I was wondering what would be involved in adding steps to a build DVD where additional per-user customization is done.
Since the company does a poor job of tracking which PC's (and their associated MAC addresses) are given out to which users (new hires especially), it's hard to discover (via LDAP queries, for instance) what user name owns a PC, what resources should be preconfigured on it (such as SMB share volumes, etc). So I was thinking of adding a step where a pop-up (or series of pop-ups) prompts the user for things like:
* his AD domain; * his AD username (different from his UNIX name); * his AD password; * his desired MS networking shares;
* his Wifi SSIDs and associated Radius information
etc, etc.
Is there an easy way to do this? Are there any examples out there of someone doing this?
Would it be something that could be easily added into Anaconda via script-extensions?
-Philip
On Thu, 2006-05-25 at 11:12 -0600, Philip Prindeville wrote:
I was wondering what would be involved in adding steps to a build DVD where additional per-user customization is done.
Would it be something that could be easily added into Anaconda via script-extensions?
I'd personally say keep this stuff out of anaconda - and use firstboot modules for this.
Paul
On 5/25/06, Paul Nasrat pnasrat@redhat.com wrote:
I'd personally say keep this stuff out of anaconda - and use firstboot modules for this.
Hi Paul, Is there any example to show firstboot customization ? I would like to add somme aditional step for user's settings but I dont known hwo to do that.
Thank you in advance,
On Thu, 2006-05-25 at 15:49 -0400, VnPenguin wrote:
On 5/25/06, Paul Nasrat pnasrat@redhat.com wrote:
I'd personally say keep this stuff out of anaconda - and use firstboot modules for this.
Hi Paul, Is there any example to show firstboot customization ? I would like to add somme aditional step for user's settings but I dont known hwo to do that.
Just drop a suitable module into /usr/share/firstboot/modules/ and firstboot will use it. Check out the existing firstboot modules for examples.
- Panu -
Paul Nasrat wrote:
On Thu, 2006-05-25 at 11:12 -0600, Philip Prindeville wrote:
I was wondering what would be involved in adding steps to a build DVD where additional per-user customization is done.
Would it be something that could be easily added into Anaconda via script-extensions?
I'd personally say keep this stuff out of anaconda - and use firstboot modules for this.
Paul
Alas, by the time the first boot has happened, it might be too late to make certain choices/changes...
-Philip
On Thu, 2006-05-25 at 14:28 -0600, Philip Prindeville wrote:
Alas, by the time the first boot has happened, it might be too late to make certain choices/changes...
Why? Modern anaconda development has moved to choosing sensible defaults and then pushing decisions to firstboot. What precisely can you not do - see for example system-config-securitylevel's firstboot module that can enable selinux, set firewall rules, etc.
Paul
Paul Nasrat wrote:
On Thu, 2006-05-25 at 14:28 -0600, Philip Prindeville wrote:
Alas, by the time the first boot has happened, it might be too late to make certain choices/changes...
Why? Modern anaconda development has moved to choosing sensible defaults and then pushing decisions to firstboot. What precisely can you not do - see for example system-config-securitylevel's firstboot module that can enable selinux, set firewall rules, etc.
Paul
Well, you might need to set up a VPN tunnel from outside the corporate intranet to be able to do any package customization or updates before the initial install completes.
-Philip
Philip Prindeville wrote:
Paul Nasrat wrote:
On Thu, 2006-05-25 at 14:28 -0600, Philip Prindeville wrote:
Alas, by the time the first boot has happened, it might be too late to make certain choices/changes...
Why? Modern anaconda development has moved to choosing sensible defaults and then pushing decisions to firstboot. What precisely can you not do - see for example system-config-securitylevel's firstboot module that can enable selinux, set firewall rules, etc.
Paul
Well, you might need to set up a VPN tunnel from outside the corporate intranet to be able to do any package customization or updates before the initial install completes.
Directly to eash particular machine? Having VPNs to each machine sounds complicated to me. A VPN per OU maybe.
Philip Prindeville wrote:
I was wondering what would be involved in adding steps to a build DVD where additional per-user customization is done.
I would not be installing off optical media. I would install off the network.
