for_other_Univention_Corporate_Clients&oldid=12473 UCC 1.0].
 
 
In some cases one might not want to use a Univention Corporate Server to provide the NFS share. For example in a small branch office with very poor connection to the main office. Using an Univention Corporate Client as NFS server for the other UCCs might be an alternative that is described in this article. Since the free space is always limited on a thinclient, in such case one probably wants to use an USB pendrive containing the images.
 
 
 
Please note that this article does not take care of the PXE configuration. As this article addresses scenarios with small branch offices, we assume that the Univention Corporate Clients boot directly from harddisk (Local boot) and not via PXE. If that is not the case in your scenario, you need to adjust the PXE settings.<br>
 
'''Hint:''' You can follow [http://wiki.univention.de/index.php?title=Cool_Solution_-_UCC:_default-pxe-rollout_for_unknown_clients UCC PXE rollout] an replace the ''nfsroot='' part with the IP adresse of the UCC-Image-Distribution-Server.
 
 
 
= Recommended Procedure =
 
 
 
The following steps need to be completed:
 
 
 
* Install the designated UCC-Image-Distribution-Server with a normal UCC-Client Image
 
* Create the NFS share and mount the USB pendrive
 
* Specify the UCC-Image-Distribution-Server as server that holds the UCC-Image for the other Univention Corporate Clients
 
* Optionally: configure security settings to limit access to the NFS share
 
* Optionally: configure PXE-Settings
 
* Make the UCC-thinclients update their system image from the UCC-Image-Distribution-Server
 
 
 
== Install a Univention Corporate Client as Image-Distribution-Server ==
 
 
 
At first, we need to install the designated UCC-Image-Distribution-Server with a standard UCC-Image. This should be done according to the [http://docs.univention.de/ucc-manual-1.0.html UCC manual]. In the following we will assume that the official [http://docs.univention.de/ucc-manual-1.0.html#installation:officialimages UCC thin client image] is used.
 
 
 
After the installation is finished, log in to the UCC via ssh:
 
 
 
ssh root@ucc-image-server.univention.test
 
 
 
We need to disable the overlay filesystem and the read-only mode:
 
 
 
ucr set ucc/thinclientoverlayfs=false
 
ucr set ucc/boot/mount=rw
 
 
 
We assume that an USB pendrive is used to contain the image(s). So we need to create a directory to mount the USB pendrive and copy the images from the  Univention Corporate Server that holds the original UCC images:
 
 
 
mkdir /var/lib/univention-client-boot
 
umount /dev/sdb
 
mount /dev/sdb1 /var/lib/univention-client-boot
 
scp root@ucs-ucc-server.univention.test:/var/lib/univention-client-boot/ucc-1.0-rev2-thinclient-image.img* /var/lib/univention-client-boot/
 
 
'''Note:''' While publishing this article, UCC 1.0 rev2 is the current version, so we use ''ucc-1.0-rev2-thinclient-image.img'' in the examples. If you want to use a different image, you need to adjust the image name accordingly.
 
 
 
'''Note:''' On an Univention Corporate Client with the official thin client image, the first USB device will always be ''/dev/sdb''. If you don't use the official image or if you use more than one USB device, you need to replace ''sdb'' with the correct device name.
 
 
 
For upcoming reboots you probably want to add this to your '''/etc/fstab''' to make sure the USB pendrive gets mounted automatically:
 
 
 
/dev/sdb1      /var/lib/univention-client-boot ext4    defaults        0      0
 
 
 
Alternatively, it is also possible to use '''blkid''' for an unique identifier of a filesytem (block device).
 
blkid /dev/sdb1
 
/dev/sdb1: UUID="ee4aa6c3-6335-48f0-ba45-7a458d25aac4" TYPE="ext4"
 
In such case the line can be added as:
 
  UUID="ee4aa6c3-6335-48f0-ba45-7a458d25aac4"  /var/lib/univention-client-boot ext4    defaults        0      0
 
 
 
'''Note:''' In this example we assume the filesystem is Ext4, please change the line to reflect the filesystem in your disk (vfat -for FAT32-, ntfs or ext3 are other typical examples).
 
 
 
Now we can install the NFS server components:
 
 
 
apt-get install nfs-common nfs-kernel-server
 
 
 
To configure the desired NFS share, append the following to '''/etc/exports''':
 
 
 
"/var/lib/univention-client-boot"  *(ro,no_root_squash,sync,no_subtree_check)
 
 
 
Then export (= publish) the share:
 
 
 
exportfs -ra
 
 
 
Alternatively, restarting the NFS server will do the same:
 
 
 
service nfs-kernel-server restart
 
 
 
== Configure the image ==
 
 
 
The server that holds the image (assigned server) is specified at the LDAP object of the image. We need to change the assigned server using the Univention Directory Manager command line tool on an Univention Corporate Server Domaincontroller:
 
 
 
udm settings/ucc_image modify \
 
--dn univentionCorporateClientImageName=ucc-1.0-rev2-thinclient-image.img,cn=Images,cn=UCC,cn=univention,dc=univention,dc=test \
 
--set server=ucc-image-server.univention.test
 
 
'''Note:''' Multiple servers are possible. If you need to specify more than one server, use ''--append server=...'' instead of ''--set server=...''.
 
 
 
If you changed/updated the image, do not forget to change the '''md5 file''' as well:
 
md5sum /var/lib/univention-client-boot/ucc-1.0-rev2-thinclient-image.img | cut -c-32 > /var/lib/univention-client-boot/ucc-1.0-rev2-thinclient-image.img.md5
 
 
 
== Configure the clients ==
 
 
 
Now set the clients to check for an update on next boot:
 
 
 
[[File:Set_UCC_to_check_for_updated_image.png]]
 
 
 
They should now check for a new system image on the given UCC-Image-Distribution-Server and replace it.
 
 
 
== Limit access to NFS-Share ==
 
 
 
One might want to limit access to the images. This can be done by specifying only certain hosts or IP adresses in '''/etc/exports'''. The following example limits access to the 10.200.30.0/24 subnet:
 
 
 
"/var/lib/univention-client-boot"  10.200.30.0/24(ro,no_root_squash,sync,no_subtree_check)
 
 
 
Please refer to the manpages of exports ('man exports' on the UCS master) for more options.
 
 
 
= See also =
 
 
 
[http://docs.univention.de/ucc-manual-1.0.html#rollout:imagerollout UCC manual: Image rollout]
 
 
 
[http://wiki.univention.de/index.php?title=Cool_Solution_-_UCC:_default-pxe-rollout_for_unknown_clients UCC: Default PXE Rollout]
 

Latest revision as of 11:25, 8 September 2017

Produktlogo UCC Version 1.0

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Out of Maintenance


Archive

There is a version of this article for UCC 1.0.

Personal tools