Ask Slashdot: How Do You Install Ubuntu On 30 Laptops and Keep Them In Sync?

New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."

Puppet

[BHearsum]

http://puppetlabs.com/

Re:Puppet

[vlm]

http://puppetlabs.com/

LOL this is the weekly ask /. where the questioner describes the perfect application for Puppet and then asks what to use.

My only other addition is install and set up torque and dish.

Torque is a decent queuing system. Everybody queue up a job to do "something" as quickly as possible, but strictly one at a time.

The DISH distributed shell lets you run a single command line (which could be a script...) on all machines right now. Simultaneously or whatever.

Re:Puppet

[realityimpaired]

Puppet would be the perfect tool for the job, but there may be a reason he can't use Puppet.

If that's the case, set up your own repo. Mirror Ubuntu's repo, and configure all of the systems to only connect to your repo. Set them to automatically update nightly, and bob's your uncle. If you want to push something to the computers, then push it to your repo and they will update during the overnight push

Re:Puppet

[X0563511]

This is the argument of a stuck-up admin who runs a handful of machines.

Stick a zero or two on the number of machines you manage and see how your tune changes.

Re:Puppet

[X0563511]

Say what?

Re:Puppet

[nahdude812]

Here is the link to Ubuntu's custom install CD article: https://help.ubuntu.com/community/InstallCDCustomization. Create your own custom installer, and use that to image all the laptops.

Re:Puppet

[RocketRabbit]

You forgot to reply as an AC.

Re:Puppet

[DarwinSurvivor]

Either I'm missing something obvious, or it's free for 10-nodes and you start paying quite a bit for anything beyond that. http://puppetlabs.com/puppet/how-to-buy/

Node Packs Puppet Enterprise with Standard Support and Maintenance
10 FREE
25 $1,995
100 $6,995
250 $16,995
500 $29,995
1,000 $55,995
More than 1,000 Contact sales@puppetlabs.com

You DID miss something. You pay those prices if you want SUPPORT for the licenses. If you can support yourself, just use the Open Source version. Sort of like RHEL vs Fedora

Re:Puppet

[Vanders]

Either I'm missing something obvious

You're missing something really, really obvious. The prices you quote are for PuppetLabs support (Enterprise Puppet). Open Source Puppet is free. Tree it: "apt-get install puppetmaster". I've had ~400 servers running from a single Puppetmaster instance (~4800 divergences per. hour).

Having said all of that, I'd recommend Chef over Puppet these days. Again, Open Source Chef will work perfectly well for free, or you can pay Opscode for support.

Re:Puppet

[timbo234]

Exactly, I'm so sick of the condescending bullshit posted on sites like slashdot from sysadmins who think that because they do everything manually or with custom scripts they are somehow better. As a sysadmin you're hired by a business to administer the systems efficiently and in a way that someone else could take over without too much trouble if you got hit by a bus or decided to leave.

Systems like puppet can usually cover 90%+ of the configurations in an organisation, leaving you the time to properly focus on the inevitable corner-cases and learn to use their 'toolsets' or whatever else properly.

Re:Puppet

[sidthegeek]

He's a Microsoft shill. Pay him no attention.

Re:Puppet

[garyebickford]

10 seconds with Google would have given this guy a dozen choices! hell a whole minute on the Ubuntu forums would have easily given him a dozen more, and who better than the guys that help folks with that OS?

I disagree. Google is a good place to start, but once you have a dozen choices, how do you find out the good & bad of each one, the secret tricks, and so forth? So it's good to start there but also to research other forums, and then check places like Slashdot for the latest and greatest experience. A lot of advice in old forums is out of date, often by years. Unfortunately Google is as likely to give advice from 2006 as from today. Ask Slashdot is a fertile source of good opinions by people who've 'been there, done that', and more importantly, may have done it last week, from a broader experiential spectrum that the Ubuntu forums. To me it can be like asking the guys around the lab what they think about the problem. Of course, not always...!!

Re:Puppet

[Alex+Belits]

I'm not sure about the security aspect so much, but on the performance side, if everything is running over a local LAN, then that shouldn't be a problem with only 30 machines.

You are stupid.

I would imagine there are solutions that can address most security concerns as well.

Scratch that, you are a dangerous idiot. Kill all your friends, then yourself.

The only solution to a security problem of having Windows full access to everything that is supposed to run Linux, is not running Linux under control of Windows in the first place. And killing everyone who proposes something that stupid.

Re:Puppet

[interval1066]

He said he needed to return the underlying OS to its original state. The easiest way to do this is run Linux as a vm, and simply delete the vm image and engine when he's done. Ergo: legitimate reason. So GTFO.

Re:Puppet

[Alex+Belits]

'Well-designed operating systems do not have any "hardware abstraction layer"' No. Its a basic choice OS designers make when creating their operating system.

And the choice that is based entirely on analogy is usually a bad one.