Since the company does a poor job of tracking which PC's (and their associated MAC addresses) are given out to which users (new hires especially), it's hard to discover (via LDAP queries, for instance) what user name owns a PC, what resources should be preconfigured on it (such as SMB share volumes, etc). So I was thinking of adding a step where a pop-up (or series of pop-ups) prompts the user for things like:
his AD domain;
his AD username (different from his UNIX name);
his AD password;
his desired MS networking shares;
his Wifi SSIDs and associated Radius information
etc, etc.
Is there an easy way to do this? Are there any examples out there of someone doing this?
Would it be something that could be easily added into Anaconda via script-extensions?
Is it acceptable for the person who places the box in the target location and plugs it in to also boot it and make some configuration choices?
I've not timed an install on current hardware, but I used to install RHL 7.3 in under 15 minutes off a LAN.
Anaconda isn't the only way to deploy Linux, there are also third-party solutitions such as System Imager which is based on the notion you install one system, get it "just so," and then clone it.
I can imagine different groups having different software requirements; those could be handled in Anaconda by loading custom ks files from a web server, and the web server could use CGI (or similar) to generate the appropriate setup: ks=http://ks.example.com/cgi/redfish.ks?department=accounts&essid=watsit&am... or whatever
Note that wireless (and lots of other) configuration (and extra packages) can be don in %post using tools such as sed, cp, mv and grep. If you need to ask questions, look at dialog and xdialog (there may be more variants too).
btw I'd be reluctant to put user-specific information on a machine (except a laptop): access to network facilities should require a network (such as LDAP/AD) signon. On Windows, we have users' home directories on a server, and they're cached on the PC the user logs in on. If they use a different PC next time, that's fine.
John Summerfied wrote:
Philip Prindeville wrote:
I was wondering what would be involved in adding steps to a build DVD where additional per-user customization is done.
I would not be installing off optical media. I would install off the network.
Since the company does a poor job of tracking which PC's (and their associated MAC addresses) are given out to which users (new hires especially), it's hard to discover (via LDAP queries, for instance) what user name owns a PC, what resources should be preconfigured on it (such as SMB share volumes, etc). So I was thinking of adding a step where a pop-up (or series of pop-ups) prompts the user for things like:
his AD domain;
his AD username (different from his UNIX name);
his AD password;
his desired MS networking shares;
his Wifi SSIDs and associated Radius information
etc, etc.
Is there an easy way to do this? Are there any examples out there of someone doing this?
Would it be something that could be easily added into Anaconda via script-extensions?
Is it acceptable for the person who places the box in the target location and plugs it in to also boot it and make some configuration choices?
It depends. The disk serves to purpose. Restoring a clobbered machine for an existing (and experienced) user. Or doing a first-time install for a new hire who can't find his posterior with both hands.
In the latter case, the more turn-key, the better.
I've not timed an install on current hardware, but I used to install RHL 7.3 in under 15 minutes off a LAN.
The read rates on a DVD are comparable to network speeds (realistically).
I think you're more limited by processing and local disk writes... On a Dell L610, an install takes 20-25 minutes.
But I'm also installing a fair number of packages. Which reminds me of a couple of issues. (a) is there an easy way to figure out what package group an individual package belongs to in an automated way, (b) does the package name have to occur immediately after the group it belongs to for inclusion/exclusion? (i.e.:)
@base-x -sendmail-cf
and (c) how do you force a package to be omitted, even if something else depends on it? For instance, NetworkManager requires wpa_supplicant, but the wpa_supplicant on FC5 doesn't support madwifi (the Atheros chipset that some of our laptops use)... so I don't want to install it... (arguably, NetworkManager should be able to install on a machine that doesn't have wireless PERIOD without requiring wpa_supplicant... but that's another issue)... but I do want to set up the ATrpms repository and pull down their version of wpa_supplicant and install that instead.
On a slightly off-topic sidebar: I've noticed that yum will grab the latest version of a package, regardless of the kernel you are using... For instance, if I'm running kernel.2.6.16-1.2096_FC5, it will still grab "kernel-devel.2.6.16-1.2211_FC5" if that's the latest. Similarly for madwifi-kmdl packages, etc. Is that supposed to be how it works? Seems broken.
