First Alpha of Public Sector Linux Deployment System 84
New submitter mathiasfriman writes: SverigeLinux (SwedenLinux in Swedish) is a project financed by the Swedish Internet Fund that is developing a Linux deployment system for the public sector. It is based on DebianLAN and has just released its first public early alpha version. This 7 minute video shows how you can deploy up to 100 workstations with minimal Linux knowledge in under an hour, complete with DHCP, DNS and user data in LDAP, logins using Kerberos and centralized storage. The project has a home on GitHub and is looking for testers and developers. Don't worry, no Björgen Kjörgen; it's all in English.
Re:That's nice (Score:4, Insightful)
I'll stick with Microsoft Active Directory.
Microsoft Active Directory is a bloated piece of bad software. Replication failures are common. Performance is dismal. Security is poor.
Can someone tell me one advantage of Active directory? Anyone? Hello?
Re: (Score:1)
Sounds like "he said - you said." Some actual facts would help the discussion.Buzzphrases like "bloated piece of bad software" on the one hand and "secure, enterprise-ready solutions" on the other, tell us nothing that can be used as the basis for a choice or decision.
I know very little about Active Directory, but I'm willing to learn if something of substance could be presented.
Re:That's nice (Score:5, Informative)
I don't see how it can be called bloated, beyond the usual "ZOMG WINDOWS USES XXXXMB OF RAM LOLZZ" stuff.
AD isn't just LDAP, it's a central store for everything management. Yes it holds your authentication details, but it also holds settings for (assuming you use the MS products) DHCP, DNS, Mail, etc. Want a new DC to avoid SPOF? Install Windows, install the role, promote. All the settings are copied down automatically and you're redundant. You've also got the concept of sites, which certain domain controllers handle, so workstations know where to find their local DC. Also, subdomains, so you can hand off sections of the environment to other people - think company divisions (dev.corp.net) or even countries (us.corp.net). It's all GUI and PowerShell controllable these days too.
As for replication failures, yes they happen, as it will with anything that depends on replication. Disagree with them being common though - I've seen one in just over 15 years. We deleted the VM, made a new one on a new name, ran a clean up tool and carried on.
Re: (Score:1, Insightful)
Hence people calling it bloated. That's not a problem when you do want more than just LDAP but it is a valid description if you just want one little bit of what AD does.
Same with MS Exchange, it's a huge suite and not just a mail transfer agent. If you want the suite, fine, it doesn't matter that it's huge.
Re:That's nice (Score:5, Insightful)
If people are just using it for LDAP, then they're doing it wrong :/
Why not just use OpenLDAP or whatever in that case? The whole benefit of AD comes from putting everything in it. There's no masters or slaves, just two way replication partners.
I understand the complaint about Exchange, but it is a HUGE system that can do a lot more than just MTA as you say.
Re: (Score:1)
That's what an internal web site is for but MS decided to do something slow and complicated so that you'd need more than the average high school graduate web monkey to keep track of it.
Re:That's nice (Score:4, Interesting)
I think he was talking about SMS and at least SCCM 2007. I work in a 100,000+ environment with over 300 DPs on varying links from fast to abysmally slow satellite and yeah package replication can be annoying. Usually have to refresh a couple DPs a month. Not a huge deal except when it is part of a task sequence and someone tries to migrate a couple hundred machines overnight.
Re: (Score:1)
At least under SCCM 2012R2 (which I've got deployed to about half your size), the distribution actually comes with monitors that tell you whether it has been successful or not.
I rag on Microsoft a fair bit, but the software does do some things well - AD (actually, GP, LDAP alone does not an enterprise make), Excel, Exchange, SCCM is rapidly becoming the fan favourite where we are even though about 1/3 of our fleet is not-windows, taking the management of thousands of group policies for individual so
Re: (Score:1)
Microsoft Active Directory provides scalable, reliable, secure, enterprise-ready solutions.
And high quality redundant risk management diversification tools, while we're spouting buzzwords.
The bean counters will love hearing about risk management diversification tools.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
the ONLY advantage of AD is that its a bit like oracle servers.... pre-installed in the company by some mindless bastard that came before you. So its impossible to rip out, without changing EVERYTHING. That is the only function of AD, incidentally it also does something with users and servers and shares... And theres nothing in linux world that does that just as easily, and that can be operated using cheap trained monekys, instead of specialists. that enough answer for you?
