Author Topic: Centralised Linux Software Control (Read 888 times)

stuartiannaylor · « **on:** February 07, 2012, 05:51:58 »

Anyone not want to go win clients and Samba4 and have any thoughts on a linux environ.

Please post and throw a few more poll options into the equation.

Personally the combination of a centralised repository in conjunction with a script template manager that is has two levels of control based on the client object and user object should be enough for a SMB environ. Also keeping it very native and simple allows us to keep it open.

I would be very interested in alternatives and how these can be implemented. Please keep the negatives to a minimum unless you can provide conclusive referenced evidence.

Stuart

robb · « **Reply #1 on:** February 07, 2012, 10:37:40 »

I still would like to see a simpler approach, since I fear the options may be a bit heavy on a host where you also run all your other services.
So imo, keep it with an extended local repository, where you can manage your group based application permissions through a website, similar to the current software management we have for zentyal server.
Apt will manage the dependencies for you if you install or de-install packages. Permissions to install will be handled by the sys admin from the web management page on zentyal server.

Userprofiles can be handled by a sabayon-like feature... any things I missed or is this too far fetched?

stuartiannaylor · « **Reply #2 on:** February 07, 2012, 10:46:56 »

I like that idea Robb. I am lost slightly with the sabyon references as I just thought it was another distro and not a mechanisms. Would you post some details?

I don't think the extra work on the host is any problem. Zentyal has Master-Slave LDAP capacity so its modules can be distributed across several servers if you wished. I have a couple of nic's and have three 1GB's bonded for the lan on a singular server that has RAID. So its up to the sysadmin depending on what your running its a matter of partitioning server services or throwing hardware at the solution which is a common decision.

Stuart

stuartiannaylor · « **Reply #3 on:** February 07, 2012, 11:01:49 »

You originally mentioned about a central repo and I have just been toying with the idea that we could provide a lot through simple native methods.
It just struck me that if you control the repo then to certain extents you control the client.

I am going to try and keep to the very basics and keep away from dynamic repo's in the manner of filtering.

OK here goes.

1... A centralised repo cuts down WAN updates drastically.
2... A centralised repo allows you to control the update period of the centralised repo. This means you control client updates.
3... A centralised repo is in local control and this would allow you to provide dynamic packages.
3a... apt-get-install zentyal-this-client based on network objects/groups and a centralised GUI on the server. This would allow a sysadmin to say ok this client is in the admin department the admin depts use ABC applications and zentyal-this-client does the job in one.
3b... apt-get-install zentyal-this-user based on user/groups allows configuration settings and a policy kit for allowed applications for that user.

Just that would make sysadmin a doodle and it would make the provision of a zentyal desktop from PXE or custom ISO boot a matter of blank client to power on and go.

The finer points of software control are important but before we get paralysed by over analysis can we debate the above and other simple alternatives.
If we fail there then maybe some of the items in the poll could provide the solution.

robb · « **Reply #4 on:** February 08, 2012, 10:48:11 »

Here some info on desktop lockdown, profile management etc...

http://live.gnome.org/Sabayon
http://www.scribd.com/doc/77605655/77/Lockdown-with-Sabayon-user-pro%EF%AC%81le-manager-and-Pessulus-lockdown-edi
http://www.ubuntugeek.com/sabayon-manage-multiple-gnome-user-profiles.html

Only thing that concerns me a lot is the lack of development on Sabayon. Last update is from september 2010 and pushed the version to 2.30.2. After that there were only localisation changes and no technical changes....

Another option to look into is Policykit: http://live.gnome.org/PolicyKit However, this project also seems to be dormant...

airtonix · « **Reply #5 on:** May 23, 2012, 02:09:08 »

For a apt-get proxy/cacher please use apt-cacher-ng instead of apt-cacher.

also, please consider puppet... it's looking to be really awesome.

airtonix · « **Reply #6 on:** June 21, 2012, 12:57:20 »

Quote from: robb on February 08, 2012, 10:48:11

Another option to look into is Policykit: http://live.gnome.org/PolicyKit However, this project also seems to be dormant...

Actually PolicyKit is now called PolKit and it's the default policy permission system on ubuntu now.

http://www.freedesktop.org/software/polkit/docs/master/polkit.8.html

Poll

Should the square peg of M$ AD be pushed into the round hole of the Linux Client? What alternatives are out there. A community discussion.