Hi there.
I've modified the article with all the fantastic suggestions by Dale Raby.
Also I've removed the duplicated content and converted the document to ODF,
PDF and txt for people with slow computers or no google account.
Thanks for all and regards.
On Tue, Jun 26, 2018 at 10:45 AM Oliver Gutierrez <ogutierrez@xxxxxxxxxx>
wrote:
> Thank you very much Dale. I'm fixing the whole things you pointed. Almost
> all of them make sense from the IT part. :)
>
> I will finish the modifications maybe today or tomorrown and I will change
> the document to a text document so you can review it better :)
>
> Thanks for your help and your time!
>
> On Sat, Jun 23, 2018 at 4:53 AM Dale Raby <daleraby@xxxxxxxxx> wrote:
>
>> Just put in some suggestions. Your English is better than my Spanish but
>> I found a few minor grammatical errors.
>>
>> The biggest problem I found was that there seems to be a large block of
>> text that is a duplication. The section with the graphics is difficult for
>> me to view with my slow connection here.
>>
>> Google documents are always difficult for me to edit. Google assumes
>> that everyone has very fast connections and modern machines. I have
>> neither. It put me into "suggestion mode", which is actually very clever
>> of them... if only I had a fast connection!
>>
>> Bear in mind, that while I am a native speaker of English and have
>> actually done quite a bit of writing, I am NOT an IT expert. So.... take
>> any suggestions I give you with caution. I could be misunderstanding your
>> intent.
>>
>> I will look at this again tomorrow when I am not half asleep. Neighbor's
>> cattle (Herfords, two heifers, a calf and a 1,200 pound bull) got out onto
>> the road this evening. I and former US Congressman Alan Lasee helped a
>> police officer and the owner get them back into the enclosure. Was quite
>> enough excitement for me!
>>
>> Dale
>>
>> On Fri, Jun 22, 2018 at 4:14 PM, Oliver Gutierrez <ogutierrez@xxxxxxxxxx>
>> wrote:
>>
>>> Thank you very much Mr Raby! Just give me the time to separate it in
>>> sections (so I will need to ad intros and outros for each block) and after
>>> that I will need a review.
>>>
>>> In the meantime, I will give you the access you required :)
>>>
>>> You just need to access the document in this URL
>>>
>>>
>>> https://docs.google.com/document/d/1VpQhEoTXUkrzTxxVLxLED3IkZL_Lj3JptZ5m1FMDRHU/edit?usp=sharing
>>>
>>> Then Google will allow you to ask for document access and I will receive
>>> a notification to give you the permissions.
>>>
>>> If you do that and you see I had not answered or allowed, please tell me
>>> because maybe the notification is lost in my inbox.
>>>
>>> Again thanks.
>>>
>>>
>>> P.D. Swear words in spanish are usually enough to be very communicative
>>> of your current mood :P
>>>
>>> P.D. 2: After trying to send this email again, google asked me to give
>>> automatic access to view the document to recipients, so maybe you will be
>>> able to see it after receiving this.
>>>
>>>
>>> On Fri, Jun 22, 2018 at 4:35 PM Dale Raby <daleraby@xxxxxxxxx> wrote:
>>>
>>>> Senor Gutierrez:
>>>>
>>>> I will be happy to look over your article(s) and address any linguistic
>>>> issues. I speak English quite well, German OK, but my Spanish is
>>>> limited
>>>> to swear words my Puerto Rican roommate taught me during my army days.
>>>>
>>>> I need permission to access your document though.
>>>>
>>>> Dale
>>>>
>>>> On Fri, Jun 22, 2018 at 6:50 AM, Oliver Gutierrez <
>>>> ogutierrez@xxxxxxxxxx>
>>>> wrote:
>>>>
>>>> > Yeah, I can do that. Just give me some time to do it and I can
>>>> separate
>>>> > them into more "atomic" pieces :)
>>>> >
>>>> > Thanks for reviewing!