Re: That's nice (Score:1, Insightful)
Platform integration, easy to set policies and security for pcs, users, groups, and locations. Easy to set up network printer access. Easy user configuration of exchange email and share point servers. Easy to setup patch and application management. The only operating system that did a better job was Novell Netware. Various Linux distros completely lack such ease of configuration and setup. There is no equal of exchange in the *nix environment period.
I'm a big believer in using the right tool for job and the
Re:That's nice (Score:5, Insightful)
It's the best tool for the job if you want to run a Windows network? Seriously, it's not like you decide management tools and let your platform/applications revolve around that. This is the step after you've convinced everyone to give up Outlook/Exchange and Word, accounting to give up Excel, PHBs to give up Powerpoint, design/marketing to give up Photoshop and every other bit of Windows-only software they got and your server admins ask "So what's our replacement for AD?" and they're going to ask you if it has features X, Y and Z just like the others did.
My guess is that every argument you just said will be met with a shrug and "It seems to work just fine for us, don't know what you're talking about. So how do we push a group policy to all clients in Linux?" and if your best answer is to write a script to ssh into each box and patch a configuration file they'll just roll their eyes and say "Linux does not have the necessary management features we need" and you've got one more group added to the list of migration opponents. Contrary to the *nix philosophy, I've yet to meet anyone happy to replace one tool with five, even if each is arguably a bit better. Swiss army knifes works quite well in the real world.
Re: (Score:3)
You use a configuration managemen
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
You can join a linux box to AD. Have been able to years.
You can deploy and manage a linux box with SCCM.
Re: (Score:1)
Re: (Score:2)
All projects are automatically over budget and late.
FTFY
Roger. We have full FOC on all underbelly systems (Score:3)
Apart from that, this seems the sort of project you didn't know you needed until you've seen it done.
How much time do admins, consultants, and contractors waste by re-inventing the wheel when planning, building, and rolling out the umpteeth networked computing infrastructure ?
What's there in the public domain is a jumble of howto's, forums, bits of disjunct knowledge and learning
Unintentional joke above (Score:4, Insightful)
I'm sorry, but you got me laughing at this point. Have you looked at MS server licencing at all? There's a good reason that there's a third party "for dummies" book.
Re:Roger. We have full FOC on all underbelly syste (Score:5, Interesting)
..This is one of the reasons why companies may decide to go with e.g. Microsoft. Less uncertainty in terms of price and ability to meet delivery deadlines..
For your consideration, I was going to present you with a breakdown of the IT structure in place at my current place of employ, alas, I can't be bothered, I've heard all this crap before and am tired trying to explain why it's so wrong.
Our main IT system is all Microsoft based, all set up by highly paid external certified consultants, and isn't worth shit, trying to detail all the fuckups they've had with it would take pages, suffice to say, the bit that I really, really have to laugh at was your '..Less uncertainty in terms of price and ability to meet delivery deadlines.' bit. None of their planned upgrades of the servers and desktops have run smoothly, to budget, or to schedule. My particular sections planned upgrade is now 6 months behind 'deadline'..
..Simply because the people who design and implement the stuff have had time to learn from their wost mistakes, as opposed to the average Linux enthusiast (a definite no-go) or even contractors that set up Linux-based infrastructures (you can bet they use non-standard setups, non-standard tooling, and leave you with a system you probably need them for to maintain efficiently).
Wait, what? seriously?, It's really sad that you seem to believe all that is true..in my 20+ years experience the biggest bunch of shyster-hucksters I've come across in the IT world are MCxx qualified consultants, I really shouldn't complain though, I managed to make quite a bit by fixing their mistakes...not bad, then again, I'm probably not your 'average Linux enthusiast'.
Contractors, whatever flavour of system they're setting up, Linux or otherwise, are usually bad news. If a company has gone down the 'let's employ externals to implement our IT' it means either the management are technophobes, or they don't trust their own IT people, in which case, the contractors know this and have a license to print money by installing the most borked setups imaginable (I should know, I've had to untangle quite a few 'job creation schemes' from setups over a couple of decades..I'm currently watching an experienced Windows guy trying to unravel such a setup now, he's been at it for a couple of months..a complete reinstall is not an option)
Do you know what's most annoying about the above?, most of the people I've known in the past who've run Linux/Unix servers have all supported their corporate windows servers as well (myself included). We may be, as you put it, 'Linux enthusiasts', this doesn't mean we've never seen (or had to fix/work around) the 'worst mistakes' of borked windows systems.
