Slashdot Mirror
First Alpha of Public Sector Linux Deployment System
New submitter mathiasfriman writes: SverigeLinux (SwedenLinux in Swedish) is a project financed by the Swedish Internet Fund that is developing a Linux deployment system for the public sector. It is based on DebianLAN and has just released its first public early alpha version. This 7 minute video shows how you can deploy up to 100 workstations with minimal Linux knowledge in under an hour, complete with DHCP, DNS and user data in LDAP, logins using Kerberos and centralized storage. The project has a home on GitHub and is looking for testers and developers. Don't worry, no Björgen Kjörgen; it's all in English.
I'll stick with Microsoft Active Directory.
Microsoft Active Directory is a bloated piece of bad software. Replication failures are common. Performance is dismal. Security is poor.
Can someone tell me one advantage of Active directory? Anyone? Hello?
You are in luck then, next issue up is integrating the clients in Active Directory via Realmd.
First, this is not an imaging system, it's an install system which installs mainly Debian based distributions, based on Fully Automatic Installation (fai-project.org). FAI in turn is possible to use with multi-distribution capabilities to install CentOS, Scientific Linux and a few more. As a final twist, this project will also incorporate the possibility to install FOG servers but it is not our primary focus right now.
Apart from that, this seems the sort of project you didn't know you needed until you've seen it done.
How much time do admins, consultants, and contractors waste by re-inventing the wheel when planning, building, and rolling out the umpteeth networked computing infrastructure ?
What's there in the public domain is a jumble of howto's, forums, bits of disjunct knowledge and learning opportunities that one may (over the course of a few years) learn one's way in to become an admin who's able to design an roll out a decent piece of infrastructure.
This is one of the reasons why companies may decide to go with e.g. Microsoft. Less uncertainty in terms of price and ability to meet delivery deadlines. Simply because the people who design and implement the stuff have had time to learn from their wost mistakes, as opposed to the average Linux enthusiast (a definite no-go) or even contractors that set up Linux-based infrastructures (you can bet they use non-standard setups, non-standard tooling, and leave you with a system you probably need them for to maintain efficiently).
This project on the other hand seems to give admins a head-start in implementation and it can serve as a repository of practical know-how.
This kind of stuff makes it easy to set up a whole company infrastructure quickly
I don't see how it can be called bloated, beyond the usual "ZOMG WINDOWS USES XXXXMB OF RAM LOLZZ" stuff.
AD isn't just LDAP, it's a central store for everything management. Yes it holds your authentication details, but it also holds settings for (assuming you use the MS products) DHCP, DNS, Mail, etc. Want a new DC to avoid SPOF? Install Windows, install the role, promote. All the settings are copied down automatically and you're redundant. You've also got the concept of sites, which certain domain controllers handle, so workstations know where to find their local DC. Also, subdomains, so you can hand off sections of the environment to other people - think company divisions (dev.corp.net) or even countries (us.corp.net). It's all GUI and PowerShell controllable these days too.
As for replication failures, yes they happen, as it will with anything that depends on replication. Disagree with them being common though - I've seen one in just over 15 years. We deleted the VM, made a new one on a new name, ran a clean up tool and carried on.
I am a viral sig. Please copy me and help me spread. Thank you.
I'm sorry, but you got me laughing at this point. Have you looked at MS server licencing at all? There's a good reason that there's a third party "for dummies" book.
If people are just using it for LDAP, then they're doing it wrong :/
Why not just use OpenLDAP or whatever in that case? The whole benefit of AD comes from putting everything in it. There's no masters or slaves, just two way replication partners.
I understand the complaint about Exchange, but it is a HUGE system that can do a lot more than just MTA as you say.
I am a viral sig. Please copy me and help me spread. Thank you.
..This is one of the reasons why companies may decide to go with e.g. Microsoft. Less uncertainty in terms of price and ability to meet delivery deadlines..
For your consideration, I was going to present you with a breakdown of the IT structure in place at my current place of employ, alas, I can't be bothered, I've heard all this crap before and am tired trying to explain why it's so wrong.
