enterprise-ubuntu team mailing list archive

[Dave Russell <dave.russell@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/02/13 09:37, Philipp Gassmann wrote:
> Ballock asked me for some explanation on our Desktop Setup. See
> below for the questions.
> 
> The Setup is designed as a one-time setup. Without configuration
> management. There are two scripts. one is executed directly after
> installation, before shutdown. There I add some additional software
> and sources. If an nvidia-graphics card is detected, I install the
> proprietary driver (nvidia-current-updates), by default Ubuntu
> installs the open source nouveau driver and on first login asks for
> installation of additional drivers. The RESOURCES Variable is just
> the first part of the http URL where I download some files. e.g.
> the script 2 or templates, so I can use wget $RESORURCE/script2.sh.
> It is nowhere used in the published script because I replaced the
> URL and removed things like the templates. I'll remove that.
> 
> Skript 2: User-setup: Script 2 is a interactive script which runs
> in a X screen where I use zenity for user Input. It is started by a
> custom upstart job which hooks in on "starting-dm" i.e. before
> lightdm (login-screen) is started. The script then launches the X
> Server, and a gnome-terminal on the X screen, which launches the
> same script again with "stage2" as parameter, that's the part with
> the graphical queries.
> 
> Disk Encryption: The Preseed file sets a temporary password. And in
> the User Setup script, a Sys-Admin has to enter the default
> password, which is veryfied by the hash. Then the temporary
> password is replaced with the default admin password and the users
> password is added as an additional passphrase. Like that we have
> the same admin password on every machine (for emergency access or
> whatever). I like the Idea of ballock to generate a passphrase and
> upload that to a central server, where it can be looked up if
> needed. How exactly do you do that?

Several people/organisations on this list have written their own tools
to do such a task, there is also a third party toolset which has been
developed for this purpose (amongst others).

http://www.gazzang.com/products/zescrow

Enjoy.

