|
Rationale
Make it very simple to install and configure many machines, for example, in a school or a small company.
In my work, we have to deal with many class rooms with some computers, group policies, etc. I would like a fast clean way of installing, configuring and updating (creating a proxy for apt maby).
I think this is very important if we want to see ubuntu spread out to business and not only on homes.
Tags:
(none)
|
|
38
votes
|
|
54
0
16
|
|
|
|
|
Propose your solution
Attachments
No attachments.
Duplicates
Comments
|
|
XPE boot. Scripted netinstall image. CloneZilla. G4L. There's loads of tools that already do this.
Someone who can't figure out how to make network tools work, may not be the best choice for a network administrator.
|
|
|
I know there are tools. I just think that everything can be tuned up and easier. And this could be an attractive thing about Ubuntu to reach a wider public.
Take apt, synaptic and "Add/Remove" apps. They rock! Do you remember how it was to install a simple app? to search for libraries and dependencies?
Does network admin needs to be "not easy"?
|
|
tyggna
wrote on the 6 Mar 08 at 23:42
|
|
|
I believe it does need to be "not easy."
Easy means common, common means commonly known, and commonly known usually indicates greater security risks.
Also, easy usually means automated, and automated means that you don't understand the internal workings--or how to change/fix them should something go wrong.
Being a network admin at a school myself, I work with lot of other admins who agree with this philosophy. Many of them will simply refuse to install any new application until they've read all the documentation and one third-party source on the material, because they want to understand the potential security threats before hand, and (more importantly) the load that it'll put on the network.
|
|
tyggna
wrote on the 6 Mar 08 at 23:47
|
|
|
Pushed post too soon, sorry for double post.
We do, however use a program that does just this, though, called p-run (it's open source) that lets you run any command-line code you want on any selected group of computers. This is a security risk, but we only allow the process to be run on a select number of computers in a secure room.
|
|
|
Well, I can't agree that because something is easier, it makes it less secure.
But I can now understand that this is a very questionable issue, that colides with different philosophies and practices. I just know that this wound convert some microsoft guys.
Every admin creates his own scripts and recipes to make his life a little easier. And stores them away form everybody. So if the admins would join and share their knowledge to create some really good and secure and mantained scripts and programs, something good will happen. (this sharing thing sounds familiar :) )
I'm just talking about a server eddition, or package, with something like LAMP: a group of programs and basic configurations to get a entire room installed in no time. We do that anyway, easy or not! C'mon!
|
|
|
I do PXE network installs.
I use a combination of netboot installs with aptcacher. I easily found all the documentation I needed though Ubuntu Wiki and Ubuntuforums. It wasn't terribly easy to set up initially, but now that it is, just find how to netboot the machine, and badabing badaboom!
The default setup could be a little nicer for supporting multiple distributions, but it's not all that hard to figure out.
Biggest pain of it all is dealing with DHCP. Especially if you already have a box supplying DHCP to your network, like my little stupid router.
"Easy means common, common means commonly known, and commonly known usually indicates greater security risks." Nope, I don't believe it. The documentation is already out there. Free Open Source Software, right? But even more, the documentation is easy to understand.
But there are security concerns with this setup. A rogue DHCP server can screw your nice network up; a miscreant would have to get physical access to a network jack with a custom-configured laptop, for example, to do it.
And I think new machines need to have their MAC addresses initially checked somehow outside the main network -- I use an extra ethernet port on my server for that purpose. If you do that, you'll be sure you're setting up an installation for that computer (and not another computer on the LAN with an unassigned MAC address).
I also have documentation on using this with Windows installs (which I have to maintain for special software and hardware we have in house). I haven't tried this yet, but it looks very promising.
|
|
|
Oh, I forgot; it's easy to add (most) packages to an unattended install. I always add openssh-server to the mix. While it's installing, I go back to my work computer and open up a term and type in:
watch --interval=20 ssh newcomputer
and when it logs in, I know it's ready!
---
Using apt-cacher saves a lot of time with netboot, and I don't end up installing stuff that I have to reinstall updates for again. I haven't accurately clocked it, but I'm down to 12 - 15 minutes for a complete gutsy desktop from raw metal.
|
Post your comment
|
