Ask Slashdot: How Do You Install Ubuntu On 30 Laptops and Keep Them In Sync?

New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."

Puppet

[BHearsum]

http://puppetlabs.com/

Re:Puppet

[vlm]

http://puppetlabs.com/

LOL this is the weekly ask /. where the questioner describes the perfect application for Puppet and then asks what to use.

My only other addition is install and set up torque and dish.

Torque is a decent queuing system. Everybody queue up a job to do "something" as quickly as possible, but strictly one at a time.

The DISH distributed shell lets you run a single command line (which could be a script...) on all machines right now. Simultaneously or whatever.

Re:Puppet

[realityimpaired]

Puppet would be the perfect tool for the job, but there may be a reason he can't use Puppet.

If that's the case, set up your own repo. Mirror Ubuntu's repo, and configure all of the systems to only connect to your repo. Set them to automatically update nightly, and bob's your uncle. If you want to push something to the computers, then push it to your repo and they will update during the overnight push

Re:Puppet

[a5an0]

Puppet is usually the right answer :)

Re:Puppet

And keep one laptop, or a VM of it, where you can trigger the update, see if the VM still boots afterwards... if it doesn't boot, don't deploy the changes network-wide! Although that means you need a second repo for test purposes.

Re:Puppet

[fluffy99]

Except 30 nodes is going to cost several thousand dollars for the licensing. It'd be cheaper to hire the local neighborhood kid to sit there for an afternoon and do them individually. For that you could buy and image a new set of drives. Would 32-gig USB thumb drives be big enough for your install, allowing you to usb boot the machines? Or perhaps create a custom Live-CD, which has the advantage that you simply reboot the machine if the user dorks it up?

Re:Puppet

[interval1066]

@OP: Erm, why not just VM the Linux environment? No need to change drive geometry, a vm image can be deployed effortlessly to all the machines, and the clean up will be a snap. Is there some reason you need to install a native linux slice on each machine?

Re:Puppet

[Antique+Geekmeister]

If you've got a month to learn puppet and master it, and a test bed of one each of the different designated configurations of the laptops, puppet can be very useful. If the laptops need to be _identical_ in configuration, you want a nightly imaging tool such as is used in public computer labs, not a highly context sensitive configuration management tool. This is especially true if people will be manipulating the configurations locally: the ability to ruin a configuration managed file service or website deployment with mis-installed, locally built packages is truly amazing, especially with developers using the perl "CPAN" or python or Maven based auto-component installation tools.

Laptop configurations are unfortunately extremely sensitive to driver mismatches and configuration mismatches. Ubuntu is actually a good distribution for such a use, it's one of the best integrated Linux releases for laptops. But for distributed laptops in a development environment, regular re-imaging is vital to preserve a consistent environment. Local users with developer or administrative privileges _will_ skew them from the centrally configured layout, enough to break it, and they _won't_ know how to resolve the puppet problems.

Re:Puppet

[X0563511]

This is the argument of a stuck-up admin who runs a handful of machines.

Stick a zero or two on the number of machines you manage and see how your tune changes.

Re:Puppet

[X0563511]

Say what?

Re:Puppet

The OP is asking for a solution. If you disagree with this offered advice please offer a specific counter-solution.

Re:Puppet

[nahdude812]

Here is the link to Ubuntu's custom install CD article: https://help.ubuntu.com/community/InstallCDCustomization. Create your own custom installer, and use that to image all the laptops.

Re:Puppet

If you don't have enough hard disk space for the full blown mirror, use the apt proxy: https://help.ubuntu.com/community/AptProxy

Re:Puppet

[allo]

for example installation via PXE with preseed, administration via debian packages built around config-package-dev.
Works good for us for ~200 machines composed of workstations and computing cluster nodes.

Re:Puppet

winXP could do this 10 years ago! maybe you should check out options to ubunto.

So? most OSes could do this 10 years ago too (including Debian derivatives). If there are reasons to check alternatives to an OS, this isn't one.

And it's Ubuntu , with a final u, try to spell correctly asshole.

Re:Puppet

[RocketRabbit]

You forgot to reply as an AC.

Re:Puppet

[fluffy99]

Either I'm missing something obvious, or it's free for 10-nodes and you start paying quite a bit for anything beyond that.
http://puppetlabs.com/puppet/how-to-buy/

Node Packs
10 FREE
25 $1,995
100 $6,995
250 $16,995
500 $29,995
1,000 $55,995
More than 1,000 Contact sales@puppetlabs.com

Re:Puppet

[Spliffster]

I use puppetmaster on more than 10 machines. I guess these prices are for the "enterprise* Version which offers VMWare management, GUI and many more features. All unneeded for me.

Cheers,
-S

PS: try # apt-get install puppetmaster

Re:Puppet

Performance? Windows security problems?

Re:Puppet

[hendrikboom]

puppet is a Debian package.

Re:Puppet

[DarwinSurvivor]

Either I'm missing something obvious, or it's free for 10-nodes and you start paying quite a bit for anything beyond that. http://puppetlabs.com/puppet/how-to-buy/

Node Packs Puppet Enterprise with Standard Support and Maintenance
10 FREE
25 $1,995
100 $6,995
250 $16,995
500 $29,995
1,000 $55,995
More than 1,000 Contact sales@puppetlabs.com

You DID miss something. You pay those prices if you want SUPPORT for the licenses. If you can support yourself, just use the Open Source version. Sort of like RHEL vs Fedora

Re:Puppet

[Vanders]

Either I'm missing something obvious

You're missing something really, really obvious. The prices you quote are for PuppetLabs support (Enterprise Puppet). Open Source Puppet is free. Tree it: "apt-get install puppetmaster". I've had ~400 servers running from a single Puppetmaster instance (~4800 divergences per. hour).

Having said all of that, I'd recommend Chef over Puppet these days. Again, Open Source Chef will work perfectly well for free, or you can pay Opscode for support.

Re:Puppet

[Vanders]

Jesus...

s/Tree/Try/
s/Divergence/Convergence/

Re:Puppet

[laurelraven]

I'm not sure about the security aspect so much, but on the performance side, if everything is running over a local LAN, then that shouldn't be a problem with only 30 machines. I would imagine there are solutions that can address most security concerns as well.

Personally, though it might be a bit more front-end work (not sure, as I've never set up that type of environment, either way), it seems like the VM solution would be the best overall once set up, and is more portable and re-usable, not to mention setting everything back is as simple as rebooting the machine (at least, that's how I understand those systems to work).

Re:Puppet

[stenWolf]

Forget Torque - it's just a lure to buy into moab. Slurm is easier to setup, understand and run.
As for DISH - if you're at that level you might as well install C3 and get parallel file copy (scp like) or even xcat (with xdsh/xdcp/updatenode and what-not).

Re:Puppet

[timbo234]

Exactly, I'm so sick of the condescending bullshit posted on sites like slashdot from sysadmins who think that because they do everything manually or with custom scripts they are somehow better. As a sysadmin you're hired by a business to administer the systems efficiently and in a way that someone else could take over without too much trouble if you got hit by a bus or decided to leave.

Systems like puppet can usually cover 90%+ of the configurations in an organisation, leaving you the time to properly focus on the inevitable corner-cases and learn to use their 'toolsets' or whatever else properly.

Re:Puppet

[sidthegeek]

He's a Microsoft shill. Pay him no attention.

Re:Puppet

[Junta]

Or, take a step back from the specific suggestions the poster is submitting, realize it's a short-lived transient effort, and tell him to be less fancy, yank the drives, put in USB keys and be done with it. If one gets 'corrupted' through use/misuse, exchange keys and move on with their life.

For someone who lives day to day with tools like xCAT it's a natural enough thing to use it even for this circumstance and the suggestion of USB keys sounds downright kludgy and tortuously slow, but for one who has not used it before, kludging about with USB keys might ultimately be easier to wrap their head around and something they can do without learning more quickly for a one-shot effort. Particularly I wouldn't be lining up to 'borrow' the state of the hard drive and return it perfectly to previous condition if I were new to the whole game.

Re:Puppet

[hairyfeet]

He's an M$ Ninja!" citation please? because it seems to me he is saying that if XP had it 10 years ago in all likelihood Ubuntu already HAS the tools the guys needs, he just hasn't bothered to look for them. You know most OSes don't have things listed in categories like "The thing you need to use to sync all teh stuff" so one generally does have to do a teeny tiny bit of fricking research. I mean ask Slashdot was supposed to be for HARD questions, what's next? How do I keep from getting pizza sauce on my shirt? 10 seconds with Google would have given this guy a dozen choices! hell a whole minute on the Ubuntu forums would have easily given him a dozen more, and who better than the guys that help folks with that OS?

I'm sorry but its a lame ass question and just because it has your favorite OS in it don't make it any less lame, it would be lame if he'd have asked about Windows, OSX, PCLOS, BSD, all of these answers are 10 seconds in Google. We should be getting GOOD questions in ask /., things like how to deal with thorny security issues without becoming a BOFH or how to make sure your network topology has the least bottlenecks, something interesting, this is "I'm too fucking lazy to ask Google,would you do it for me?". This entire thread should simple have a "let me Google that for you" link and call it a day. Its THAT stupid.