> Cheers, Philipp
> 
> 
> 
> Am 15.02.2013 08:58, schrieb Bolesław Tokarski:
>> Hi Philipp,
>> 
>> Ok, I can elaborate a bit on this.
>> 
>> The seed file and the scripts are working in your company and
>> this is good, as the reader (myself) knows that these actually
>> work fine there.
>> 
>> However, what suited your company may not be the best fit for
>> somebody else, so what he (me) does is he tries to read what you
>> achieved and use the parts that apply. I can read shell code, so
>> I am in a good position to find out, but it's not always
>> obvious.
>> 
>> For example, as I read Skript 1: ubuntu-desktop-bootstrap.sh I
>> can see a RESOURCES variable definition and this suggests that I
>> should have a webserver running that provides some variables.
>> Later on I see that you install additional gpu and wlan drivers,
>> but I do not know the reason for it. I thought Ubuntu installs
>> the drivers on its own.
>> 
>> In Skript 2: ubuntu-desktop-bootstrap-user.sh I come to a halt,
>> as I believe you set up your environment in a X-server window and
>> I can't find a reason for it. I guess that either you are not
>> using central authentication server but set up users manually,
>> manage crypted LVM and/or do some other magic.
>> 
>> The environment you describe looks pretty refined, so I would
>> love to read some background/introduction before getting into the
>> actual scripts. The good thing about the scripts is that you put
>> in a lot of comments, so each action is described at least with a
>> minimal comment. I am particularly interested in the HDD password
>> management part, as I know we needed to do a similar tool and
>> upload a backup password to a central server.
>> 
>> That put aside, during our phonecall I believe you mentioned
>> someting about you using Puppet for Configuration Management? I
>> found that some of your tweaks we did with CFEngine and I can
>> tell you there is a number of benefits from doing it from a CM
>> instead of from a post-install script.
>> 
>> Cheers, Ballock
>> 
>> 
>> On 02/14/2013 03:42 PM, Philipp Gassmann wrote:
>>> Hi Ballock
>>> 
>>> What do you mean by "and I would use some comment on what you
>>> achieved with them. " ?
>>> 
>>> 
>>> Am 14.02.2013 14:39, schrieb Bolesław Tokarski:
>>>> Hello, Philipp,
>>>> 
>>>> It's great to see you made it and it works for you :)
>>>> 
>>>> I had a glimpse at both the preseed site and the scripts and
>>>> I see the seed file resembling the one we use. However, the
>>>> additional scripts are interesting and I would use some
>>>> comment on what you achieved with them.
>>>> 
>>>> Cheers, Ballock
>>>> 
>>>> On 02/14/2013 02:15 PM, Philipp Gassmann wrote:
>>>>> Hello Everyone
>>>>> 
>>>>> Some time ago I asked for help about automating Ubuntu
>>>>> Desktop Installation. In the meantime I finished the Setup
>>>>> and it works great.
>>>>> 
>>>>> Now i published the full preseed file including the scripts
>>>>> I use to configure the system for the User.
>>>>> 
>>>>> https://wiki.ubuntu.com/Enterprise/WorkstationAutoinstallPreseed
>>>>>
>>>>> 
I removed some specifics, but I kept much possibly useful information
>>>>> and details.
>>>>> 
>>>>> Greetings from Switzerland, Philipp Gassmann
>>>>> 
>>>>> Am 04.01.2013 09:40, schrieb Philipp Gassmann:
>>>>>> Hello everyone
>>>>>> 
>>>>>> I'm looking for a nice way to set up Ubuntu Desktop on
>>>>>> Notebooks for our Company.
>>>>>> 
>>>>>> Till now we've been using Fedora and automated
>>>>>> installation over PXE with Cobbler and Kickstart.
>>>>>> 
>>>>>> We want encryption for /home /tmp /swap. We used full
>>>>>> disk encryption with LVM an luks/cryptsetup.
>>>>>> 
>>>>>> Fedora uses Anaconda and Kickstart files that make it
>>>>>> easy to automate the full installation process, including
>>>>>> disk encryption, package installation and post-scripts. 
>>>>>> We're using a custom firstboot script to set up the user
>>>>>> and add his password to cryptsetup.
>>>>>> 
>>>>>> I was looking for ways to integrate Ubuntu Desktop
>>>>>> Staging into our existing Cobbler PXE Setup (on CentOS)
>>>>>> but I could only find fragments and not much on 12.04. A
>>>>>> lot of the information is incomplete or outdated (11.10
>>>>>> or earlier) 
>>>>>> https://help.ubuntu.com/community/Installation/Netboot 
>>>>>> http://michaeldehaan.net/post/39496835943/experiences-with-cobbler-deploying-ubuntu-precise
>>>>>>
>>>>>>
>>>>>>
>>>>>> 
Does Ubuntu save the answers / preseed file when installing manually?
>>>>>> Couldn't find the information on the installed system or
>>>>>> during installation. Fedora generates a kickstart file
>>>>>> you can then reuse to set up other systems.
>>>>>> 
>>>>>> What do you use/recommend for desktop installation?
>>>>>> 
>>>>>> It would be great if some more detailed information could
>>>>>> be found on the Enterprise Ubuntu Wiki. 
>>>>>> https://wiki.ubuntu.com/Enterprise/Needs
>>>>>> 
>>>>>> Our needs:
>>>>>> 
>>>>>> - Fully automated - Network Boot (PXE) - Integration in
>>>>>> current Cobbler Setup - Encrypted Disk - Custom package
>>>>>> selection - Script to set up printers etc. - Firstboot
>>>>>> User setup (OEM-Install option?)
>>>>>> 
>>>>>> Thank you
>>>>>> 
>>>>>> Philipp Gassmann
>>>>>> 
>>>>>> Puzzle ITC GmbH http://www.puzzle.ch
>>>>>> 
>>>>>> Telefon +41 31 370 22 00 Direkt  +41 31 370 22 13 Fax
>>>>>> +41 31 370 22 01
>>>>>> 
>>>>>> Werfen Sie einen Blick in unseren Blog: 
>>>>>> http://www.puzzle.ch/blog
>>>>>> 
>>>>>> 
> 
> 



- -- 

Cheers,
       Dave Russell

Global Sales Engineering Manager
Canonical                       Mobile +44 (0) 787 298 5998
GPG FPR: 050C DFF1 08FC E3E5 FC88  CEDB 65B7 66C7 2C2E DE51

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRHgKVAAoJEGW3ZscsLt5RhtkH/i0mUomSqT8q0ewJCc31VqXi
u7iSLBn8T1GrVBlcoZwX396McxgNAm1pWUa2pMKSs9dmLRxpVSm5oOE+eAewYOR+
FiFC87cDs+0jWPNtsMYw/sE1uPGLHr8geDu0n+D0zcn+sd21EuabZ4zxrMeN+VJW
qlbMzabIB+38wF/xf81EqMFX/jNB2C714xKtaBbN5vlpKHzKo/kSzM4nfm+Z7O1z
I2mHIYzAB21tqXqmmt9Z5PUlSm7JC13uHM0POwi8rUJ3d1CbQ3afT8h2V9ue0Sfd
M1H/Yz+YfI6J+lT03gpOTla56BF0Kdfxuh7HL5Vkr2pIgiObU3ehy9R6UHCPsxE=
=vlOS
-----END PGP SIGNATURE-----