Welcome to Cameron's Adams State web page.

About me.

All posts

We are finally moving to dynamic routing on our network edge and a more traditional layout.

Here is what we are moving to:

   ProviderA     ProviderB
    |             |
    |   -----------
    |   |
  Firewall-----DMZ
    |  
    | 
  Other ASU Networks

Now for the fun stuff. We are using Devil-Linux which provides a recent version of Quagga. ProviderA switched on full routes for us and we had a complete Internet table within a few minutes on a 2GHz quad core Xeon. It could have been faster, wasn't really paying attention.

Here is what was reported for the full BGP IPv4 table:

  gbfw3# sh ip ro sum 
  Route Source         Routes               FIB                  
  kernel               5                    5                    
  connected            9                    9                    
  ebgp                 419061               419061               
  ibgp                 0                    0                    
  ------
  Totals               419075               419075

Quagga memory use:

  gbfw3# sh mem
  Memory statistics for zebra:
  System allocator statistics:
    Total heap allocated:  102 MiB
  ...
  Memory statistics for bgpd:
  System allocator statistics:
    Total heap allocated:  119 MiB

Some BGP memory detail (for our test link):

  gbfw3# sh bgp mem 
  774465 RIB nodes, using 47 MiB of memory
  418923 BGP routes, using 13 MiB of memory
  1 Static routes, using 32 bytes of memory
  1 Adj-Out entries, using 20 bytes of memory
  68594 BGP attributes, using 2412 KiB of memory
  11269 BGP extra attributes, using 792 KiB of memory
  60412 BGP AS-PATH entries, using 708 KiB of memory
  60468 BGP AS-PATH segments, using 709 KiB of memory
  1575 BGP community entries, using 25 KiB of memory
  6 BGP community entries, using 96 bytes of memory
  2 peers, using 5048 bytes of memory
  23 hash tables, using 460 bytes of memory
  130605 hash buckets, using 1531 KiB of memory

From top:

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
  7587 quagga    20   0  131m 121m 1220 S    0  6.0   4:15.48 bgpd
  7580 quagga    20   0  159m 103m  972 S    0  5.1   0:33.11 zebra

For comparison, here are entries from a 2 peer VM we used while testing BGP with only a couple of prefixes:

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
  1602 quagga    20   0 67964 2336  900 S  0.0  0.5   0:03.12 bgpd
  1081 quagga    20   0 11708 1532  936 S  0.0  0.3   0:00.02 zebra

  Memory statistics for zebra:
  System allocator statistics:
    Total heap allocated:  395 KiB

  Memory statistics for bgpd:
    System allocator statistics:
    Total heap allocated:  1059 KiB

Follow up post when we add ProviderB, and again when we advertise our IPv6 block.

Posted Fri 21 Sep 2012 01:55:00 PM MDT Tags:

For our latest library kiosks we used LTSP 5.3 on Ubuntu Precise server edition. The library needs called for a web browser only implementation with restrictions in sites available for browsing. Past iterations have included Thinstation on old hardware followed by full linux desktops on Dell FX160's. We stuck with the fx160 hardware and used chromium browser as the X session to good effect. In addition the LTSP server is a VM. Here is a rundown on the LTSP and chromium browser configuration:

From a base line Ubuntu server edition install, install the needed LTSP packages:

  apt-get install ltsp-server ltspfs ltsp-docs nbd-server tftpd-hpa 

Place some build environment parameters in /etc/ltsp/your-image-name.conf, our hardware is i386 based and we run in fat client mode:

  ARCH=i386
  DIST=precise
  CHROOT=fati386-web
  FAT_CLIENT=Y
  FAT_CLIENT_DESKTOP="xubuntu-desktop"
  PURGE_CHROOT=Y
  LOCALE="en_US.UTF-8"

Create the base ltsp environment. Not all of the options appear to work from the config file, so redundancy appears on the command line:

  ltsp-build-client --config=/etc/ltsp/fati386-web.conf \
  --chroot=fati386-web --fat-client \
  --fat-client-desktop="xubuntu-desktop" --purge-chroot

Chroot into the ltsp environment and add stuff (chromium) just like in the LTSP Administrator Guide, which is different from the current LTSP Docs:

  cd /opt/ltsp/fati386-web
  chroot .
  mount -t proc proc /proc
  apt-get install chromium-browser
  umount /proc
  cd ..

Build the kernel boot images and the nbd file system:

  ltsp-update-kernels
  ltsp-update-image -a fati386-web

The lts.conf file for the image (/var/lib/tftpboot/ltsp/fati386-web/lts.conf):

  [DEFAULT]
   SEARCH_DOMAIN=yours.edu
   DNS_SERVER=ip.address.here
   LTSP_FATCLIENT=Y

  # Library Kiosks
  [library]
   LOCAL_APPS_EXTRAMOUNTS=/etc/chromium-browser/policies/managed
   LDM_AUTOLOGIN=Y

  # Some library node entry
  [52:54:00:f9:6d:41]
   LIKE=library

For LTSP auto login create an account on the server with a hostname of a library thin client as the username, use the hostname as the password too:

  useradd libkiosk01

With proper entries in your DHCP server:

  group {
      next-server 192.156.134.103;
          option root-path "/opt/ltsp/fati386-web";
          filename "/ltsp/fati386-web/pxelinux.0";

          host libkiosk01 {
                    hardware ethernet 52:54:00:f9:6d:41;
                    fixed-address ip.address.here;
                    option host-name "libkiosk01";
                    }
  }

The station should be ready to boot from the server and auto login to a Xubuntu desktop.

But we want a chromium browser kiosk. So on the server create a .xsession file for the kiosk user:

  echo "/usr/bin/chromium-browser --incognito" > \
  /home/libkiosk01/.xsession
  chmod 755 /home/libkiosk01/.xsession

Now reboot the thin client and watch chromium start up. Chances are it won't fill the screen. There are settings near the top of the Preferences file to handle that, adjust those to your monitor resolution and restart the browser (home/libkiosk01/.config/chromium/Default/Preferences):

  "window_placement": {
     "bottom": 1024,
     "left": 0,
     "maximized": false,
     "right": 1280,
     "top": 0,
     "work_area_bottom": 1024,
     "work_area_left": 0,
     "work_area_right": 1280,
     "work_area_top": 0
  }

Use the chrome://settings pages in the browser to turn off caching or whatever. Then make the Preferences file read only on the server:

  cd /home/libkiosk01/.config/chromium/Default/
  chown root .
  chmod 750 .
  chwon root Preferences
  chmod 400 Preferences

To apply some global policies to the chrome browser kiosks get the chrome policy template for linux:

  wget http://www.chromium.org/administrators/policy-templates/policy_templates_m19.zip
  unzip policy_templates_m19.zip linux/examples/chrome.json

Customize the file for needs, and place it in etc on the server: /etc/chromium-browser/policies/managed/library.json

  {
   "HomepageLocation": "http://www.adams.edu/library",
   "URLBlacklist": ["*"],
   "URLWhitelist": ["adams.edu","marmot.org"],
  }

To get the thin client to use the file, notice the entry in the lts.conf provided earlier:

 LOCAL_APPS_EXTRAMOUNTS=/etc/chromium-browser/policies/managed

Works great as a web kiosk thus far, more info later.

Posted Fri 31 Aug 2012 03:15:40 PM MDT Tags:

Powered by ikiwiki.