Re:Puppet

tl;dr "I can't or won't learn how to do the job properly so I'll take the one-size-fits-all approach."

As a sysadmin you're hired by a business to administer the systems efficiently

You're not helping your case.

and in a way that someone else could take over without too much trouble if you got hit by a bus or decided to leave.

It doesn't take a jedi master to know how to write a script or use a vendor/distributor-provided toolkit to automate system administration, nor is it 1999. If you can't cope, the only reason you still have a job is because your employers know no better (or good ol' nepotism).

Re:Puppet

[garyebickford]

10 seconds with Google would have given this guy a dozen choices! hell a whole minute on the Ubuntu forums would have easily given him a dozen more, and who better than the guys that help folks with that OS?

I disagree. Google is a good place to start, but once you have a dozen choices, how do you find out the good & bad of each one, the secret tricks, and so forth? So it's good to start there but also to research other forums, and then check places like Slashdot for the latest and greatest experience. A lot of advice in old forums is out of date, often by years. Unfortunately Google is as likely to give advice from 2006 as from today. Ask Slashdot is a fertile source of good opinions by people who've 'been there, done that', and more importantly, may have done it last week, from a broader experiential spectrum that the Ubuntu forums. To me it can be like asking the guys around the lab what they think about the problem. Of course, not always...!!

Re:Puppet

[bejiitas_wrath]

Mandrake Linux could save the installation choices in a file that could be used to auto install Mandrake Linux on other computers. This website describes that process for Mandrake. And SUSE Linux could perform the same task.

Surely there is something like this for Ubuntu?

Re:Puppet

[jon3k]

You mean RHEL vs CentOS. Fedora is a bleeding-edge desktop distro, not a replacement for RHEL.

Re:Puppet

Are you a retard? Puppet is FOSS, you FUDmonkey! There are ports/packages of it for any linux/BSD you can possibly think of.

Re:Puppet

[jmcdonagh]

I love Puppet and make my living off of it, but I'm not so sure it's a great suggestion here. The OP should be using PXE to boot into the installer, automated by the standard OS automation framework, Debian Preseed. Puppet can be installed in the late_command, if you really want it. I would argue that if the OP is asking this question in the first place, Puppet may present too steep a learning curve and too much work. An SSH pubkey with capistrano should probably be fine for modifying things later. He is only setting this up for an 'event' so ongoing config management such as Puppet is probably not necessary, too complex. If OP wants to set everything up first then copy that box, you can use debconf-get-selections --installer i think is the command line to get only installer values.

Re:Puppet

[Alex+Belits]

Thee is no legitimate reason for using Linux in a VM, other than being a loyalist of the OS you run it under. For operating systems other than Windows, VMs are only useful for testing, development and reverse engineering.

Of course, this also means thet there is never a reason for using Linux under Linux in VM, or Linux under VMWare ESX -- there are superior environments such as vserver, openvz and others. Everyone who does this, does it out of ignorance, and deserves a title of VMWare jockey.

Re:Puppet

[Alex+Belits]

I'm not sure about the security aspect so much, but on the performance side, if everything is running over a local LAN, then that shouldn't be a problem with only 30 machines.

You are stupid.

I would imagine there are solutions that can address most security concerns as well.

Scratch that, you are a dangerous idiot. Kill all your friends, then yourself.

The only solution to a security problem of having Windows full access to everything that is supposed to run Linux, is not running Linux under control of Windows in the first place. And killing everyone who proposes something that stupid.

Re:Puppet

[interval1066]

He said he needed to return the underlying OS to its original state. The easiest way to do this is run Linux as a vm, and simply delete the vm image and engine when he's done. Ergo: legitimate reason. So GTFO.

Re:Puppet

[timbo234]

So automating the stuff that can be automated with Puppet and devoting my time to the difficult stuff that really does need my attention somehow shows I can't cope? BTW Puppet *is* a 'vendor-provided toolkit', Puppetlabs is a software vendor selling support and services just like Red Hat and others.

I could do with a laugh this morning so perhaps you can share some more insights from the quasi-Soviet time warp you live in where everything has to be done in as manual and inefficient way as possible to justify your job.

Re:Puppet

[DarwinSurvivor]

Fine, but my main point still stands.

Re:Puppet

[Trahloc]

Eh? No reason to use a linux vm? I personally run nothing on baremetal anymore. Everything lives in a vm, even if all resources are tied to that single vm. It provides immeasurable assistance when things go wrong. IPMI is nice, but sometimes your project just isn't worth the extra cost of it. I just can't think of a single reason to run anything on baremetal anymore. Between OpenVZ (someday LXC) and KVM you've got everything you need right there.

Re:Puppet

[Trahloc]

As someone who keeps wanting to play with puppet 'someday' ... what are your top two reasons for liking chef over puppet?

Re:Puppet

BTW Puppet *is* a 'vendor-provided toolkit'

Where the context here for "vendor" is the guy selling the platform, not "anyone who sells stuff". Do admins still have that BOFH "Human language is beneath me!" mentality?

I could do with a laugh this morning so perhaps you can share some more insights from the quasi-Soviet time warp you live in where everything has to be done in as manual and inefficient way as possible to justify your job.

Your reading comprehension is atrocious. The point is that automation packages designed for individual systems are almost invariably more efficient and complete than generic systems designed for lazy sysadmins. To quote allo:

for example installation via PXE with preseed, administration via debian packages built around config-package-dev.

Also, the "Soviets were dum" meme is boring - and inappropriately chosen, since the "one size fits all" fallacy is precisely why I am deriding puppet. The USSR's advance was embarrassingly fast from the '30s to the '70s, just as China has accelerated over the past twenty years. Centralisation works - just ask your local multinational executive and see who he shares his golf weekends with. The human cost of all regimes is rightly questioned, of course.

Re:Puppet

You are such a douche.

Re:Puppet

[Kjella]

You DID miss something. You pay those prices if you want SUPPORT for the licenses. If you can support yourself, just use the Open Source version. Sort of like RHEL vs Fedora

No. There's plenty functionality you get in the Enterprise version that you don't get in the open source version, so nothing like RHEL vs CentOS (which I assume is what you meant). If you want those features you'll be paying whether you want support or not.

Re:Puppet

[timbo234]

"Where the context here for "vendor" is the guy selling the platform, not "anyone who sells stuff". Do admins still have that BOFH "Human language is beneath me!" mentality?"

You said "a vendor/distributor-provided toolkit". How is puppet not 'a vendor-provided toolkit'? If you meant only using tools provided by the *OS distributor* then actually write that, but don't write something ambiguous and then jump on people when they didn't get the exact same meaning as you. In short try expressing yourself properly next time.

"Your reading comprehension is atrocious. The point is that automation packages designed for individual systems are almost invariably more efficient and complete than generic systems designed for lazy sysadmins."

Leaving aside that nowhere in your previous posts did you say that you obviously know nothing about puppet. It can do far more things far more flexibly than building debian config packages. And when the built-in types don't meet your needs you can use it to make your own out of commands and the "OS distributor-provided toolkit" directly.

As for the Soviets I was referring to sticking to older, less efficient, ways of doing things just so everyone has a job, something which they were well known for and which arguably brought their economy down in the end. Nothing to do with centralisation, but again your poor reading comprehensive comes through.

Re:Puppet

[Alex+Belits]

OpenVZ and LXC are not virtualization mechanisms, they are host compartmentalization, the right way of imitating multiple hosts.

Re:Puppet

[Alex+Belits]

There was nothing about "underlying" OS. It was the originally installed Windows, there was no requirement to keep using it WHILE THE SYSTEM IS BOOTED INTO LINUX.

Re:Puppet

[hairyfeet]

Thank you. Notcie how I get modded down for daring to point out the obvious? this is a "how do I double click" level of question and THIS makes Ask Slashdot? Jesus tap Dancing Christ as I said a whole minute on the Ubuntu forums and they would have told them the preferred tool for that OS! What's next, how do I use synaptic to install stuff? This is eHow level noob crap, not something that should be on ask slashdot. this isn't even a slightly interesting problem, its first year noob shit that Google could solve in under 60 seconds.

Re:Puppet

Wow. Alex, you kind of missed this whole "cloud computing" boat, haven't you?

Re:Puppet

[laurelraven]

I'm not sure about the security aspect so much, but on the performance side, if everything is running over a local LAN, then that shouldn't be a problem with only 30 machines.

You are stupid.

Since there are solutions from Citrix that do exactly this over a corporate WAN with far more nodes, I don't see how there would be too much trouble getting it to work on a local LAN with a 1 Gig switch. If you have something that would dispute that idea, then by all means, offer that rather than your little ad hominem attack.

I fully admit that I've not set one of these systems up myself, and I don't know the underlying technology of it that well yet, so if there are other considerations that I am missing here, please contribute them to the discussion.

I would imagine there are solutions that can address most security concerns as well.

Scratch that, you are a dangerous idiot. Kill all your friends, then yourself.

The only solution to a security problem of having Windows full access to everything that is supposed to run Linux, is not running Linux under control of Windows in the first place. And killing everyone who proposes something that stupid.

