SchoolTool demo server
======================

Look at README.txt for an architectural overview.

Installation
------------

This document is written with the assumption that the host system is running
Debian GNU/Linux.  The commands listed here need to be executed as user root.

  # apt-get install -t testing rootstrap screen

Rootstrap from Woody will not work.

  # adduser --system --group --home /opt/schooltool-demo --no-create-home \
            --shell /bin/sh schooltool-demo
  # mkdir /opt/schooltool-demo
  # cd /opt/schooltool-demo

If you have subversion

  # svn co http://source.schooltool.org/svn/trunk/demo src

Otherwise, create /opt/schooltool-demo/src and copy the source tree there.

You will need a C compiler and development libraries for the following step

  # make -C src scripts/schooltool-new

Now edit the rootstrap config file

  # cp src/uml/rootstrap.conf .
  # vi rootstrap.conf

Examine all sections marked with XXX and see if they need any changes.
Most of the defaults should be OK.  The 192.168.200.x network mentioned
there will be a new virtual network, so change it if it collides with an
existing network.  The nameserver setting should be changed if the host
system does not run a local (caching) nameserver.  Also choose a Debian
mirror closest to you.

Enable network access for the virtual network.

  # iptables -t nat -A POSTROUTING -s 192.168.200.100 -o eth0 -j MASQUERADE
  # echo 1 > /proc/sys/net/ipv4/ip_forward

Then run rootstrap to create a UML image:

  # rootstrap schooltool.img

Now go get yourself a cup of coffee.  Once rootstrap is finished, do

  # linux umid=schooltool uml_dir=. ubd0=schooltool.moo,schooltool.img \
          mem=128M eth0=tuntap,,,192.168.200.1 con=pty con0=fd:0,fd:1 single

(replace 192.168.200.1 with the host IP you set up in rootstrap.conf)

  uml:# mount none -t hostfs /mnt
  uml:# sh /mnt/opt/schooltool-demo/src/uml/install.sh

You'll have to press Enter several times to choose the default answers to
debconf questions.

Edit democonfig.py to set the hostname, SMTP server and other parameters
if necessary.

  uml:# vi /opt/schooltool-demo/lib/democonfig.py

Customize Apache httpd.conf

  uml:# vi /etc/apache/httpd.conf

Interestion options are ServerName, and ServerAdmin.

Change the root password.

  uml:# passwd

Done:

  uml:# halt

Disable network access for the virtual network.

  # iptables -t nat -D POSTROUTING -s 192.168.200.100 -o eth0 -j MASQUERADE
  # echo 0 > /proc/sys/net/ipv4/ip_forward

Merge the image

  # mv schooltool.img schooltool.img.orig
  # uml_moo -b schooltool.img.orig schooltool.moo schooltool.img
  # rm schooltool.moo

You can make a backup of the image if you want to be able to easily go back to
this pristine condition.

Make sure the schooltool-demo user can access /dev/net/tun:

  # addgroup tuntap
  # adduser schooltool-demo tuntap
  # chown root:tuntap /dev/net/tun
  # chmod 660 /dev/net/tun

Make the image writable to schooltool-demo

  # chown schooltool-demo /opt/schooltool-demo/schooltool.img

Make sure the user can write to ~/.uml

  # mkdir -p /opt/schooltool-demo/.uml
  # chown -R schooltool-demo /opt/schooltool-demo/.uml

Install and customize the init script

  # install /opt/schooltool-demo/src/uml/schooltool-uml \
            /etc/init.d/schooltool-demo
  # vi /etc/init.d/schooltool-demo
  # update-rc.d schooltool-demo defaults

Make sure mail delivery works.  E.g. for Postfix you need to include
192.168.200.100 to the mynetworks parameter in /etc/postfix/main.cf.

Add the alias for demo@schooltool.org.

Configure iptables or Apache on the host system to forward web traffic on port
80 to Apache running inside UML.  Example httpd.conf entry for apache-ssl:

  # XXX make sure mod_proxy and mod_rewrite are enabled

  NameVirtualHost *:80

  <VirtualHost *:80>
    ServerName demo.schooltool.org
    SSLDisable
    RewriteEngine On
    RewriteRule /(.*) http://192.168.200.100/$1 [P]
  </VirtualHost>

Configure iptables on the host system to forward SchoolTool traffic on ports
specified in democonfig.py.  Example iptables rule:

  echo 1 > /proc/sys/net/ipv4/ip_forward
  iptables -t nat -A PREROUTING -p tcp -d $EXT_IP --dport 10000:10100 \
         -j DNAT --to 192.168.200.100

Type /etc/init.d/schooltool-demo start to start the demo system.  Test it.
You can always ssh to root@192.168.200.100 to change anything inside.

Notes
-----

Note that UML will create a hidden file in /tmp that is the size of the memory
you specified to use for the UML.  Make sure you have enough free space there.
It is a good idea to mount tmpfs on /tmp, as that increases UML speed.

It is also a good idea to compile a kernel with the SKAS patch for the host
system.  It increases both the speed and security of UML.

File layout on the host system
------------------------------

  /opt/schooltool-demo
    contains the UML image

  /etc/init.d/schooltool-demo
    startup script

File layout on the UML system
-----------------------------

  /opt/schooltool-demo/bin
    contains demo scripts (democtl, cleanup, schooltool-new)

  /opt/schooltool-demo/lib
    contains demo libraries (demo.py, democonfig.py, beale.wordlist.asc)

  /opt/schooltool-demo/cgi-bin
    contains CGI scripts (register.py, confirm.py)

  /opt/schooltool-demo/www
    contains web pages (index.html)

  /opt/schooltool-demo/sampleschool
    contains the sample school template (Data.fs, Data.fs.index)

  /srv/schooltool-demo
    contains demo instances and users.csv

  /etc/init.d/schooltool-demo
    startup script (starts all demo instances)

  /etc/cron.d/schooltool-demo
    collects expired demo instances