>>>> >
>>>> >
>>>> > On Fri, Jun 22, 2018 at 2:16 AM Paul Frields <stickster@xxxxxxxxx>
>>>> wrote:
>>>> >
>>>> > > On Thu, Jun 7, 2018 at 1:06 PM Oliver Gutierrez <
>>>> ogutierrez@xxxxxxxxxx>
>>>> > > wrote:
>>>> > > >
>>>> > > > Hi there.
>>>> > > >
>>>> > > > Here it is the Fleet Commander draft article I promised to Paul
>>>> for
>>>> > > review.
>>>> > > >
>>>> > > >
>>>> > > https://docs.google.com/document/d/1VpQhEoTXUkrzTxxVLxLED3IkZL_
>>>> > Lj3JptZ5m1FMDRHU/edit?usp=sharing
>>>> > > >
>>>> > > > Please, tell me whatever change you want to enhance it and as
>>>> English
>>>> > is
>>>> > > > not my mother language, any suggestion, correction etc. is most
>>>> > welcome.
>>>> > >
>>>> > > Hi Oliver,
>>>> > >
>>>> > > There's a LOT of good material here! However, 13 pages is just too
>>>> > > long for a Magazine article. (Although your document looks like it
>>>> > > might duplicate material, and it might be 6.5 pages * 2.) Can you
>>>> > > consider cutting this up into a couple articles? They could run like
>>>> > > this:
>>>> > >
>>>> > > * What is FC and how do you install it?
>>>> > > * Setting up a test environment and showing how to set up a profile
>>>> > >
>>>> > > --
>>>> > > Paul
>>>> > >
>>>> > _______________________________________________
>>>> > Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx
>>>> > To unsubscribe send an email to
>>>> magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>>>> > List Guidelines:
>>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> > List Archives:
>>>> https://lists.fedoraproject.org/archives/list/magazine@
>>>> > lists.fedoraproject.org/message/7DXFRUSQMU3UQCVXLUE67ZZBKPWXPYFX/
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> *Buy my books! The Wives of Jacob, Book I, In the Beginning, The
>>>> Post-Apocalyptic Blacksmith, 777 Bon Mots for Gunslingers and Other Real
>>>> Men, available at most on-line booksellers in multiple formats.Note:
>>>> The
>>>> People of Jacb, Book II, In the Middle is currently being copy-editedand
>>>> should be out soon. Just Google my name for a complete list of my
>>>> work.*
>>>> _______________________________________________
>>>> Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx
>>>> To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives:
>>>> https://lists.fedoraproject.org/archives/list/magazine@xxxxxxxxxxxxxxxxxxxxxxx/message/MY2KH76POZTSXMJCCRB2XZDVMPFM2YMI/
>>>>
>>>
>>
>>
>> --
>>
>>
>> *Buy my books! The Wives of Jacob, Book I, In the Beginning, The
>> Post-Apocalyptic Blacksmith, 777 Bon Mots for Gunslingers and Other Real
>> Men, available at most on-line booksellers in multiple formats.*
>>
>> *Note: The People of Jacb, Book II, In the Middle is currently being
>> copy-editedand should be out soon. Just Google my name for a complete list
>> of my work.*
>>
>>
What is Fleet Commander?
Fleet Commander is a tool for helping with large network deployments. It give control over user profiles to sysadmins.
With Fleet Commander, you can define the desktop settings for every user in your network and make them available for everyone in any machine they log into.
This makes sysadmis life way easier, especially because they don't need to prepare every user laptop with an specific configuration based on the user. The sysadmin just dumps the disk image for that laptop, configures it for the enterprise identity system and that's it. Next time the user logs into that laptop, Fleet Commander will apply the user specific desktop settings without any sysadmin intervention.
In addition, Fleet Commander has been designed to make the process of selecting the settings to be applied a very user friendly task.