I don't recall anyone saying anything about it running under the control of Windows, first of all; Windows itself would not actually launch, the machines would simply boot to the virtual image.

Second, while I agree that Linux is still inherently more secure than Windows, that gap has drastically narrowed over the last 10 years, and you can actually deploy Windows securely. That line is getting really old.

I know I'm feeding the troll right now. Oh well. I'm not sure why this troll has a score 4 Insightful, though, other than his 3 digit UID. Troll on, Alex...or, alternatively, grow the hell up and give real counter arguments rather than just attacking people for saying something you disagree with.

Re:Puppet

[Gyorg_Lavode]

It seems like PXE booting something that then boots a tailored ISO would work pretty well.

Re:Puppet

You said "a vendor/distributor-provided toolkit". How is puppet not 'a vendor-provided toolkit'?

Words have context.

Every business is a vendor. Your interpretation of "vendor" gives it no substantive meaning within the sentence. Therefore your interpretation must be wrong and you need to look for another one.

This is the sort of thought process you should go through during primary school reading comprehension exercises. I don't know what country you're from, but your tenuous grasp of language wouldn't get you through high school here.

Leaving aside that nowhere in your previous posts did you say that you obviously know nothing about puppet.

Please parse this sentence.

It can do far more things far more flexibly than building debian config packages.

Yes, you dolt. The example given was one more flexible alternative to an application of puppet. That's the Unix philosophy: lots of little tools doing one or two things well, working together.

And when the built-in types don't meet your needs you can use it to make your own out of commands and the "OS distributor-provided toolkit" directly.

How unusual, an unnecessary layer of complexity. I've never seen anyone use them for job security before.

older, less efficient, ways of doing things just so everyone has a job, something which they were well known for

No, they weren't. Perhaps you recall a specific example of inefficiency and are assuming something about it, or maybe you just read a passing remark on some sophomoric political web site and are regurgitating it.

and which arguably brought their economy down in the end.

No, that has never been documented as a significant reason for the downfall of the USSR. It wouldn't even be logical: sticking to old methods in some factory might make you unable to compete with another factory, but factories were not in competition. A few right-wing nutjobs have suggested that Soviet workers could deliberately idle because there was no danger of losing your job, as if Soviet justice were ultra-liberal when not sending everyone to gulags. But the idea that the USSR couldn't find useful things for people to do so deliberately encouraged thumb-twiddling on the clock is a new one.

I, for one, look forward to people using their economic prejudices to explain the break-up of the UK following the 2014 Scottish independence referendum...!

Nothing to do with centralisation, but again your poor reading comprehensive comes through.

OK, I accept that your allusion was to something you made up rather than to some well-known feature of the regime. I apologise having too much faith in you - which I assume is what "poor reading comprehensive" refers to.

Re:Puppet

Upvotes? Wait... Reddit term

+1

Re:Puppet

[timbo234]

"Words have context.

Every business is a vendor. Your interpretation of "vendor" gives it no substantive meaning within the sentence. Therefore your interpretation must be wrong and you need to look for another one.

This is the sort of thought process you should go through during primary school reading comprehension exercises. I don't know what country you're from, but your tenuous grasp of language wouldn't get you through high school here."

The word 'vendor' has a perfectly substantive meaning in that sentence, a software tool that's supported by an actual vendor - someone you can buy support and services off. Very different to some random tool you can download off the internet that's effectively supported by no one (or yourself/own IT staff with access to the source code). I.e. Puppet is vendor supported but your self-written sysadmin scripts are not, even if they use software from the OS distributor.

I could point out again how ambiguous and broad your original phrasing was, but it's pointless as your comprehension level of language is obviously too far behind to see your mistake.

"Yes, you dolt. The example given was one more flexible alternative to an application of puppet. That's the Unix philosophy: lots of little tools doing one or two things well, working together."

And here's where your reading comprehension fails again. I was pointing out that puppet is much *more flexible than debian config packages* as you can do everything you can do in a deb package (or directly on the command line) plus lots more with Puppet. For god sakes why don't you actually try it - you obviously have no clue as your only argument so far against it is that it's for 'lazy admins'.

"No, they weren't. Perhaps you recall a specific example of inefficiency and are assuming something about it, or maybe you just read a passing remark on some sophomoric political web site and are regurgitating it."

No I'm actually recalling the real world example of what happened in East Germany in particular, and the USSR in general, after the Iron Curtain came down. Most industries, particularly those in East Germany which were directly exposed to the West, failed because they were desperately inefficient and out-of-date.

Re:Puppet

"They came with Windows preinstalled and it must stay for other purposes."

WTF are you high on?

Re:Puppet

[jon3k]

Yeah absolutely, I agree. I'm not arguing, just clarifying :)

Re:Puppet

[Trahloc]

They're not true virtualization I agree, 'containers' is common wording. But for many cases the difference is negligible.

Re:Puppet

[Alex+Belits]

No, I just think, "here is a remote VM, go mess with things within it" kind of service is stupid.

Re:Puppet

[Alex+Belits]

Since there are solutions from Citrix that do exactly this over a corporate WAN with far more nodes, I don't see how there would be too much trouble getting it to work on a local LAN with a 1 Gig switch. If you have something that would dispute that idea, then by all means, offer that rather than your little ad hominem attack.

1. Citrix. Sane people don't use Citrix products.
2. Modern laptops. As in, portable devices with ridiculous amount of resources in them.

I don't recall anyone saying anything about it running under the control of Windows, first of all; Windows itself would not actually launch, the machines would simply boot to the virtual image.

How, do you think, VM runs on anything other than high-end VMWare "solutions", and how come, an image is a file on a filesystem? Either, everything runs under the host OS, or with "primary" OS providing management and services from one of VMs while user's image is running from another.

Second, while I agree that Linux is still inherently more secure than Windows, that gap has drastically narrowed over the last 10 years

Right, from "fucking insecure" to "insecure".
If you run Linux under VM under Windows, you are vulnerable to:

1. All security holes in Linux,
2. Plus all security holes in Windows (including ones that only give access to the user running VM or user that can write to VM files).
3. Plus all security holes in VM (yes, there are plenty of those, too).

As a bonus, you can't even update those components without suspending or shutting down your OS in VM.

, and you can actually deploy Windows securely. That line is getting really old.

By definition, if something is not secure, it can not be "deployed securely" unless you are going to deploy it without any intention to use it.

Re:Puppet

[Alex+Belits]

Are you a moron?

He intends to keep Windows usable and install Linux along with it, not under it. He even mentioned that he wants to shrink Windows partition, so Linux will be independent from it.

Re:Puppet

[Alex+Belits]

The difference is fundamental. Virtualization is an obsolete mechanism that pre-dates all modern operating systems. It is used on mainframes because their hardware was specifically designed for it, before the idea of multitasking OS and kernel-userspace interface was invented. It carefully imitates hardware (real or specially devised "virtual" one optimized for such use) and creates layers of virtual memory, scheduler, I/O manager, networking subsystem, and usually other kernel components above those exact components of the real OS. It only works well if those components of the OS are done so poorly (or are nonexistent in early OSes), another level of those things doesn't make the system any worse.

Host compartmentalization (a.k.a. containers, jails) is a modern mechanism that imitates userspace interface of multiple hosts under a single kernel. It's elegant and efficient, the only thing it can't do is to run a completely different OS. Therefore, unless there is Windows involved, it's a vastly superior mechanism.

Re:Puppet

[laurelraven]

No, I just think, "here is a remote VM, go mess with things within it" kind of service is stupid.

While it is certainly your right to feel that way, that does not make it any less viable or useful a technology to those of us who recognize the value in it.

Re:Puppet

[laurelraven]

1. Citrix. Sane people don't use Citrix products.

That's very nice and condescending of you; however, it still doesn't address my point, that Citrix is able to do this over a WAN, so why should there be issues with performance over a LAN?

2. Modern laptops. As in, portable devices with ridiculous amount of resources in them.

I'm not sure I get your point on this one. Can you elaborate on why that is an important point?

How, do you think, VM runs on anything other than high-end VMWare "solutions", and how come, an image is a file on a filesystem? Either, everything runs under the host OS, or with "primary" OS providing management and services from one of VMs while user's image is running from another.

Or, the VM does neither, and simply boots directly to the VM image, which is what I believe was being discussed. There is also no requirement that the VM be hosted on Windows at all. If that OS is never booted, then how does its security issues factor in at all?

Right, from "fucking insecure" to "insecure".

If this were 2004 and we were discussing XP, then I would agree with you whole-heartedly. The fact is that Microsoft has done a lot to change that, and their security model is no longer the joke it once was. I'm still not a fan, and I loathe defending them, but security simply isn't the hot issue it once was with them. Give it a rest already, and move on to one of their other failings. Their licensing model still sucks, for instance...

Re:Puppet

[Alex+Belits]

Or, the VM does neither, and simply boots directly to the VM image, which is what I believe was being discussed. There is also no requirement that the VM be hosted on Windows at all. If that OS is never booted, then how does its security issues factor in at all?