Microsoft believes they should be able to change their kernel willynilly without having binary drivers fail after every update.

Those two are completely unrelated. Keeping a binary compatibility and having the interface tied to a per-hardware-device model are two separate ideas, both of different degrees of awfulness.

Linus is ideologically opposed to that so Linux requires the method you describe. It is not "well designed" its *ideologically driven* so that companies can't release binary blobs easily. Linus believes if you aren't willing to share your source, gtfo. I can respect that, but when someone like you comes along spouting it as a superior *technical* design it's like someone going on about how great and objective Fox News is.

Just because someone can make all kinds of choices without exploding, it does not mean that some of those choices are not idiotic.

"A decade later, Unix-like systems have vastly superior GUI". I'm sorry, but no, maybe on a single monitor compared to *XP*, but I use Win7, gui design is a moving target and Unix still lags behind Microsoft which lags behind Apple.

Now THAT is a subjective opinion. Still wrong because KDE does everything Windows 7 ever could, and Apple has the prettiest but otherwise unremarkable user interface.

Also, good luck getting 4+ monitors working on *nix without tweaking a single thing, windows? no tweaking needed beyond simply dragging the monitor around so it mimics the physical layout.

Actually I am doing just that, with Nvidia drivers and utilities out of the box (plus Synergy to expand multi-monitor configuration for multiple machines).

I love linux, but it is far inferior to windows as a desktop OS unless you're using it for ideological reasons

Oh, the signature of (usually paid) Microsoft apologists everywhere. No wonder, you defend virtualization -- Windows can't compartmentalize the host on its own, and Windows virtual memory, scheduler, and networking can't get any more awful even if it has layers upon layers of virtualization all the way down.

Configuration management + install server

[halfnerd]

Puppet combined with either Foreman or Cobbler

the basics

[bleedingsamurai]

Take a look at debian-installer and preseed, rather simular to kickstart for anaconda based installers, or sysprep for Windows. You can probably push the images out over the network via FTP or NFS.

Then you will want to look at making a local apt mirror or cache depending on your needs, to manage updates and such.

This is at a minimum. NIS or LDAP might also be required if you intend to grow the network.http://linux.slashdot.org/story/12/02/26/1730239/ask-slashdot-how-do-you-install-ubuntu-on-30-laptops-and-keep-them-in-sync#

Live CD/DVD?

[Keruo]

Place the stuff you need on a livecd and give usb sticks to the users if they need storage, remove the hdds entirely during the event, then place hdd back afterwards to reset situation?
Samba/nfs share for storage could work also.

Other solution would be to use G4L to ghost all the laptop hard drives, first to backup them, then to image it with your preinstalled linux stuff.
Then repeat after event to restore original system image, but that would take ~10 days to do, both ways, and you'd need ~5-10Tb space to hold copies of the laptop images.(depending on the size of the original hdds)

There are better sites for this question

[Call+Me+Black+Cloud]

One of the Stack Exchange sites would give you better answers, or at least a set of answers without "frist psot". Take a look at http://serverfault.com/ or even http://askubuntu.com/.

Re:There are better sites for this question

This isn't rocket science and a ton of sysadmins read slashdot (still). There's 2 parts to this: deployment (foreman or cobbler to handle the pxe and kickstart configs) and then configuration management (stuff like puppet, chef or cfenine).

use Clonezilla to make a image

[Joe_Dragon]

use Clonezilla to make a image and just deploy the image to all systems. To make going back easier make a image of the windows install or pull the hdd and just use different HDD's for the event.

Ubuntu Software center sync option

[pllewis]

I've not used it, but Ubuntu 11.10 software center now has a sync option to sync software between computers. https://wiki.ubuntu.com/SoftwareCenter#Comparing_and_syncing_installed_software_between_computers

Are they going to be fixed in place?

[Junta]

If so, you may want to consider yanking the drives and iSCSI booting them. I know at least with Fedora and RHEL/CentOS you can do this, I presume Ubuntu can as well. Set root-path in dhcp in accordance with rfc4173 and boot iPXE. From there take any PXE-capable deployment mechanism and you can proceed without removing or resizing the partitions.

If only 30 and you lack the experience in this area, you may elect to hand tweak an autoinstall situation. I'm not sure if you need to be particularly picky about 'cloning'. In MS it's almost mandatory as so much of the value of an install is in third-party applications. In the ubuntu case all the packages you want are likely already in the distro and debian-installer is really all you need.

All this said, Live usb key is probably the easiest thing. Stock Ubuntu probably suffices...

ltsp with fat clients

Use ltsp https://help.ubuntu.com/community/UbuntuLTSP
Supports fat clients (all aplications run at each laptop).
You only need to install ubuntu in one laptop and let all others boot from the first one with ipxe.
All laptops (apart from the first) are left unchanged.
Very good implementation (solving some minor issues that may arise) used at many greek schools:
https://launchpad.net/sch-scripts (all documentation is in greek)

FAI

[marcosdumay]

Debian (and thus Ubuntu) comes with a Fully Automated Installer (shortened as FAI). Take a look at synaptic, and at its manual.

