Computer LAB Management

Reading time ~4 minutes

2012-08-09-computer-lab-management

2012-08-09-computer-lab-management

We have two labs with 16 computers each. In each computer we have installed the latest version of Edubuntu (Linux) with almost the same configuration (partitions, installed packages, etc.). It is a bit of hard work to manage all of them one by one, so we have tried to find workarounds to manage all of them at once. There are different ways and solutions to accomplish this in Linux, but we have adopted a simple and practical one, suitable for our case.

1 Setting a static IP to each computer

First of all, it is better to set a static IP to each computer, instead of letting them to get a dynamic (random) IP by DHCP. This is required for accessing and managing them remotely. It can be done like this:

  • First of all disable/remove the network-manager service, because it will try to configure automatically the network interface:
    apt-get purge network-manager
    
  • Then edit /etc/network/interfaces like this:
    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet static
      address 192.168.1.51
      netmask 255.255.255.0
      gateway 192.168.1.1
      dns-nameservers 80.78.66.66 80.78.66.67
    
  • Finally, restart the networking:
    sudo /etc/init.d/networking restart
    

Note: It is even better if we configure the DHCP server to give always the same IP to the same computer, based on the MAC of its network interface. However the method above is quite ok.

2 Managing computers remotely

In order to run commands remotely through ssh, without entering a password, we can generate a public-private key pair, and then put the public key on each computer.

  • Generate a public/private key pair:
    sudo su
    ssh-keygen
    
  • Transfer the public key to each PC and append it to /root/.ssh/authorized_keys:
    scp id_rsa.pub root@192.168.1.51:
    ssh root@192.168.1.51
    mkdir .ssh
    chmod 700 .ssh
    cat id_rsa.pub >> .ssh/authorized_keys
    chmod 600 .ssh/authorized_keys
    rm id_rsa.pub
    exit
    

Now we can run without password commands like this:

ssh 192.168.1.51 ls -al
ssh 192.168.1.51 apt-get update
ssh 192.168.1.51 apt-get upgrade
etc.

3 Administrating multiple computers at once

  • First install the package mssh (Multi-SSH):
    sudo apt-get install mssh
    
  • Now we can run the same commands on many computers, like this:
    mssh 192.168.1.51 192.168.1.52 192.168.1.53
    mssh 192.168.1.5{1,2,3,4,5,6,7,8,9}
    
  • However, for convenience we can put all the IPs in a file like iplist_lab1.txt, which looks like this:
    192.168.1.51
    192.168.1.52
    192.168.1.53
    192.168.1.54
    192.168.1.55
    . . . . .
    
  • Now we can run the command mssh with all of them, with a command like this:
    mssh $(cat iplist_lab1.txt)
    or 
    mssh $(<iplist_lab1.txt)
    

4 Getting the mac addresses

We need the MAC addresses of each PC in order to turn them ON remotely, from the LAN. We may also need them later to set up the DHCP server so that each computer gets a fixed IP.

In order to get them remotely, first we ping each IP, then we get the neighbor list with ip neigh, and finally we process it to get a clean list:

for IP in $(cat iplist_lab1.txt); do ping -c 2 $IP; done
ip neigh > mac_list.txt
gawk '{print $1 " " $5}' mac_list.txt > mac_list_1.txt
sort mac_list_1.txt > mac_list_lab1.txt
rm mac_list_1.txt

The final list mac_list_lab1.txt should be something like this:

192.168.1.51 2c:41:38:a9:82:ef
192.168.1.52 2c:41:38:a9:82:7c
192.168.1.53 2c:41:38:a5:94:f2
192.168.1.54 2c:41:38:a5:94:d7
192.168.1.55 2c:41:38:a5:98:66
. . . . .

5 Turning on all the computers remotely

Almost all of the computers nowadays support a feature called Wake-On-LAN (or WOL). It can be used to turn on a PC from the LAN by sending it a special packet. Let's see how we can use it.

  • First of all make sure that it is enabled on the BIOS Setup.
  • Then install the package wakeonlan:
    sudo apt-get install wakeonlan
    
  • Then get a list of MAC addresses and IPs of all the computers. It can be generated by rearranging the columns on mac_list_lab1.txt:
    gawk '{print $2 " " $1}' mac_list_lab1.txt > lab1.wol
    

    The file lab1.wol looks like this:

    2c:41:38:a9:82:ef 192.168.1.51
    2c:41:38:a9:82:7c 192.168.1.52
    2c:41:38:a5:94:f2 192.168.1.53
    2c:41:38:a5:94:d7 192.168.1.54
    2c:41:38:a5:98:66 192.168.1.55
    . . . . .
    
  • Then, to turn ON all the computers on LAB1, run the command wakeonlan with this list as a parameter:
    wakeonlan -f lab1.wol
    

6 Turning OFF all the computers remotely

A PC can be turned OFF using the command poweoff remotely, like this:

sudo su
for IP in $(<iplist_lab1.txt); do echo --$IP; ssh $IP poweroff; done

Here, iplist_lab1.txt is a list with IP-s of all the PC-s, like this:

192.168.1.51
192.168.1.52
192.168.1.53
192.168.1.54
192.168.1.55
. . . . .

7 Adding an administrator user

The computers in LAB1 initially were installed with user student as administrative user. These steps show how to add another administrative user and how to remove the administrative privileges from the user student.

  • Create user administrator:
    adduser administrator
    
  • Add this user to groups:
    adduser administrator adm
    adduser administrator dialout
    adduser administrator cdrom
    adduser administrator plugdev
    adduser administrator lpadmin
    adduser administrator admin
    adduser administrator sudo
    
  • Remove the user student from privileged groups:
    deluser student adm 
    deluser student admin
    deluser student sudo
    

8 Remove autologin

The initial configuration of the computers in LAB1 was to autologin to user student. In order to remove the autologin, edit /etc/lightdm/lightdm.conf and leave empty autologin-user=

Author: Dashamir Hoxha

Created: 2019-01-24 Thu 05:13

Emacs 25.1.1 (Org mode 8.2.10)

Validate

OpenPGP Web Key Directory

OpenPGP Web Key DirectoryOpenPGP Web Key DirectoryTable of Contents1. Introduction2. How WKD works3. Building a WKD3.1. Create the direct...… Continue reading

SMTP Server with LDAP Authentication

Published on April 17, 2021

Using WireGuard VPN

Published on November 09, 2020