Virtualization does not work this way. To "boot from image" you need a whole fake environment that creates a fake drive, fed through fake BIOS to bootloader, and then without BIOS to the real SATA driver from the OS running in fake RAM. If you are lucky, network adapter access is real (through iommu), but the drive most likely is not only fake but accessed through fully booted Windows running its NTFS filesystem.

* * * BARF!!! * * *

Re:Puppet

[Alex+Belits]

There are companies that offer MS Exchange server hosting -- so what?

Re:Puppet

[Trahloc]

You're speaking of what laid the ground work for what eventually became HAL, if you want to be that pedantic about 'virtualization' then I can see why you took issue with me lumping OpenVZ and KVM together. I don't see why such a narrow view of the term should be used, no benefit is enjoyed by restricting it to that extent. Virtualization in the modern era of usage covers hardware and process virtualization. The hardware abstraction layer is its own thing now and no one would consider it 'virtualization', hell I'm going to guess you don't even though it pretty much sums up what you're saying with only some theoretical differences, practically its exactly what you described. Perhaps those of us who lump them together are wrong and we should get off your lawn ... or perhaps you should adapt as that's how the industry uses it. Or have you side stepped the existence of VPS providers? Or are they just "wrong"?

Re:Puppet

[Alex+Belits]

Virtualization in the modern era of usage covers hardware and process virtualization.

No. Hardware virtualization is an obsolete technology, worthless for any purpose other than simulated environment for testing and reverse engineering. Virtual hosts and isolated environment support in modern operating systems is a modern, useful technology that serves a legitimate purpose -- establishing a layer that provides additional separation between processes and their environments, but exists only in resource handling mechanisms where such separation is desired. Just because the same goal can be achieved through a massive kludge of hardware virtualization, does not legitimize such kludges.

It's common for vendors of an inferior product to make an effort to conflate it with something modern, and it's also common for vendors of superior but new and little-known product to downplay its fundamental differences from the technology it replaces. This does not mean that a car is a mechanical horse, and in the same way it does not turn OpenVZ into a virtualization platform.

The hardware abstraction layer is its own thing now and no one would consider it 'virtualization', hell I'm going to guess you don't even though it pretty much sums up what you're saying with only some theoretical differences, practically its exactly what you described.

"Hardware abstraction layer" is an obsolete technology, too. Well-designed operating systems do not have any "hardware abstraction layer" -- they do not present hardware as an accessible resource to the applications to begin with. In those systems, only drivers are meant to deal with hardware itself, and it's a driver's responsibility to provide whatever abstraction fits the device's purpose. OS treats drivers with the same interface as interchangeable, and can have its own interfaces and resources visible to applications, thus allowing applications to treat all resources without any direct connection to the details of the underlying hardware. This allows software to remain compatible across multiple generations of hardware, easily access local and remote resources, all without software knowing about it, and without any layers of emulation. Linux, all modern BSD and likely most commercial Unix systems are firmly in this camp -- even if you disagree with this design, this is what they have, and this is what you have to accommodate when you intend to run them.

Virtualization re-establishes the need for presenting hardware as pseudo-hardware because it establishes a whole layer under the OS drivers. Additional layers, especially additional layers with functionality identical to other layers, are always a bad idea. It is a bad solution except for one case -- when single host must run operating systems with incompatible driver models (what is never a good design decision in the first place, and is always driven by hardware or software vendors refusing to support the OS that the user actually intends to run). It's an unwanted burden for OS developers to write drivers for such pseudo-hardware, knowing that everything they do will be second-guessed by some other "super-driver" written by VM vendors, people not in the least concerned with efficiency and reliability of the developer's OS.

The best (as in "least bad") virtualization solutions avoid thick layers by utilizing hardware's native access-partitioning capabilities (such as IOMMU), however it's still a massive and completely unnecessary kludge when applied to an OS that already handles such access through its drivers, and has all necessary access-partitioning capabilities built in.

Perhaps those of us who lump them together are wrong and we should get off your lawn ... or perhaps you should adapt as that's how the industry uses it.

If people did not resist massive idiocies and sabotage of technology development perpetrated by "the industry", we would be all running Windows now.

Re:Puppet

[DarwinSurvivor]

Ah, I didn't see anything mentioning that in the original link. So it's more of a pre-Oracle Virtualbox situation then. Good to know.

Re:Puppet

[Trahloc]

'Well-designed operating systems do not have any "hardware abstraction layer"' No. Its a basic choice OS designers make when creating their operating system. Microsoft believes they should be able to change their kernel willynilly without having binary drivers fail after every update. Linus is ideologically opposed to that so Linux requires the method you describe. It is not "well designed" its *ideologically driven* so that companies can't release binary blobs easily. Linus believes if you aren't willing to share your source, gtfo. I can respect that, but when someone like you comes along spouting it as a superior *technical* design it's like someone going on about how great and objective Fox News is.

"A decade later, Unix-like systems have vastly superior GUI". I'm sorry, but no, maybe on a single monitor compared to *XP*, but I use Win7, gui design is a moving target and Unix still lags behind Microsoft which lags behind Apple. Also, good luck getting 4+ monitors working on *nix without tweaking a single thing, windows? no tweaking needed beyond simply dragging the monitor around so it mimics the physical layout. I love linux, but it is far inferior to windows as a desktop OS unless you're using it for ideological reasons, which I can respect, just don't claim its easier to use or superior by default. I'll even acknowledge your own desktop might be superior, but its because you put the time in to make it so, by default its crap. Yes I know thats the whole point, but if the *nix desktops can't have decent defaults and require tweaking every time ... f'that.

I guess we will simply have to agree to disagree on the virtualization front. There are people who need to run ancient operating systems for legal reasons. They can either keep running them on ancient hardware that hasn't been made in ages or they can run it in a virtual environment that never needs to be changed. I see virtualization and its bastards as wonderful things, yes they increase complexity for the system developer, but they simplify it for the users, and frankly, the users are more important.

Re:Puppet

[Alex+Belits]

'Well-designed operating systems do not have any "hardware abstraction layer"' No. Its a basic choice OS designers make when creating their operating system.

And the choice that is based entirely on analogy is usually a bad one.

Microsoft believes they should be able to change their kernel willynilly without having binary drivers fail after every update.

Those two are completely unrelated. Keeping a binary compatibility and having the interface tied to a per-hardware-device model are two separate ideas, both of different degrees of awfulness.

Linus is ideologically opposed to that so Linux requires the method you describe. It is not "well designed" its *ideologically driven* so that companies can't release binary blobs easily. Linus believes if you aren't willing to share your source, gtfo. I can respect that, but when someone like you comes along spouting it as a superior *technical* design it's like someone going on about how great and objective Fox News is.

Just because someone can make all kinds of choices without exploding, it does not mean that some of those choices are not idiotic.

"A decade later, Unix-like systems have vastly superior GUI". I'm sorry, but no, maybe on a single monitor compared to *XP*, but I use Win7, gui design is a moving target and Unix still lags behind Microsoft which lags behind Apple.

Now THAT is a subjective opinion. Still wrong because KDE does everything Windows 7 ever could, and Apple has the prettiest but otherwise unremarkable user interface.

Also, good luck getting 4+ monitors working on *nix without tweaking a single thing, windows? no tweaking needed beyond simply dragging the monitor around so it mimics the physical layout.

Actually I am doing just that, with Nvidia drivers and utilities out of the box (plus Synergy to expand multi-monitor configuration for multiple machines).

I love linux, but it is far inferior to windows as a desktop OS unless you're using it for ideological reasons

Oh, the signature of (usually paid) Microsoft apologists everywhere. No wonder, you defend virtualization -- Windows can't compartmentalize the host on its own, and Windows virtual memory, scheduler, and networking can't get any more awful even if it has layers upon layers of virtualization all the way down.

Configuration management + install server

[halfnerd]

Puppet combined with either Foreman or Cobbler

Re:Configuration management + install server

[Macka]

Cobbler (with preseed) I'd agree with. But Puppet and Foreman, for 15-30 laptops is a bit overkill don't you think.

Re:There is an open source solution

Me thinks you know a lot less than you intimate with that comment... It's always the 'C' players who don't want to share -- as if knowing some fact is any indication of talent or the ability to create value.

the basics

[bleedingsamurai]

Take a look at debian-installer and preseed, rather simular to kickstart for anaconda based installers, or sysprep for Windows. You can probably push the images out over the network via FTP or NFS.

Then you will want to look at making a local apt mirror or cache depending on your needs, to manage updates and such.

This is at a minimum. NIS or LDAP might also be required if you intend to grow the network.http://linux.slashdot.org/story/12/02/26/1730239/ask-slashdot-how-do-you-install-ubuntu-on-30-laptops-and-keep-them-in-sync#

Re:the basics

[allo]

debians kickstart support is just a script converting the kickstart.cfg to preseed commands.

Live CD/DVD?

[Keruo]

Place the stuff you need on a livecd and give usb sticks to the users if they need storage, remove the hdds entirely during the event, then place hdd back afterwards to reset situation?
Samba/nfs share for storage could work also.