Using a live session in a template virtual machine with the same configuration of your enterprise workstations, it can show you a list of configuration changes you made during this session so you can select the ones you want to include in the profile.
How does it work?
Fleet commander is divided into 3 pieces of software that have different functions in the whole process.
On one hand we have the Fleet Commander Admin. This is the main interface you will use to create and manage profiles. From here you can define every profile, what users/groups/hosts/host groups will apply each and the settings that need to be applied to them. Fleet Commander Admin is a Cockpit plugin, so you can access it by using a browser, making it very easy to access from any machine. It works tightly with FreeIPA identity management system to store profile data so it can be made available to the enterprise network.
Also, in every machine on your network, you will need the Fleet Commander client to be installed. As every machine in the enterprise network is connected to FreeIPA, SSSD manages the client side identity system related operations and will get the profile data that applies to the user when he/she logs in. Then the Fleet Commander client applies that configuration for the user and you are done.
The third piece of software is called the Fleet Commander logger. This is a helper software that runs on the template machine so it can log the changes you made to configuration during the live session. It only needs to be installed in the template machine, and it is only activated when you open a live session from Fleet Commander admin.
Now you have my attention. How can I test it?
Fleet Commander packages are included in Fedora, so you can install them using gnome-software or via dnf, but, since Fleet Commander is intended to be used in large network environments, it needs a minimal infrastructure to test it.
The easiest way to have this environment prepared is to install some virtual machines to replicate the services we need, but thanks to Fabiano Fidêncio and a fork of Christian Heimes pki-vagans FreeIPA environment, we have a ready to use environment called fc-vagans where you can test Fleet Commander.
Preparing the test environment
To test Fleet Commander you will need to clone the fc-vagans project:
git clone https://github.com/fleet-commander/fc-vagans.git
Once the repository has been cloned, you just need to run
./setup.sh
This will take care of installing the packages you will need to bring up the virtual machines and setup them to work as a Fleet Commander environment.
When the command finish it will ask you for your password to update your hosts file to make you easier to access the VMs in the environment.
Let us explain what requirements are needed for each part for you to know what is fc-vagans setting up under the hood.
Fleet Commander Admin
Fleet Commander Admin has some requirements in order to work properly:
* You will need a FreeIPA server to to store profile information. That information can be stored, thanks to a plugin developed specifically for desktop profile storage by Alexander Bokovoy, that is called freeipa-desktop-profile.
* The machine on which you execute Fleet Commander admin needs to be part of the enterprise network.
* In order to login into the Cockpit in that machine, the user needs to have administrator rights to be able to store profile data in FreeIPA.
Fleet Commander client
A client machine must be part of the enterprise network and to have Fleet Commander client installed to apply profile configuration at login time.
The template machine
This is the only thing fc-vagans does not set up for you.
You will need a virtual machine (a Fedora one for the sake of simplicity) where you will need to install the Fleet Commander Logger package.
This virtual machine will be used during Live Session to configure the settings we want for a desktop profile.
To install the logger package just run:
sudo dnf install fleet-commander-logger
If you install Fleet Commander Logger in a normal machine, it will not be executed because it checks if it is running in a Fleet Commander Live Session, and if not, it just bails out.
Enable SSH in the host machine
If you want to use the live session feature (believe me, you want to!) you will need to enable the SSH service in your host machine, so Fleet Commander can use libvirt to access the template machine we have previously created. To enable it just execute the following commands
sudo systemctl enable sshd
sudo systemctl start sshd
And now we are ready to go ahead and test fleet commander. Fasten your seatbelts!
Connecting to Fleet Commander
The first step is to login in cockpit. As we told before, you will need to open a browser and head to http://master.ipa.example:9090 where we will be asked for a user and a password. We will need to use the following credentials:
Username: admin
Password: Secret123
Once we have logged in, we can click in Fleet Commander link, on the left sidebar (it is a paper plane icon).