I might, for instance, have 2211 installed, but have the "default=n" in my /boot/grub/grub.conf file always boot me into an older and more stable version of the kernel... so grabbing the latest sources isn't the best thing to do. When there's a kernel dependency, it should match the kernel you're running. Not the highest kernel on your machine. If you want to grab the version for the highest kernel, then reboot into that kernel, and then run yum... I./e. grabbing `uname -r` should be the default behavior.
Anaconda isn't the only way to deploy Linux, there are also third-party solutitions such as System Imager which is based on the notion you install one system, get it "just so," and then clone it.
Unfortunately we use more than one type of computer... Ideally the scripts will detect the computer type and customize themselves... which makes me think that having lspci or dmidecode run and pass in environment variables for the motherboard, etc. would be cool... and avoid having the user have to parse that all out himself... And in different groups, different people have different software installed depending on their role.
I can imagine different groups having different software requirements; those could be handled in Anaconda by loading custom ks files from a web server, and the web server could use CGI (or similar) to generate the appropriate setup: ks=http://ks.example.com/cgi/redfish.ks?department=accounts&essid=watsit&am...
or whatever
Or by looking up the MAC address => user name => user requirements/ user profile in LDAP as I mentioned previously.
Note that wireless (and lots of other) configuration (and extra packages) can be don in %post using tools such as sed, cp, mv and grep. If you need to ask questions, look at dialog and xdialog (there may be more variants too).
Couldn't find xdialog... I guess it's not part of the FC5 distro.
Anyone have any examples of using either? I suppose python+gtk could also be used...
btw I'd be reluctant to put user-specific information on a machine (except a laptop): access to network facilities should require a network (such as LDAP/AD) signon. On Windows, we have users' home directories on a server, and they're cached on the PC the user logs in on. If they use a different PC next time, that's fine.
Unfortunately, these laptops go "off campus" to homes, airports, customer sites, etc.
Well, some user-specific information is going to be required to access the corporate network if the user is off-campus at the time and wants to access the Intranet via VPN, or SSL, etc.
Which reminds me: we use Squid on-campus, and have proxy settings that have to go into a dozen different places (wget, yum, Firefox, Thunderbird, Opera, Evolution, etc). Why hasn't some bright spark come up with a standard Linux/Freebsd libproxy.so that uses a single set of system-wide settings and patch all of these applications to use it?
It's one of the few things that Windows does right...
Network settings are a SYSTEM-WIDE state, after all, not a per-application state.
Boy, I'm all over the place today, aren't I?
-Philip
Philip Prindeville wrote:
It depends. The disk serves to purpose. Restoring a clobbered machine for an existing (and experienced) user. Or doing a first-time install for a new hire who can't find his posterior with both hands.
In the latter case, the more turn-key, the better.
Both can be set up off the network. The network won't suffer from versions you wish you never released, once you fix the problem.
I've not timed an install on current hardware, but I used to install RHL 7.3 in under 15 minutes off a LAN.
The read rates on a DVD are comparable to network speeds (realistically).
I think you're more limited by processing and local disk writes... On a Dell L610, an install takes 20-25 minutes.
That sounds slow to me.
But I'm also installing a fair number of packages. Which reminds me of
As did I.
a couple of issues. (a) is there an easy way to figure out what package group an individual package belongs to in an automated way, (b) does the package name have to occur immediately after the group it belongs to for inclusion/exclusion? (i.e.:)
@base-x -sendmail-cf
I've never noticed any problem with ordering. However, latest Anaconda has had radical surgery such that my experience isn't relevant.
and (c) how do you force a package to be omitted, even if something else depends on it? For instance, NetworkManager requires wpa_supplicant, but the wpa_supplicant on FC5 doesn't support madwifi (the Atheros chipset that some of our laptops use)... so I don't want to install it... (arguably, NetworkManager should be able to install on a machine that doesn't have wireless PERIOD without requiring wpa_supplicant... but that's another issue)... but I do want to set up the ATrpms repository and pull down their version of wpa_supplicant and install that instead.
I think that's supposed to work, if not with the current latest Anaconda, then with a near future version.
On a slightly off-topic sidebar: I've noticed that yum will grab the latest version of a package, regardless of the kernel you are using... For instance, if I'm running kernel.2.6.16-1.2096_FC5, it will still grab "kernel-devel.2.6.16-1.2211_FC5" if that's the latest. Similarly for madwifi-kmdl packages, etc. Is that supposed to be how it works? Seems broken.