Other solution would be to use G4L to ghost all the laptop hard drives, first to backup them, then to image it with your preinstalled linux stuff.
Then repeat after event to restore original system image, but that would take ~10 days to do, both ways, and you'd need ~5-10Tb space to hold copies of the laptop images.(depending on the size of the original hdds)

Re:Live CD/DVD?

Or alternatively - set the USB drive as the default boot device in the BIOS, thus negating any need to fiddle with the HDDs.

XenClient

[WonkoDSane]

XenClient and Synchronizer are pretty awesome, if your hardware fits the bill.

Re:XenClient

[Alex+Belits]

Citrix product, do not use.

There are better sites for this question

[Call+Me+Black+Cloud]

One of the Stack Exchange sites would give you better answers, or at least a set of answers without "frist psot". Take a look at http://serverfault.com/ or even http://askubuntu.com/.

Re:There are better sites for this question

This isn't rocket science and a ton of sysadmins read slashdot (still). There's 2 parts to this: deployment (foreman or cobbler to handle the pxe and kickstart configs) and then configuration management (stuff like puppet, chef or cfenine).

Re:There is an open source solution

[__aavqan3009]

Five points for being a cockstain.

use Clonezilla to make a image

[Joe_Dragon]

use Clonezilla to make a image and just deploy the image to all systems. To make going back easier make a image of the windows install or pull the hdd and just use different HDD's for the event.

Ubuntu Software center sync option

[pllewis]

I've not used it, but Ubuntu 11.10 software center now has a sync option to sync software between computers. https://wiki.ubuntu.com/SoftwareCenter#Comparing_and_syncing_installed_software_between_computers

Are they going to be fixed in place?

[Junta]

If so, you may want to consider yanking the drives and iSCSI booting them. I know at least with Fedora and RHEL/CentOS you can do this, I presume Ubuntu can as well. Set root-path in dhcp in accordance with rfc4173 and boot iPXE. From there take any PXE-capable deployment mechanism and you can proceed without removing or resizing the partitions.

If only 30 and you lack the experience in this area, you may elect to hand tweak an autoinstall situation. I'm not sure if you need to be particularly picky about 'cloning'. In MS it's almost mandatory as so much of the value of an install is in third-party applications. In the ubuntu case all the packages you want are likely already in the distro and debian-installer is really all you need.

All this said, Live usb key is probably the easiest thing. Stock Ubuntu probably suffices...

Re:Are they going to be fixed in place?

[fast+turtle]

I'd say a 16GB flash drive is large enough to not only boot but run Ubunta. Simply build a custom installation and install it to the flash drives. Pull the drives from the laptops though you need to record what machine they came from for reinstall and configure them to boot from usb. Problem solved and if someone borks the system, simply swap a good stick and reimage. Keep in mind that you can probably get 50+ 16GB flash drives for pretty cheap. This gives you several spares for those who decide to take it home. Heck if you're charging for this, add the cost of the flash drives into the price and cut the worry about the things. Cheap Value Added that may give you the option of doing it again.

Re:Are they going to be fixed in place?

[crafty.munchkin]

Yes, but then along comes dickhead attendee #6969, sees the flash drive in the system and goes "woah, cool, free flash drive! score!" and you're left with a hung system...

Re:Are they going to be fixed in place?

[Trahloc]

Some mobos have usb ports on the motherboard inside. It's very handy for exactly the scenario your talking about. Supermicro's workstation boards come to mind.

ltsp with fat clients

Use ltsp https://help.ubuntu.com/community/UbuntuLTSP
Supports fat clients (all aplications run at each laptop).
You only need to install ubuntu in one laptop and let all others boot from the first one with ipxe.
All laptops (apart from the first) are left unchanged.
Very good implementation (solving some minor issues that may arise) used at many greek schools:
https://launchpad.net/sch-scripts (all documentation is in greek)

Re:ltsp with fat clients

[jvin248]

Yes. This. LTSP is great. However, you need ethernet (hard wire) for it to work. You won't be able to wifi it across. For a no brainer starter system, go to Edubuntu.org and download their DVD. Install that on the master node. And launch LTSP from it. Change the desktop background default if you've got some serious folks and not kids using it. It has the latest LibreOffice installed plus a lot of other good stuff.

The other option is to just load Ubuntu OS's on a fist full of USB drives (4GB are fine) and pull the HDDs from all the laptops (make sure you ID the HDDs as Windows has the annoying feature that it will not run if the HDD is put in a different computer chassis, it records things like mac address and mobo serial #). Put two partitions on the USB drives, first is normal FAT that windows can even load, the second (bootable) is where you use Ubuntu's System/Administration/StartupDiskCreator. That way there is some user storage space along with the full OS.

.

Re:ltsp with fat clients

Your point about windows not starting if you put the HDD in a different computer is bullshit. I replaced every part except the HDD in a Vista machine and it didn't require me to reactivate. I've had problems with XP and earlier systems not booting if you change a single piece of system hardware, but they've fixed all of that in Vista and 7.

Re:ltsp with fat clients

[doodleboy]

Well, you can PXE boot LTSP over wifi if you have a wireless bridge. It's not exactly reliable though, at least it wasn't when I tried it last year.

Where I work we have 300 remote locations running LTSP on lucid. One server at each location, perhaps as many as a dozen thin clients using PXE boot. We built our own update mechanism, where the LTSP servers rsync a directory tree that contains the updates. Anything new, they run the update. If an update fails for whatever reason they send an email back to hq. It's been working fairly well for us.

LTSP enabled us to put a modern Linux desktop with Firefox, OO.org, etc, on the desktop of every underpowered thin clients that we own. This saved us from having to obsolete a big chunk of our infrastructure, probably a couple million in new hardware and depreciation costs.

We used a Clonezilla cluster to build the disk images. We wrote a config script that configured the base images (hostname, network, etc) for each location. It was a big effort but it went well.

Radmind

[Ummon]

http://rsug.itd.umich.edu/software/radmind/

FAI

[marcosdumay]

Debian (and thus Ubuntu) comes with a Fully Automated Installer (shortened as FAI). Take a look at synaptic, and at its manual.

Re:FAI

[jedidiah]

The whole thing seems like a rather silly question for a platform that already has a very mature automated installer.

Re:FAI

[bagofbeans]

'spect you're right, but reading down, yours was the first condescending answer that also offered no help.

In the engineering fields I'm experienced in, I find newbie questions produce alternative answers from other people that I've not come across before...

Re:FAI

[allo]

fai is a really bad pile of shellscripts. try to use preseed, its much more useful.

Re:FAI

[jedidiah]

It can be quite helpful to mention the obvious when people seem hell bent on ignoring it for no good reason.

Re:FAI

[Alex+Belits]

'spect you're right, but reading down, yours was the first condescending answer that also offered no help.

In the engineering fields I'm experienced in, I find newbie questions produce alternative answers from other people that I've not come across before...

In the engineering fields I am experienced in (software and embedded systems), I usually find newbie questions gathering answers from people working in the fields I would rather prefer never being involved (Windows GUI development, marketing, being a high school dropout, etc.)

Re:There is an open source solution

[Smallpond]

It's called take a fucking CS course at your community college or ask on the Ubuntu forums full of dimbulbs who think "ls -a" is a lifehack.

Why would you take a CS course for an Admin problem? I think you don't know the first thing about computers.

Simplest solution

[RedLeg]

Remove the HDs

Boot from a CD (live CD distro), allow user-owned USB drives for persistent storage.

Optionally, customize the live CD to your needs, installing and removing packages to suit the task.

Red

Re:Simplest solution

[multimediavt]

Remove the HDs Boot from a CD (live CD distro), allow user-owned USB drives for persistent storage. Optionally, customize the live CD to your needs, installing and removing packages to suit the task. Red

Honestly, for the situation OP's in (obviously a relative noob to true sysadmin if he has to ask) this is the easiest and best solution. Only issues he might have are dhcp and dns, given we know nothing about his network environment. This and similar posts should be modded up. Ye ole Keep It Simple Stupid Rule applies here for sure! Oh, and be explicit as LiveCD also applies to DVD, i.e., a DVD has more space (dual layer at 8.5 GB) and can hold a larger live image.

Re:Simplest solution

Laptop...ever used the CD-ROM drive on a laptop? Noisy buggers.... Also high risk of damage to the disk.

Re:Simplest solution

Unless you are going to reburn the CDs all the time this means you will get no security updates. It may require more work but i'd try and network boot them so that they can be kept up to date. The simplest way to do it might be to use the LTSP features in Edubuntu.

CFEngine?

[mattgick]

http://cfengine.com/ The community edition is open source and available from the Ubuntu repository.

Re:There is an open source solution

[jedidiah]

An academic background in CIS can be very handy for dealing with "Admin problems". Having something resembling a clue helps in any field or endeavor.

It helps to be more than just a trained monkey.

How to

Step 1: Ignore StackOverflow, Ubuntu forums, or other sites that will give more accurate info. Instead ask on a site with people of questionable talent and experience with what you're using.
Step 2: Implement poorly researched solution and fck up the entire project

Re:How to

[dugjohnson]

Hey, I just gave a solution and I've never done this exact thing before, so, uh....wait a minute....never mind.