The first time you open Fleet Commander you will see a dialog where you will need to setup the virtual environment host. We will be using our own host machine so we can use the template virtual machine we created in previous steps.
Configure the dialog with the following data:
Make sure you replace MY_USER with your own username. Then click in the “Install public key” button. That will ask us for our user’s password to install the SSH public key to allow fleet commander to connect to your libvirt system through SSH.
Then save the configuration.
Creating your first desktop profile
To create our first profile click the “Add profile” button. It will show a form where you can name the profile and specify the users/groups/hosts/hostgroups the profile will apply to.
Name it “Test Profile” and type “admin” in the field Users. Then click the “Save” button.
You will see our newly created profile in the profile list now, but we need to add the settings we want to the profile. To do that, click the “Edit” button, and now you will see several buttons at the bottom of the form. Click the “Live session” button.
Once you click it, you will get a dialog with the list of virtual machines you have configured. Select the client machine we created in the previous steps and it will boot until it reaches the desktop.
Using the live session to configure profile settings
Now you have booted the template machine, you can start configuring whatever application that uses GSettings to save its preferences.
Fleet Commander also supports saving preferences for LibreOffice, NetworkManager (so you can configure WiFi, VPNs), Firefox and Chromium/Chrome. We are working everyday to add support to other applications and configurations.
Then, if you press the Review button in fleet commander you should see that changes you have done in the review list.
Just select the changes you want to add to the profile and press the Deploy button. That will store the settings into your profile, ready to be applied in your client machine at login time.
Getting the configuration applied
We have created a test profile that will apply to “admin” user and we set some configuration settings we want to be applied to that user at login time.
So, we will login with the admin user into out client machine. On the login screen select the option “not listed here?” and use the admin user credentials:
Username: admin
Password: Secret123
The login process will start and when you get into GNOME desktop, you can check your settings had been applied to the applications.
What happened here?
Having a more in depth look to the process we can resume what has happened with the following graphic:
These are the things happening under the hood:
1. Fleet commander initiates an SSH session with the mathine that contains the libvirt virtual environment with our template machine
2. The template machine is cloned in a temporary VM and we start a SPICE session to that temporary copy. All the changes we do during the session are logged by Fleet Commander Logger and transmitted to Fleet Commander Admin through an special SPICE channel
3. Once we reviewed all the changes, we save the profile with all the settings into the FreeIPA server. The profile is formatted by Fleet Commander Admin and then stored using the FreeIPA desktop profiles plugin.
4. When a client logs in our large network, SSSD asks using LDAP for the profiles that apply to the user that is logging in right now
5. SSSD downloads the applicable profiles to an special directory
6. SSSD Fires Fleet Commander Client using dbus to tell it the profiles are ready for beign applied.
7. Fleet Commander Client compiles the profiles resolving basic conflicts in configuration and generating and placing the files needed by services like dconf to read the profiles configuration for the user.
Conclusion
Fleet Commander is a powerful tool for sysadmins that will help for sure in large desktop deployments. In this article, most of the things we had to do were to setup a base infrastructure to work with, but in real life scenarios, that infrastructure already exists usually, so if we focus in specific fleet commander installation and workflow, it is really easy to install and to use.
On the other hand, Fleet Commander is a very new project that needs your help to grow. We want to hear your thoughts, feedback and contributions to make it a better tool.
Project urls
Fleet Commander: http://fleet-commander.org
Cockpit: http://cockpit-project.org/
LibVirt: https://en.wikipedia.org/wiki/Libvirt
SPICE: https://www.spice-space.org/
FreeIPA: https://www.freeipa.org/page/Main_Page
FreeIPA desktop profile plugin: https://github.com/abbra/freeipa-desktop-profile
SSSD: https://pagure.io/SSSD/sssd/
_______________________________________________
Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/magazine@xxxxxxxxxxxxxxxxxxxxxxx
