Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.
Launchpad Entry: edubuntu-mass-maintenance
Edubuntu is often used in situations with large numbers of systems and users; we will provide tools to maintain these large networks.
Maintaining 10.000 thin clients, 17.000 desktops/laptops, and 80.000 users dispersed over 10.000 square kilometers is very difficult with the tools currently provided in Edubuntu.
- Matt has 14 Edubuntu servers in 11 different schools, and his VPN connection to these schools is unreliable. He frequently installs applications by request, and realizes that all the servers should have these applications. He can use the Edubuntu mass system maintenance tool to ensure that configuration changes are applied to these systems.
- Mart has 14 Edubuntu laptops in one school, and teachers are constantly carrying the laptops around and taking them home. He frequently installs applications and configures network printers by request, and realizes that all the other laptops should also have these changes applied. He can use the Edubuntu mass system maintenance tool to ensure that these configuration changes are applied to all the laptops without his needing to chase them all down.
- Mort administers 1000 Edubuntu servers in 1000 classrooms throughout Chile, and 35% of these systems have Internet connectivity for only 11 hours per day on average. In addition, 763 of the teachers in these schools have Edubuntu laptops. Mort is responsible for ensuring that all these systems are configured properly for the printers in their buildings, that they have all the correct media packages installed, and that the mode of /usr/bin/pidgin allows only teachers execution privileges. Mort is very happy that the Edubuntu team has provided a mechanism to manage all these details on all these systems!
- Mary's team administers 100k Edubuntu servers, desktops, and laptops for all the schools in her country. This seems like an insane task, except for the Edubuntu mass system maintenance tool! With this tool Mary's team has complete and secure control over every aspect of the configuration of each of these systems, even though each system may be running, off, booting, in transport, being repaired, or in a subway tunnel at any given moment.
- Maggie administers an Edubuntu server with 35.785 user accounts. She is thrilled that she can use the Edubuntu mass user maintenance tool to import, modify, and delete these users in large groups.
- Administrators who make use of the mass maintenance tools in hardy should have a relatively high level of expertise. These are not necessarily point-and-click easy.
- The goal is to make/keep the easy things easy, and make the hard things possible. e.g., the complexity of using the tools should scale with the number of systems/users being maintained.
We will choose existing tools and polish them for hardy if possible.
Mass machine maintenance
The server team will discuss the actual tool that will be provided and edubuntu will follow their decision if large scale deployments can actually be handled by their suggested tool. During discussion user feedback of edubuntu users was collected and several tools were discussed. In the case that the server team cannot come up with a proper solution a selection of tools was reviewed as seen below. In this case tendency goes towards inclusion puppet on the edubuntu CD. Upstream is keen to work close with us and to try to have a 1.0 version by feature freeze of 8.04.
For mass system maintenance, puppet seems to be the tool of choice.
- cfengine was considered and rejected
bcfg2 was briefly discussed. It seems solid but less powerful than puppet.
- Canonical's "Landscape" intersects with this area but cannot be the primary solution for Edubuntu.
- The Landscape developers are considering integration with puppet.
- puppet is currently packaged in universe; the packages (client and server) are good.
- The Ubuntu server team was represented in the BoF and is open to including puppet in main.
- puppet has not released version 1.0 yet, and is still moving quickly. Luke Kanies (upstream) participated in our BoF and said a 1.0 release may be available by hardy feature freeze, but no promises were made.
ogra will monitor the puppet & puppetmaster packages in universe to see if puppet matures sufficiently in time to move into main before hardy feature freeze.
Mass user maintenance
The server team plans to provide an LDAP based user authentication mechanism, edubuntu will use this implementation. In schools and municipalities user lists are often maintained in spreadsheet tables or office documents. For imports and exports of such existig user data the migrationtools package will be put on the edubuntu CD, it provides all needed scripts and tools to import and export user lists into or out of LDAP servers.
As UI for the user authentication server ebox was suggested by the server team, it will be maintained and deployed as the default webbased UI for server administration in the ubuntu-server installs, edubuntu will follow their suggestion. Ebox is capable of running the LDAP plugin it offers as a standalone service to run locally on the LDAP server so LDAP administration is easily accessible through a web GUI. During hardy development a call to the edubuntu community will be made to test and give feedback about the feature set and usability of this very setup. Missing features will be filed as whishlist bugs.
- Mass system maintenance
- puppet uses configuration "manifests" and files (for distribution to clients) that live under /etc/puppet/ on the puppetmaster (server). There is no impact here to existing UIs.
- puppet clients query the puppetmaster for configuration directives and apply these directives to themselves. It is thus possible for locally-made configuration changes to be overwritten by directives from the puppetmaster. (For example, a printer that was installed locally could disappear if the puppetmaster administrator has decided to push out a printers.conf file to the client in question.)
- puppet upstream is very active and responsive, and eager to see puppet moved into main. The project lead owns a company that sells support for puppet.
There is no existing tool to do mass maintenance; no migration to hardy will be necessary.
- It is desireable to wait for a sufficiently mature version of puppet before it is included in main. The project is moving quickly enough right now that there may be migration issues when upgrading between versions of puppet.
- Jorge Castro has ~1 year of experience implementing puppet in production and was very pleased.
- Matt Oquist began implementing puppet in production 6 weeks ago and is so far pleased.
- Matt is happy to help test a 1.0 version of puppet when it becomes available.
- Mass user maintenance tool selection
BoF agenda and discussion
- User Management
LDAP: We need a bulk import tool, and, even more, the gnome user/group admin tools need ldapification (see https://blueprints.launchpad.net/ubuntu/+spec/edubuntu-user-management)
Open Account Provisioning System (OAPS) tries to do this kind of thing. It's used to automatically create accounts, deactivate them and so on. https://svn.revolutionlinux.com/OpenRevolution/OAPS/
General information about management software : http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software
- webmin (note that we will use ebox by default for web-based maintenance it provides similar functionality)
- has security problems, doesn't handle configuration files right, bad reputation
- has good bulk-import and user management interfaces that even work for Samba/LDAP
See also server team discussion: opensource-management-tools gobby file and https://blueprints.edge.launchpad.net/ubuntu/+spec/enterprise-system-config-management