Re:There is an open source solution

[Smallpond]

It's called take a fucking CS course at your community college or ask on the Ubuntu forums full of dimbulbs who think "ls -a" is a lifehack.

Why would you take a CS course for an Admin problem? I think you don't know the first thing about computers.

Simplest solution

[RedLeg]

Remove the HDs

Boot from a CD (live CD distro), allow user-owned USB drives for persistent storage.

Optionally, customize the live CD to your needs, installing and removing packages to suit the task.

Red

CFEngine?

[mattgick]

http://cfengine.com/ The community edition is open source and available from the Ubuntu repository.

How to

Step 1: Ignore StackOverflow, Ubuntu forums, or other sites that will give more accurate info. Instead ask on a site with people of questionable talent and experience with what you're using.
Step 2: Implement poorly researched solution and fck up the entire project

Re:How to

[dugjohnson]

Hey, I just gave a solution and I've never done this exact thing before, so, uh....wait a minute....never mind.

Ask Canonical

[Quantum_Infinity]

Ask Canonical. If they can't give a good solution, they deserve to fail.

RE: Laptop Management

I recently was in the same bind, with a bunch of desktops instead. I was given the task of backup and restoration of 50 desktops in a Computer Science student lab at the uni I work for. I decided to go the route of a Clonezilla server for backup and restoration. All the machines are Dell Optiplex 755's stock, with Windows 7 and Linux Mint Debian Edition dual boot. They all have 120 gb harddrives. I used an unused 1u server and bought 4 2tb Seagate harddrives off Newegg. The lab is wired with cat 6 and is a gigabit network. On average with the server setup it takes about 10 minutes to image all the machines and about 5 or so to restore them all. The server can do this by taking advantage of multicasting. It's easy to setup and the best thing is it only images the used parts of the harddrives. This means in my case each machine's image with both OS is only around 15-20 gigs. Hope this helps.

Chef

[bigattichouse]

simple - chef:

http://www.opscode.com/chef/

Why not VMs?

[dugjohnson]

I run VMs (different versions of Linux and Windows) on top of a Windows host all the time. Ubuntu won't have much of a performance hit. You can run them using VMPlayer (I did that for months until I finally upgraded to VMWorkstation) and installing is a two step...install VMPlayer, then copy the VM. Just an idea.

Re:Why not VMs?

[Arterion]

Exactly! I may not understand the problem, but if they have working copies of XP, why not set up a VM for VMWare Player, install it on the clients, then copy the VM over.

Seems like a hell of a lot easier than trying to automate changes to hard drive partitions. (Which is an interesting thing to do, though.)

Re:Partimage and just SSH

[vlm]

If you only have 30 machines for one event, puppet/cfengine is overboard. Just set up a passwordless SSH key for root (remember NOT to put the private key on the laptops), and just use a simple script to send the same commands to every laptop.

You forgot error recovery and logging. So PC #25 was rebooting while your script ran... does that make the script fail, perhaps silently? Does that mean all the PCs except #25 are OK, or #25-(end of list) fail? How do you know to rerun the script later? How many times do you have to run it by hand to "make sure" it ran on all machines? You can add logging and some sort of retry mechanism... Just remember that those who try not to use puppet, end up rewriting puppet, just takes a long time and painful bugs. apt-get install puppetmaster on the main and apt-get install puppet on the remotes is just too easy to bother writing a clone of puppet out of shell scripts.

Puppet is much like AFS or LDAP or well, practically any service, the first time you set it up you're all "WTF?" and the second time its no big deal. Google for some tutorials, screencasts... Doing a really halfway job writing it yourself is terrifyingly harder than just using puppet.

Re:Partimage and just SSH

[Antique+Geekmeister]

> Just set up a passwordless SSH key for root

No. If you worked for me and I caught you doing this, I would first write you up for a direct security violation, and if I caught you doing it again I would fire you. Passphrase free keys leave your deployed network vulnerable to anyone who can steal the key from the hacked server, backup, or anyone who manages to walk off with that key by other means. Doing this is as bad, if not worse, than putting a post-it note with the rude password on your desktop monitor.

Setting up an ssh-agent to passphrase wrap such a remote root access key is a basic step. Restricting remote access to the designated management server is another basic step in protecting such a network from root key theft. Throwing such unprotected keys around is unfortunately, a very common practice among systems people who believe that "if they're inside our network, we have much bigger problems". Since these machines are laptops, they will be walking into and out of the network, and it's reasonable to assume that the network will be attacked from a machine inside. Basic security practices, such as system updates, password expiration, and access key handling should all get some attention to protect the network.