Our main IT system is all Microsoft based, all set up by highly paid external certified consultants, and isn't worth shit, trying to detail all the fuckups they've had with it would take pages, suffice to say, the bit that I really, really have to laugh at was your '..Less uncertainty in terms of price and ability to meet delivery deadlines.' bit. None of their planned upgrades of the servers and desktops have run smoothly, to budget, or to schedule. My particular sections planned upgrade is now 6 months behind 'deadline'..
..Simply because the people who design and implement the stuff have had time to learn from their wost mistakes, as opposed to the average Linux enthusiast (a definite no-go) or even contractors that set up Linux-based infrastructures (you can bet they use non-standard setups, non-standard tooling, and leave you with a system you probably need them for to maintain efficiently).
Wait, what? seriously?, It's really sad that you seem to believe all that is true..in my 20+ years experience the biggest bunch of shyster-hucksters I've come across in the IT world are MCxx qualified consultants, I really shouldn't complain though, I managed to make quite a bit by fixing their mistakes...not bad, then again, I'm probably not your 'average Linux enthusiast'.
Contractors, whatever flavour of system they're setting up, Linux or otherwise, are usually bad news. If a company has gone down the 'let's employ externals to implement our IT' it means either the management are technophobes, or they don't trust their own IT people, in which case, the contractors know this and have a license to print money by installing the most borked setups imaginable (I should know, I've had to untangle quite a few 'job creation schemes' from setups over a couple of decades..I'm currently watching an experienced Windows guy trying to unravel such a setup now, he's been at it for a couple of months..a complete reinstall is not an option)
Do you know what's most annoying about the above?, most of the people I've known in the past who've run Linux/Unix servers have all supported their corporate windows servers as well (myself included). We may be, as you put it, 'Linux enthusiasts', this doesn't mean we've never seen (or had to fix/work around) the 'worst mistakes' of borked windows systems.
You know you're in for a fun day when you pop open a cmd window on a Win2k3 server in front of its admin and run something with command line switches he never knew existed..and I'm not even doing IT support as a job these days..
Interestingly, your point about consultants and developers having had the time to learn from their mistake was a point made against MS not that long ago. MS switched their technologies and APIs so fast that developers had at best a few years of experience, since that's how long each iteration lasted. In contrast, a lot of stuff I picked up about X11 in the 90s is still valid.
Open source can be a bit of a jumble. We have had some experience with solutions based on a number of FOSS products working together (in many cases, one has to rely on additional modules or bits of software written by different communities). Which is fine until one of those products is no longer being developed further. Your NTLM-based SSO module doesn't work with the Kerberos based system the company is switching to, and the devs have long gone. But that doesn't really have to be a problem. If you know you'll have to replace a FOSS component, you start looking for a replacement. Worst case scenario: you pay someone to develop a new version for you, which rarely is a major effort. It's a problem when it is a surprise and it breaks things. Because then the responsible manager does not have a vendor to shout at.
That ties in to the cost element as well. Estimating price and timelines for MS-based projects is reasonably well understood and not more inaccurate than in other projects, in my experience. But to what degree do you favour predictability over a (much) lower cost? As an example: Sharepoint.
My client (a large multinational) rolled out Sharepoint and is gradually replacing other systems with it: document management, team collaboration spaces, web content management, discussion forums, and the company Wiki. Some of the software SP is replacing was over 15 years old, but it had some good qualities: it was designed to scale up as well as down, to run in a multi-tiered organisation with delegated administrative responsibilities, and though (or because) it was not all-singing-all-dancing web 3.0 ultra-integrated software, it performed well with a minimum of maintenance and ran on pretty light hardware. TCO was low, and most change requests could be executed on the cheap as well.
Now there is Sharepoint. The cost of implementation (including migration from the older platforms) would feed a small nation for a year. It requires much beefier hardware and an army of consultants: lift a floor tile in any of the datacenters and you'll see a few Sharepoint guys scuttle off. Maintenance is at least an order of magnitude more expensive. And functionally, it only offers the very barest of any of the solutions it replaced. What it does do well is integration between functions and with Office, and workflow... but compared to all the other stuff, I consider those to be nice-to-haves.