Re:How to

[ben_kelley]

Step 2: Implement poorly researched solution and fsck up the entire project

There fixed that for you.

Re:How to

[cshark]

Questionable talent? I hope you're only speaking for yourself.

Ask Canonical

[Quantum_Infinity]

Ask Canonical. If they can't give a good solution, they deserve to fail.

Re:Ask Canonical

[kcbnac]

They'll say Landscape. http://www.canonical.com/enterprise-services/ubuntu-advantage/landscape

$105/year Desktop
$320/year Server

For 'bulk' (more than 5) contact them for "special" pricing.

I wish they didn't do this, I'd love to try it and use it myself, locally hosted.

But I'm NOT paying them for the feature.

They proclaim the wonders of Open Source and Ubuntu - then go and drop in closed-source crap that there is no replacement for. Hack something yourself, or pay them stupid amounts of money to use what came preinstalled.

RE: Laptop Management

I recently was in the same bind, with a bunch of desktops instead. I was given the task of backup and restoration of 50 desktops in a Computer Science student lab at the uni I work for. I decided to go the route of a Clonezilla server for backup and restoration. All the machines are Dell Optiplex 755's stock, with Windows 7 and Linux Mint Debian Edition dual boot. They all have 120 gb harddrives. I used an unused 1u server and bought 4 2tb Seagate harddrives off Newegg. The lab is wired with cat 6 and is a gigabit network. On average with the server setup it takes about 10 minutes to image all the machines and about 5 or so to restore them all. The server can do this by taking advantage of multicasting. It's easy to setup and the best thing is it only images the used parts of the harddrives. This means in my case each machine's image with both OS is only around 15-20 gigs. Hope this helps.

Clonezilla is my advice

[KowboyKrash]

I would make a clean clonezilla image of one pre–setup for the restore after your project. Then after configuring one to your specifications make another image. Then clone the ubuntu image to the un touched ones. When the project is over re image them all to the original imag. If you use a samba server and image via network you should me able to the images in one batch maybe a days work.

Chef

[bigattichouse]

simple - chef:

http://www.opscode.com/chef/

Repeat what you did 29 more times...

[EmagGeek]

.. just kidding :-)

cloud computing

Synergizer your company with cloud computing. Put your company ahead of the curve with LTE-based CRM cloud workshop. It's all about maximizing profits.

FOG Project for Imaging

[Jonah+Hex]

Although primarily aimed at doing Windows imaging, you can also use it for Linux only or side by side rollouts. That said, I'm going to be looking at some of the other links posted in this thread myself.

FOG Project

FOG is a Linux-based, free and open source computer imaging solution for Windows XP, Vista and 7 that ties together a few open-source tools with a php-based web interface. FOG doesn't use any boot disks, or CDs; everything is done via TFTP and PXE. Also with fog many drivers are built into the kernel, so you don't really need to worry about drivers (unless there isn't a linux kernel driver for it). FOG also supports putting an image that came from a computer with a 80GB partition onto a machine with a 40GB hard drive as long as the data is less than 40GB.

HEX

Re:FOG Project for Imaging

[gutoandreollo]

Disclaimer: I've managed a large machine deployment with FOG, and developed quite a workflow and even some patches based on that. IF (that is a big IF there) all your machines are equal;, and mostly if the Windows Install is the same (as in stock windows install), FOG would be a really good choice for that.. The easiest think would then be capturing one of the windows installs, reformatting it as you see fit, and then capturing that installation, and deploying it to all the stations.. with multicast deployment, cloning 29 machines takes as long as cloning a pair of them. Don't forget to TEST. After you capture your windows machine, redeploy it to the same hardware to double-check your process!! If it fails, capture another machine and keep redeploying on the same one until you're absolutely sure it works. You have even better changes if your windows install is still factory sealed (never been booted). I've had huge success with dell machines, where I could simply reinstall a machine with factory windows as needed (full AD join), and then back to linux in under half an hour. Also, with a FOG server, you can always add other boot options to the already configured PXE environment (LTSP or ThinStation, for instance).

Re:FOG Project for Imaging

[Jonah+Hex]

I only use it with install images, the state before "factory sealed". Prepare with WAIK and install via FOG, plus use it for the extra PXE options. Last I heard from the company they were up to 30K machines deployed in many different flavors off the one image and FOG server I setup. HEX

Re:There is an open source solution

[Mullen]

You must be a software developer.

Having a CS or CIS degree in IT is extremely handy.

Re:There is an open source solution

[Hognoxious]

It helps to be more than just a trained monkey.

s/trained/cheese eating surrender/

Easy

[Mullen]

PXE + Kickstart (Ubuntu Equivalent) + CFengine + mrepo + Handfull of simple scripts = Cloned machines environment.

I have this setup at work and new users pick their Red Hat choice (They are given a short list) and kickstart, some scripts and CFengine takes care of the rest. Need to make a changes to 300+ Linux Desktops? Update CFengine and wait until it's hourly run happens and you're done. Need to force certain packages on? Update CFengine and wait until it's hourly run happens and you're done.

Re:Easy

[Skapare]

Half way through that I branch off to rsync to populate the system. Then I SSH in via the IPv6 pre-configure link-local address and custom tweak. Reboot. Done.

Oh, and there are alternatives to PXE, like USB memory sticks.

Why not VMs?

[dugjohnson]

I run VMs (different versions of Linux and Windows) on top of a Windows host all the time. Ubuntu won't have much of a performance hit. You can run them using VMPlayer (I did that for months until I finally upgraded to VMWorkstation) and installing is a two step...install VMPlayer, then copy the VM. Just an idea.

Re:Why not VMs?

SECOND!

Re:Why not VMs?

[Arterion]

Exactly! I may not understand the problem, but if they have working copies of XP, why not set up a VM for VMWare Player, install it on the clients, then copy the VM over.

Seems like a hell of a lot easier than trying to automate changes to hard drive partitions. (Which is an interesting thing to do, though.)

I dare declare the correct answer to be....

clonezilla, or some sort of cloning solution for this one-off event in France. All other answers I declare incorrect -- puppet, chef, cfengine will just get your configs done. He'll still be configuring puppet, chef or cfengine when the event starts.

Use the right tool for the right situation.

Parallel SSH

[flyingfsck]

One no nonsense way is with parallel SSH.

Re:Parallel SSH

[Zero__Kelvin]

Why not rsync?

Re:Parallel SSH

[Skapare]

I did that for a bank of 10 machines 12 years ago. They are still asking this question today?

VirtualBox?

Would VirtualBox work for what you need? Then you could tame windows on the 30 machines anyway you like.

Obviously

An obvious job for AD Group Policy.

IT admin does not = business admin

[Joe_Dragon]

a it admin is a tech person not a business person and CS is not IT.

Preseed + Config Management

I would recommend a nice preseed and config manangement solution. Booting via PXE, starting the installer and using a preseed file is quite well documented and easy to do. After that I would recomment Chef for config managent. I may seem young and harder to learn, but actually after you start using it, it gets quite a lot simpler than puppet, cfengine or others.
Keeping all of them updated is quite a hard task. APT is great at doing so, but it not that easy to do it in a coodinated manner. If you just activate unattended upgrades you never know when it is going to happen and updateing firefox and thunderbird is quite cheesy. So maybe in your case it would be best to not do any updates for the time of this conference.

Re:Preseed + Config Management

[Skapare]

I just booted an in-RAM system via PXE and/or USB memory sticks on each machine, and populated the hard drive via rsync. I didn't even bother with DHCP and used IPv6 link local addresses to get started, and updated each machine's network config with a MAC to IPv4 map (only once, because sometimes I do need to replace NIC cards or motherboards and I don't want a machine's personality to be lost because of that).

CS in IT is handy for not knowing what you are doi

[Joe_Dragon]

CS in IT is handy for not knowing what you are doing but having a lot therey.

Now CS my help you be a developer but some times it's so high level it does not help.

But for IT tech / admin work? A tech school will help you a lot more.

Partimage and just SSH

[Culture20]

If you only have 30 machines for one event, puppet/cfengine is overboard. Just set up a passwordless SSH key for root (remember NOT to put the private key on the laptops), and just use a simple script to send the same commands to every laptop.

For cloning, use partimage, clonezilla, or ghost. BUT, if you need to keep the windows partitions (each one is likely licensed differently), only copy the Linux partition and boot sector, not the whole disk.

Re:Partimage and just SSH

[vlm]

If you only have 30 machines for one event, puppet/cfengine is overboard. Just set up a passwordless SSH key for root (remember NOT to put the private key on the laptops), and just use a simple script to send the same commands to every laptop.

You forgot error recovery and logging. So PC #25 was rebooting while your script ran... does that make the script fail, perhaps silently? Does that mean all the PCs except #25 are OK, or #25-(end of list) fail? How do you know to rerun the script later? How many times do you have to run it by hand to "make sure" it ran on all machines? You can add logging and some sort of retry mechanism... Just remember that those who try not to use puppet, end up rewriting puppet, just takes a long time and painful bugs. apt-get install puppetmaster on the main and apt-get install puppet on the remotes is just too easy to bother writing a clone of puppet out of shell scripts.