You know you're in for a fun day when you pop open a cmd window on a Win2k3 server in front of its admin and run something with command line switches he never knew existed..and I'm not even doing IT support as a job these days..
Re: (Score:2)
Technically speaking, if you're 100% sure in advance that they're going to fuck up then that is less uncertain.
Re:Roger. We have full FOC on all underbelly syste (Score:5, Interesting)
Open source can be a bit of a jumble. We have had some experience with solutions based on a number of FOSS products working together (in many cases, one has to rely on additional modules or bits of software written by different communities). Which is fine until one of those products is no longer being developed further. Your NTLM-based SSO module doesn't work with the Kerberos based system the company is switching to, and the devs have long gone. But that doesn't really have to be a problem. If you know you'll have to replace a FOSS component, you start looking for a replacement. Worst case scenario: you pay someone to develop a new version for you, which rarely is a major effort. It's a problem when it is a surprise and it breaks things. Because then the responsible manager does not have a vendor to shout at.
That ties in to the cost element as well. Estimating price and timelines for MS-based projects is reasonably well understood and not more inaccurate than in other projects, in my experience. But to what degree do you favour predictability over a (much) lower cost? As an example: Sharepoint.
My client (a large multinational) rolled out Sharepoint and is gradually replacing other systems with it: document management, team collaboration spaces, web content management, discussion forums, and the company Wiki. Some of the software SP is replacing was over 15 years old, but it had some good qualities: it was designed to scale up as well as down, to run in a multi-tiered organisation with delegated administrative responsibilities, and though (or because) it was not all-singing-all-dancing web 3.0 ultra-integrated software, it performed well with a minimum of maintenance and ran on pretty light hardware. TCO was low, and most change requests could be executed on the cheap as well.
Now there is Sharepoint. The cost of implementation (including migration from the older platforms) would feed a small nation for a year. It requires much beefier hardware and an army of consultants: lift a floor tile in any of the datacenters and you'll see a few Sharepoint guys scuttle off. Maintenance is at least an order of magnitude more expensive. And functionally, it only offers the very barest of any of the solutions it replaced. What it does do well is integration between functions and with Office, and workflow... but compared to all the other stuff, I consider those to be nice-to-haves.
There's the problem: Sharepoint was too easy a choice for management. A one stop shop, well understood cost structure, a traditional big iron approach to run the project, and someone to blame when things go south. And the sexy integration with Office of course. However, if they would have looked into FOSS solutions for CMS, Forums, Wikis and team sites, and selected a tried and true document management system from a vendor who knows what document management is, they would have saved time, saved a ton of money, had less disappointment and frustration from the rank-and-file, and enjoyed a much lower TCO. What they would miss is integration between all of these functions, but you know what? They are not that important.
I like imaging systems like this, but... (Score:2, Insightful)
I like imaging systems like this, but... It needs to be Distro Agnostic, as in just "An application." to deploy whatever Distro you have installed. As for LDAP, and Kerberos, Samba 4 plays a role here. Samba 4 is as much the next evolution of Heimdal Kerberos and OpenLDAP, as it is what Samba 3's "False Active Directories were, and everything OpenLDAP, and Heimdal provided, OpenLDAP and Heimdal clients should expect from Samba 4.
The Fog Project seems to be a good model for this idea.
Re:I like imaging systems like this, but... (Score:5, Informative)
Re:I like imaging systems like this, but... (Score:4, Informative)
So, how's this SverigeLinux thing different from upstream FAI? Sounds like Debian plus some default configs. I've used FAI with both Debian and Ubuntu for many years (actually at a Swedish government institution) and your web site doesn't really explain what you're doing and how it improves what's already there.