I don't think the running kernel should be a factor. What if I install a new kernel and some other stuff prior to booting the new kernel?
Anaconda isn't the only way to deploy Linux, there are also third-party solutitions such as System Imager which is based on the notion you install one system, get it "just so," and then clone it.
Unfortunately we use more than one type of computer... Ideally the
Shouldn't matter. Gernerally, all drivers get installed and {re}configuration is done at (or after with hotpluggable stuff) boot time.
There may be some concerns with third-party (eg ATi an nvida graphics) drivers, and where there are choices to be made between alternatives, and disparate network devices where you have (eg) multiple NICs, but mostly I expect any disk to work in pretty much any computer that will run the kernel.
scripts will detect the computer type and customize themselves... which makes me think that having lspci or dmidecode run and pass in environment variables for the motherboard, etc. would be cool... and avoid having the user have to parse that all out himself... And in different groups, different people have different software installed depending on their role.
You can have an array of golden images, oe a standard set of additions.
I can imagine different groups having different software requirements; those could be handled in Anaconda by loading custom ks files from a web server, and the web server could use CGI (or similar) to generate the appropriate setup: ks=http://ks.example.com/cgi/redfish.ks?department=accounts&essid=watsit&am...
or whatever
Or by looking up the MAC address => user name => user requirements/ user profile in LDAP as I mentioned previously.
Use of MAC address, seems to me, prone to error and to require more work than is sensible.
If you have a "box" of peecees available from which you dispatch one to the user, then the IP address it gets on booting _can_ identify where it is (depends on network topology) and so inform the choice of software: if it's not on Accounting's network it doesn't get Accounting's software
Remember, the Mac address identifies a network interface card, not a computer, and a computer may have no NICs, and it may have several. Further, and omboard NIC may be unused (some mobos have more than one, or it may have failed and be replaced with a card).
btw If you examine the boot disk, you will probably find it's not very difficult to start Anaconda yourself. I imagine you could have a preliminary procedure that allows a users to identify themselves in the usual way, maybe provide further info regarding special requirements, use that info for them to "save to disk" a kickstart file.
For simplicy, a web interface featuring links (which does graphics on framebuffer devices and which is _not_ shipped in FC) or elinks (which only does text and is the browser you get when you start "links" in FC) could be used in conjunction with a web app.
Note that wireless (and lots of other) configuration (and extra packages) can be don in %post using tools such as sed, cp, mv and grep. If you need to ask questions, look at dialog and xdialog (there may be more variants too).
Couldn't find xdialog... I guess it's not part of the FC5 distro.
Anyone have any examples of using either? I suppose python+gtk could also be used...
Debian uses dialog and its kin extensively. RH uses (or used to use) NEWT but when I looked, documentation was scarce.
If you're building a customised distro, adding the rpms shouldn't be hard.
I suppose you could use GTK if you can guarantee a GUI environment.
btw I'd be reluctant to put user-specific information on a machine (except a laptop): access to network facilities should require a network (such as LDAP/AD) signon. On Windows, we have users' home directories on a server, and they're cached on the PC the user logs in on. If they use a different PC next time, that's fine.
Unfortunately, these laptops go "off campus" to homes, airports, customer sites, etc.
Well, some user-specific information is going to be required to access the corporate network if the user is off-campus at the time and wants to access the Intranet via VPN, or SSL, etc.
You need to identify the laptop before allowing it to access the coporate network, but never assume that identifying the laptop is the same as identifying the user.
Which reminds me: we use Squid on-campus, and have proxy settings that have to go into a dozen different places (wget, yum, Firefox, Thunderbird, Opera, Evolution, etc). Why hasn't some bright spark come up with a standard Linux/Freebsd libproxy.so that uses a single set of system-wide settings and patch all of these applications to use it?
We use Squid, and we use transparent proxy. Our Linux and Mac machines don't need any proxy settings.
For reasons I don't understand. IE doesn't always work with my settings, but I can use AD to enforce proxy settings on Windows.
anaconda-devel@lists.fedoraproject.org
-
John Summerfied -
Panu Matilainen -
Paul Nasrat -
Philip Prindeville -
VnPenguin