Puppet is much like AFS or LDAP or well, practically any service, the first time you set it up you're all "WTF?" and the second time its no big deal. Google for some tutorials, screencasts... Doing a really halfway job writing it yourself is terrifyingly harder than just using puppet.

Re:Partimage and just SSH

[Antique+Geekmeister]

> Just set up a passwordless SSH key for root

No. If you worked for me and I caught you doing this, I would first write you up for a direct security violation, and if I caught you doing it again I would fire you. Passphrase free keys leave your deployed network vulnerable to anyone who can steal the key from the hacked server, backup, or anyone who manages to walk off with that key by other means. Doing this is as bad, if not worse, than putting a post-it note with the rude password on your desktop monitor.

Setting up an ssh-agent to passphrase wrap such a remote root access key is a basic step. Restricting remote access to the designated management server is another basic step in protecting such a network from root key theft. Throwing such unprotected keys around is unfortunately, a very common practice among systems people who believe that "if they're inside our network, we have much bigger problems". Since these machines are laptops, they will be walking into and out of the network, and it's reasonable to assume that the network will be attacked from a machine inside. Basic security practices, such as system updates, password expiration, and access key handling should all get some attention to protect the network.

Re:Partimage and just SSH

[Culture20]

You forgot error recovery and logging. So PC #25 was rebooting while your script ran... does that make the script fail, perhaps silently? Does that mean all the PCs except #25 are OK, or #25-(end of list) fail? How do you know to rerun the script later? How many times do you have to run it by hand to "make sure" it ran on all machines? You can add logging and some sort of retry mechanism... Just remember that those who try not to use puppet, end up rewriting puppet, just takes a long time and painful bugs. apt-get install puppetmaster on the main and apt-get install puppet on the remotes is just too easy to bother writing a clone of puppet out of shell scripts.

The submitter wants max 30 machines, and only for a limited time. Telling him to learn how to use puppet would waste his time. If he just wants to install a piece of forgotten software after the event has started, a quick (bash runonallmachines.sh apt-get install foobar) could print out the info to stdout, and reading through 30 such messages isn't that big of a deal. Sure, if this were a long term project, or if he had more machines, puppet would make sense, but why not stick with something easier to use when there's no need to step it up a notch?

Re:Partimage and just SSH

[Culture20]

Throwing such unprotected keys around

You did notice I said NOT to have the private keys on the laptops themselves? The submitter wants something easy to use for a limited period of time (an event). Chances are, submitter won't even encrypt the drives, so there's not much preventing a bad apple from throwing their own passwordless ssh public key on the laptop. But once that happens, all they have access to is 30 laptops which can all be reimaged in no time, and they would be at the end of the event. Whoopie.

Doing this is as bad, if not worse, than putting a post-it note with the rude password on your desktop monitor.

Did you mean root password? Anyway, it's not like that at all. A passwordless SSH key is not like an open door. It's more like storing the root password in a vault (unless you keep your private keys on non-secure machines). I mean seriously, if you store your passphrase-enabled private keys on your desktop machine and someone owns it with a browser exploit, don't you think a keylogger is the next step? So at that point, the only reason a passphrase-enabled SSH key would be safer than a passphraseless SSH key is if it's never used. So why have it anyway? Force all logins to the machine to be via console. Remove SSH. Block all ports. No remote access of any kind.

If you worked for me

I would never work for you. You don't know the difference between a public and private key.

Re:Partimage and just SSH

actually, it is pretty simple to restrict what a passwordless key can do.

You can set it up so it will only accept a connection from a certain ip addr, and only run scp with a single destination. I use this setup to sync a partial directory extract into a set DMZ hosts. The script that picks up the destination file does a sanity check, so not a lot of damage possible, if someone tried to do "evil". Works great.

Ssh agent is great for interactive uses. Scripted unattended processes that must always work, not so much.

Just pointing out that your reaction was a bit black and white.

Re:Partimage and just SSH

[jon3k]

Sounds like the perfect job for ClusterSSH!

Re:Partimage and just SSH

[jon3k]

Doing this is as bad, if not worse, than putting a post-it note with the rude password on your desktop monitor.

Not if you have a reasonably sane method of securing the private keys. I'm not advocating password-less keys, but that comparison is WAY overboard.

Re:Partimage and just SSH

[Antique+Geekmeister]

I'm afraid that it's not overboard. The "sane method of securing the private keys" is the equivalent of keeping the aforementioned monitor in a locked office. It's better, but it's still vulnerable to similar access problems..

Re:Partimage and just SSH

[Antique+Geekmeister]

I should have spelled it "root password". Forgive me, if you wish. My wrists are bothering me.

The additional steps you describe to secure the private key are simply not common practice, and do not accout for system backup, remote access, or failover of that critical configuration server. Each of those creates another vector or set of vectores to steal the keys: it's too many paths for any production environment, and the ease of setting up an ssh-agent makes such passphrase free keys evidence of simple laziness or incompetence for system administrators.

You may not believe I'm aware of the distinction of a private and public cryptographic key, but I'm afraid that I do. I also know what happens when fools who should know much better scatter unprotected administrative keys around, including poorly secured home directories, laptops, and backup media. Since there is no well-supported expiration for SSH keys, they remain an extremely dangerous hazard until the keys are altered: such updates and rebuilds are a management nightmare. I'm afraid it comes up several times a year professionally, with partneres that are at profound security risk and waste my group's time cleaning up before we can share resources with them.

Re:Partimage and just SSH

[jon3k]

So first you disagree, then change the analogy to a totally reasonable method for securing objects?

When people need to secure physical objects at work (eg - HR files, keys to storage areas, etc), what do they do with them? That's right - the lock them in offices. This is a completely reasonable method for securing things.

Re:Partimage and just SSH

I'm not sure how your post gets an informative score of 4 when you are rude in your heavy criticizism and yet provide no real or theoretical proof on your basis of increased security by using a passphrase compared with a RSA key.

Re:Partimage and just SSH

Since there is no well-supported expiration for SSH keys, they remain an extremely dangerous hazard until the keys are altered: such updates and rebuilds are a management nightmare. I'm afraid it comes up several times a year professionally, with partneres that are at profound security risk and waste my group's time cleaning up before we can share resources with them.

Not to dispute your original premise (IANA sysadmin), but isn't this the sort of problem that Kerberos and PKINIT were designed to solve?

Re:Partimage and just SSH

[vlm]

a quick (bash runonallmachines.sh apt-get install foobar) could print out the info to stdout

This seems to be turning into an endless array of "lets find even harder wheels to buggily reinvent". Its NIH all the way down each step of the way... The proper way to do this wrong thing in this situation, is to "apt-get install dish" which is the distributed shell package. Put yer list of hostnames in ~/.dish/hosts and yer options in ~/.dish/options (-p0 and -T 300 are fairly popular...). Any sane person has already figured out ssh keys and ssh agent and sudo all that before hand. Then its just "dish apt-get install foobar"

Also if you've ever tried this unique form of cluster package management, its a fail if apt-get blocks on some debconf questions, or blocks on waiting on input asking if its ok to install dependencies. Also fails if any previous package installation failed awaiting dpkg-reconfigure -a or whatever. And it fails if something went weird during the most recent (perhaps automatic?) apt-get update. Again, you've not figured out how to manually process the logs or manually process failures.

It is true that there exists a way to do package management which is harder and slower and more tedious, and that is to manually by hand ssh into each machine and run each command by hand. But finding a solution one millimeter above the absolute bottom of the barrel, doesn't mean you've found the optimum solution.

You are correct, in that you've just found a way to avoid the staggering and overwhelming job of adding this line to some init.pp file on ye olde puppetmaster:

package { "foobar": ensure => latest }

Seriously, using puppet really IS that hard. We're not talking about writing a Turing machine in sendmail M4 macros here. Puppet was designed to do Exactly what you're trying to do, and do it very well, very easily, and very quickly. So, just do it... There's absolutely nothing wrong with hacks for the sake of doing a hack, or reinventing something to figure out how its done. But when its time to work, use the right tool for the job. Don't install drywall screws with a hammer.

Ubuntu on 30 machines - dual boot to be retained?

[AndyCater]

Wubi

Virtualbox and a standard virtual image

Pack an ubuntu mirror - if network access is slow, it will help.

As others have suggested, LTSP will work if you set the machines to boot from the network.

more info on your setup

[Joe_Dragon]

On the sever what is taking up 4 TB2 hdd's? I hope it is in some kind of raid setup.

15-20 gigs seems small for a dual boot OS I take it is basic install lacking lot's of added software on each os.

Are there more then 1 image say with differnt software loads?

How often are the images updated?

Re:more info on your setup

[spire3661]

WHy do you hope they are in a RAID setup? RAID is for speed. Speed in access or speed in recovery, nothing more.

Re:more info on your setup

Really? So RAID has nothing to do with redundancy?

Re:more info on your setup

[Zero__Kelvin]

" RAID is for speed. Speed in access or speed in recovery, nothing more."

Actually, RAID does quite a bit more than for which you credit it.

Re:more info on your setup

Yeah, SAID is the new RAID (speedy array on inexpensive disks for all you noobs).