The FAI in SverigeLinux is the same as the FAI in Wheezy, what we've added is the config directory which installs OpenLDAP, Kerberos, centralized home directories mounted via NFS4 over kerberos, FusionDirectory for LDAP management of user-, DNS- and DHCP-settings, Icinga and Munin for monitoring, Roundcube for webmail, OwnCloud for cloud storage, dirvish for backup and some more stuff. The server can also replicate itself so that you can install an exact copy of the mainserver. :)
The whole idea is that you won't need to spend a couple of months implementing the system with all these components, testing the setup and running into a myriad of problems before getting it right. It's just there from the beginning, tailored with your own domain name and your own IP-series if you so please. Think of it as the dcpromo of the Linux world, sort of. Please, feel more than free to contact me, if you're a long time FAI user we could definitely use your skills.
Re: (Score:2)
Re: (Score:1)
The plan with this system is to offer a number of different ways to manage an infrastructure and FAI is one, preseeding is another, the foreman could be a third, even FOG or CloneZilla.. The important part is the infrastructure in the form of an LDAP-directory for e.g. DNS, DHCP and user data. We would like the users to have several options to choose from d
Re: (Score:2)
"The plan with this system is to offer a number of different ways to manage an infrastructure and FAI is one, preseeding is another, the foreman could be a third"
Remember the old saying "He that too much embraces, holds little."
Despite of the risk of failing in your choosings (I for one have concerns on your choice on FAI), this is a project that is basically based on taking third party pieces and massaging and gluing to convince them to work together. Therefore I think, it's OK for the project to be stron
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Now I see. Does your OpenLDAP installation use the smbk5pwd.so module to Sync LDAP and Kerberos?
Re: (Score:2)
"First, this is not an imaging system, it's an install system which installs mainly Debian based distributions, based on Fully Automatic Installation (fai-project.org)."
How is this different, then, to Debian Edu [debian.org]? (forget about the fact of "Edu" on its name).
It also aims for a centralized Debian environment, imaging system, centralized configurations, etc. and it's, of course, since it's been in development for some few years, much more mature than your project.
Re: (Score:1)
Another thing we are
Cool (Score:2)
This kind of stuff makes it easy to set up a whole company infrastructure quickly
Great! Minimal knowledge is just what we seek! (Score:1)
Is it usually a good idea to have a person with minimal knowledge of what they are doing rolling out a couple of 100 machines?
Re: (Score:2)
Of course it is!
How else do you expect us $100/hour consultants to get any job opportunities?
*Walks off to buy his third solid gold Humvee*
Re: (Score:2)
It may be easier to admin a system than to set it up. e.g. writing your own script for user creation is too hard (and will have you ssh in as root, unless you can also build a secure web interface around it).
Worse, you could have a try and get it wrong in a subtle way.. but leaving that to someone else, you might be competent enough to admin the user accounts, the dhcp, cups, the proxy.., troubleshooting issues.
Re: (Score:2)
not if I set the password as "r00t" so that the bad guys won't guess.
Re: (Score:2)
https://www.internetfonden.se/... [internetfonden.se]
Also, it is quite trivial to add multilingual support to the parts that matter. Most of the documentation that I'm writing for the system is however in swedish for this first phase of the project.
Re: (Score:3)
""Don't worry, no BjÃrgen KjÃrgen; it's all in English."
Nobody outside your psicotic circles worries about the richness of humanity having more languages than just English."
I do.
It could probably been said in a more "politically correct" way and, me myself being Spanish, have my own concerns about English being the "common trade" language of the world (as it has been French, German, Spanish, Latin... in the past), but I applaud the project being set in English instead of Finn, since it'll reach a
Re: (Score:2)
German? When was that?
Re: (Score:2)
"German? When was that?
Reply to This"
Are you trolling or asking in good faith?
In case it's the lattest, go please check what was the language science, both pure and applied, and engineering was written on along the second half of XIX century up to World War II.
Re: (Score:1)
I'm perfectly aware of German's position in science, thank you very much. Your assertion was that German was the common language of trade. Outside a small time frame in the Baltic, that's simply untrue.
Oh, and bullshit on Latin too. Unless by "world" you mean Western Europe and half the Med.
Re: (Score:2)
Correcting fat idiots when they spout shit is not trolling.
WTF is "etnocentrism", by the way? Something to do with volcanoes?
The real question is: (Score:3)
If I'd happen to work in the Swedish puvblic sector, what I'd want to know first is:
does it run systemd?
Re: (Score:2)
Re: (Score:1)
Where exactly are you missing them?