John Summerfied wrote:
Philip Prindeville wrote:
I was wondering what would be involved in adding steps to
a build DVD where additional per-user customization is done.
I would not be installing off optical media. I would install off the
network.
Since the company does a poor job of tracking which PC's
(and their associated MAC addresses) are given out to which
users (new hires especially), it's hard to discover (via LDAP
queries, for instance) what user name owns a PC, what resources
should be preconfigured on it (such as SMB share volumes, etc).
So I was thinking of adding a step where a pop-up (or series of
pop-ups) prompts the user for things like:
* his AD domain;
* his AD username (different from his UNIX name);
* his AD password;
* his desired MS networking shares;
* his Wifi SSIDs and associated Radius information
etc, etc.
Is there an easy way to do this? Are there any examples out
there of someone doing this?
Would it be something that could be easily added into
Anaconda via script-extensions?
Is it acceptable for the person who places the box in the target
location and plugs it in to also boot it and make some configuration
choices?
It depends. The disk serves to purpose. Restoring a clobbered machine
for an existing (and experienced) user. Or doing a first-time install for a
new hire who can't find his posterior with both hands.
In the latter case, the more turn-key, the better.
I've not timed an install on current hardware, but I used to install
RHL 7.3 in under 15 minutes off a LAN.
The read rates on a DVD are comparable to network speeds (realistically).
I think you're more limited by processing and local disk writes... On a
Dell
L610, an install takes 20-25 minutes.
But I'm also installing a fair number of packages. Which reminds me of
a couple of issues. (a) is there an easy way to figure out what package
group an individual package belongs to in an automated way, (b) does
the package name have to occur immediately after the group it
belongs to for inclusion/exclusion? (i.e.:)
@base-x
-sendmail-cf
and (c) how do you force a package to be omitted, even if something
else depends on it? For instance, NetworkManager requires
wpa_supplicant, but the wpa_supplicant on FC5 doesn't support
madwifi (the Atheros chipset that some of our laptops use)... so I
don't want to install it... (arguably, NetworkManager should be
able to install on a machine that doesn't have wireless PERIOD
without requiring wpa_supplicant... but that's another issue)... but
I do want to set up the ATrpms repository and pull down their
version of wpa_supplicant and install that instead.
On a slightly off-topic sidebar: I've noticed that yum will grab
the latest version of a package, regardless of the kernel you are
using... For instance, if I'm running kernel.2.6.16-1.2096_FC5,
it will still grab "kernel-devel.2.6.16-1.2211_FC5" if that's the
latest. Similarly for madwifi-kmdl packages, etc. Is that supposed
to be how it works? Seems broken.
I might, for instance, have 2211 installed, but have the "default=n"
in my /boot/grub/grub.conf file always boot me into an older and
more stable version of the kernel... so grabbing the latest sources
isn't the best thing to do. When there's a kernel dependency, it
should match the kernel you're running. Not the highest kernel
on your machine. If you want to grab the version for the highest
kernel, then reboot into that kernel, and then run yum... I./e.
grabbing `uname -r` should be the default behavior.
Anaconda isn't the only way to deploy Linux, there are also
third-party solutitions such as System Imager which is based on the
notion you install one system, get it "just so," and then clone it.
Unfortunately we use more than one type of computer... Ideally the
scripts will detect the computer type and customize themselves...
which makes me think that having lspci or dmidecode run and pass in
environment variables for the motherboard, etc. would be cool... and
avoid having the user have to parse that all out himself... And in
different groups, different people have different software installed
depending on their role.
I can imagine different groups having different software requirements;
those could be handled in Anaconda by loading custom ks files from a
web server, and the web server could use CGI (or similar) to generate
the appropriate setup:
ks=http://ks.example.com/cgi/redfish.ks?department=accounts&essid=watsit&wep=s:bigsecret
or whatever
Or by looking up the MAC address => user name => user requirements/
user profile in LDAP as I mentioned previously.
Note that wireless (and lots of other) configuration (and extra
packages) can be don in %post using tools such as sed, cp, mv and
grep. If you need to ask questions, look at dialog and xdialog (there
may be more variants too).
Couldn't find xdialog... I guess it's not part of the FC5 distro.
Anyone have any examples of using either? I suppose python+gtk
could also be used...
btw I'd be reluctant to put user-specific information on a machine
(except a laptop): access to network facilities should require a
network (such as LDAP/AD) signon. On Windows, we have users' home
directories on a server, and they're cached on the PC the user logs in
on. If they use a different PC next time, that's fine.
Unfortunately, these laptops go "off campus" to homes, airports, customer
sites, etc.
Well, some user-specific information is going to be required to access the
corporate network if the user is off-campus at the time and wants to access
the Intranet via VPN, or SSL, etc.
Which reminds me: we use Squid on-campus, and have proxy settings that
have to go into a dozen different places (wget, yum, Firefox, Thunderbird,
Opera, Evolution, etc). Why hasn't some bright spark come up with a
standard Linux/Freebsd libproxy.so that uses a single set of system-wide
settings and patch all of these applications to use it?
It's one of the few things that Windows does right...
Network settings are a SYSTEM-WIDE state, after all, not a per-application
state.
Boy, I'm all over the place today, aren't I?
-Philip