Re:more info on your setup

RAID is for speed.

I..wat? Certain RAID configurations may improve read IOPs at the expense of write IOPs, but no one in their right mind actually says "RAID is for speed". RAID1 (Or RAID10) for example, doesn't do much for speed.

In answer to the original question: PXE, Debian pre-seeding and either Chef or Puppet.

Re:more info on your setup

[smash]

RAID 10 does help with speed. 4 disks = 2x io throughput of single disk (both read, and write) + resiliency to handle up to 2 drive failures. the only way you can get better speed than a single disk (assuming you have the fastest disk you can get) is to add more disks and stripe them...

Re:How did you guys get Ubuntu...

You're such a troll.. Ubuntu is awesome. They moved the close button to the opposite side -- so they can be special. And they have the really cool bar on the left site of the screen. It uses Unity.. no one uses Unity because they aren't special like Ubuntu. It's super-optimized for tablets.. even though no one uses it on tablets. And instead of a drop down menu, they're going to add a text field.. because everyone loves clicking on a button with their mouse, then switching to the keyboard to type in what they want. People LOVE typing.

for a non windows OS?

[Joe_Dragon]

and that still does cover the imagining part

Ltsp

[goldgin]

It's called LTSP. Linux Terminal Server Project. Just make sure you build fat clients.

Virtualise

[arisvega]

What if you install a virtual machine once, and then copy it over to the other machines?

Also, if everything else fails (my apologies for saying this but somehow you don't give out a vibe that you are on top of the situation) is it the question for people to be able to use laptops, but not being able to mess around on them? Then I guess your final -and easy- option is to just open accounts for them in the existing OSes, and tell them to act civilized. Is that an option?

Re:Virtualise

[arisvega]

open accounts for them in the existing OSes

Sorry, I just saw that it has to be Ubuntu- how about wubi? It is a windows-based Ubuntu installer, it installs an Ubuntu system without partitioning that stands as a cluster of files in the host windows, it is not virtualised (both systems don't run at the same time) and if you carefully set up the boot loaders on the other machines, you only need to copy over one (huge) file -the "image"- into the other machines. In addition, you will have to remove the option of booting to Windows, and then go in via a bootable USB and fix it in the aftermath. Then you remove wubi and the computers are as they were.

Re:Virtualise

[marcosdumay]

Why bother with virtual machines? He can just tar the partitions of one machine, and copy them into the other machines. Then, copy /dev/null and /dev/console, run grub-install /dev/sda (or whatever is it), and you are done.

But still, that is more work than it should take.

System Center Configuration Manager 2012

Package management in Ubuntu... oh fun. Why not use System Center Configuration Manager 2012 to manage all of your Linux/Unix devices?

tax haven

ubuntu is headquartered in a tax haven!

Re:There is an open source solution

[Sfing_ter]

i did 'apt-get install clue', but my users still won't learn...sigh...

Acronis True Image

Just create and Image from acronis, or norton ghost and multi cast it out or image one by one

Simple is better

[fishthegeek]

I ran a small, 25 seat lab with Ubuntu. I installed Webmin on each workstation and took advantage of the cluster features. Combine that with ClusterSSH for other tasks and the lab was remarkably easy to manage. This isn't suitable for a largish network but worked well for me.

dd

[nullspoon]

It kinda depends on how you want to do post-install management, but for duplicating a computer, you could always use the dd command in ubuntu. The catch is all of your duplicate drives must be exactly the same size or larger than your source drive or you will have file system boundary issues. Dd should do the trick though as it will create a bit-for-bit duplicate of anything. That includes filesystems. One problem might be thoughthat all of your windoes boxes will be using the same copy/license of windows.

Re:dd

[Skapare]

I'm sure configuring a different IP address for each machine would be important. That or just run your network DHCP'd. I'd at least use IPv6 link local addresses to login with (they actually are more reliable).

if the laptops are all alike

[Locutus]

I'd used a network backup server in a virtual machine previously and first backed up the default image. What was nice about the backup server was it had an iso image of a boot disk you'd use to boot and backup a machine so no worries what OS was on there. After the initial backup, do you disk partitioning, installation of Ubuntu and then create a Ubuntu repository image and set that new client to use that repository for updates. Now back that disk up and use it as your base image for all your laptops.

Now your clients can stay updated based on what you setup in the update repository and you have default images to restore should you want a stock system again or you want to add more clients.

If you're talking about managing the data on the clients then use LTSP on the clients and use the same repository server to manage the LTSP clients.

"pba backup" is the backup server I used back when I did this.

LoB

Re: Laptop Management

Thank you for a realistic reply. All too often when you have a problem and Google about it, there is highly suspicious info, or 'experts' mouthing off at the 'noob'... along the lines of a post somewhere in this article's comments where the tip was to complete a 4yr CS degree (overnight of course) complete with expletives. I was taught that there is no such thing as a dumb question.

clusterssh

[bstamour]

If you have ssh access to the laptops then use clusterssh. It's a simple program that takes your keystrokes and sends them to all of the machines you're connected to. So doing an

# aptitude update
# aptitude safe-upgrade

on 30 machines is no harder than doing it to one.

Re:clusterssh

[Skapare]

How about the initial install that has to resize MS Windows first, then install Linux in the emptied space?

Use a Knoppix LiveDVD instead

[Barbara,+not+Barbie]

No installation, no futzing around with resizing partitions or restoring afterward, no time wasted,, and if people like it you can just give them the DVD to take home. If the machines have enough ram, you can load the entire DVD into memory. If not, just use the LiveCD and load that into memory - the performance will be great.

Re:Use a Knoppix LiveDVD instead

[Alex+Belits]

And a horrible delay when anything is started. And no security updates. And no way to install anything. And no support for proprietary video drivers. And unlikely to have working power management, combined with horrendous boot time.

Re:Use a Knoppix LiveDVD instead

[Barbara,+not+Barbie]

Get real. You only boot it once, at the beginning of the day. A new version was released in the middle of September. And it's certainly going to be better than slackware, which has had less than 30 updates since it was released last March (slackware is, for all intents and purposes, dead)

And if you have the dvd, you don't need to install anything - it's got LOTS of programs. And it's pretty good for video. And who cares about power management - this is a demo - they're going to be plugged in. And if you're worried about the slow program start times, you load the whole cd or dvd into ram, or you install it on a flash card or usb key.

And all this can be tested in 10 minutes ahead of time.

So instead, you'd rather the guy mess around with people's partition tables - not smart if it's not your own machine.

I know - you're just down in the dumps because it's Monday.

Imaging

use FOG - http://www.fogproject.org/

Bootable Customized LiveCD

A bootable customized LiveCD is the optimal solution and leaves the host system untouched. Anything else is overly complex and unwarranted in the scenario you put forth.

Re:Bootable Customized LiveCD

[Skapare]

That's one way. I had to do this with a stack of netbooks. I just made a USB memory stick do the same thing. I've also read about people doing this with PXE. Ubuntu has packages to do this either way. No doubt Debian and Fedora could, too.

Use puppet to keep everything in sync!

Use Puppet! http://www.puppetlabs.com . It allows you to push updates, configs, and the like. This way, if a new distro comes out, you can still push out updates between different releases until all are sync'd up.

Re:Use puppet to keep everything in sync!

[Skapare]

I see several people answering this Ask Slashdot have suggested it. But no one, not even the puppetlabs web site, explains either what it is doing, or why it is better than the old ways. It seems to all be oriented to PHBs that might see it before they realize their SA has just been doing it all along without any payware.

Re:There is an open source solution

[Alex+Belits]

It's called take a fucking CS course at your community college or ask on the Ubuntu forums full of dimbulbs who think "ls -a" is a lifehack.

Why would you take a CS course for an Admin problem? I think you don't know the first thing about computers.

Because IT and MIS courses are usually Windows-only.

spacewalk

spacewalk

Use MetaConfig

[thomasdn]

Use MetaConfig configuration management system. It is similar to Puppet, but easier to use. Give it a try.

Puppet is old school, check out Salt

Salt is a very quickly progressing new project that takes a different approach to automating setups. It is very youg but the community is growing crazy fast (I think it had as many contributes last year as chef!)

But check it out:
http://saltstack.org (I hear they will have a nicer page up soon)

Re:Puppet is old school, check out Salt

[ricochet2200]

IMHO, it is faster, easier, and all around better than puppet...not to mention it was a Black Duck Software Open Source Rookie last year. http://www.blackducksoftware.com/rookies/

Re:Puppet is old school, check out Salt

[Macka]

Different approach my ass. Having just spent 30 mins scanning the site and reading the tutorials I don't see what's all that different to Puppet. On the contrary, the functionality and concepts look strikingly similar, albeit with different terminology, syntax and style. To my eye this looks like a Puppet rip off, though there was a noticeable lack of documentation on how Salt handles run time errors; whether it supports true resource dependency graphing as Puppet does; or even if it has a Puppet style dry-run (noop) mode.

Easy...

[mswope]

1) Load all 30 computers
2) Lock all 30 computers in a closet.

ISconf

or any other solution from this Wikipedia article: https://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software

so, you are hoping

for simultaneous ubuntu orgasms?