There's the problem: Sharepoint was too easy a choice for management. A one stop shop, well understood cost structure, a traditional big iron approach to run the project, and someone to blame when things go south. And the sexy integration with Office of course. However, if they would have looked into FOSS solutions for CMS, Forums, Wikis and team sites, and selected a tried and true document management system from a vendor who knows what document management is, they would have saved time, saved a ton of money, had less disappointment and frustration from the rank-and-file, and enjoyed a much lower TCO. What they would miss is integration between all of these functions, but you know what? They are not that important.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I think he was talking about SMS and at least SCCM 2007. I work in a 100,000+ environment with over 300 DPs on varying links from fast to abysmally slow satellite and yeah package replication can be annoying. Usually have to refresh a couple DPs a month. Not a huge deal except when it is part of a task sequence and someone tries to migrate a couple hundred machines overnight.
So, how's this SverigeLinux thing different from upstream FAI? Sounds like Debian plus some default configs. I've used FAI with both Debian and Ubuntu for many years (actually at a Swedish government institution) and your web site doesn't really explain what you're doing and how it improves what's already there.
The FAI in SverigeLinux is the same as the FAI in Wheezy, what we've added is the config directory which installs OpenLDAP, Kerberos, centralized home directories mounted via NFS4 over kerberos, FusionDirectory for LDAP management of user-, DNS- and DHCP-settings, Icinga and Munin for monitoring, Roundcube for webmail, OwnCloud for cloud storage, dirvish for backup and some more stuff. The server can also replicate itself so that you can install an exact copy of the mainserver. :)
The whole idea is that you won't need to spend a couple of months implementing the system with all these components, testing the setup and running into a myriad of problems before getting it right. It's just there from the beginning, tailored with your own domain name and your own IP-series if you so please. Think of it as the dcpromo of the Linux world, sort of. Please, feel more than free to contact me, if you're a long time FAI user we could definitely use your skills.
It's the best tool for the job if you want to run a Windows network? Seriously, it's not like you decide management tools and let your platform/applications revolve around that. This is the step after you've convinced everyone to give up Outlook/Exchange and Word, accounting to give up Excel, PHBs to give up Powerpoint, design/marketing to give up Photoshop and every other bit of Windows-only software they got and your server admins ask "So what's our replacement for AD?" and they're going to ask you if it has features X, Y and Z just like the others did.
My guess is that every argument you just said will be met with a shrug and "It seems to work just fine for us, don't know what you're talking about. So how do we push a group policy to all clients in Linux?" and if your best answer is to write a script to ssh into each box and patch a configuration file they'll just roll their eyes and say "Linux does not have the necessary management features we need" and you've got one more group added to the list of migration opponents. Contrary to the *nix philosophy, I've yet to meet anyone happy to replace one tool with five, even if each is arguably a bit better. Swiss army knifes works quite well in the real world.
Live today, because you never know what tomorrow brings
I'm not sure who you take a swing at here, but the decision to make this an english "product" at this stage is because we thought it would appeal to a larger crowd. If you want some swedish to sift through I can throw in the project description for good measure:
https://www.internetfonden.se/...
Also, it is quite trivial to add multilingual support to the parts that matter. Most of the documentation that I'm writing for the system is however in swedish for this first phase of the project.
If I'd happen to work in the Swedish puvblic sector, what I'd want to know first is:
does it run systemd?
I didn't know CloneZilla had centralized user management and data storage as well as DNS, DHCP services?
""Don't worry, no BjÃrgen KjÃrgen; it's all in English."
Nobody outside your psicotic circles worries about the richness of humanity having more languages than just English."
I do.
It could probably been said in a more "politically correct" way and, me myself being Spanish, have my own concerns about English being the "common trade" language of the world (as it has been French, German, Spanish, Latin... in the past), but I applaud the project being set in English instead of Finn, since it'll reach a greater audience (me, for one). Using English is not so Americans can benefit of it, but in order for everybody to do so.
You use a configuration management system (puppet,chef,cfengine,ansible). But yes AD is a very comprehensive suite of pre-selected tools known to work together.