Comments in line
Darrel O'Pry wrote:
Well I guess I'll try to start a discussion about what would be needed
for an ISP distribution, and present a basic primer to how I run my
systems as an example of needs or things to keep in mind developing an
ISP distribution that can meet a wide variety of needs.
I'm agree with you, a distro with solely what is needed to run a general purpose ISP.
I think it might be easier to develop and maintain ISP specific meta-packages, as Ben Lisle suggested? Would he be willing to put his existing meta-packages on the open market for community review and maintenance?
Meta-Packages that reflect my deployments would include:
The list of packages to be included should be disussion matter. In example some people love postfix while i rather like exim, but the global idea is, at least for me, include in the distro 2 programs for each need in order to the sysadmin decide which one he will use:
- web server: apache, minihttpd - mta: exim, postfix, qmail - imap/pop3: qpopper, courier, cyrus - database: mysql, postgress - radius: freeraidus, radiator - etc...
One advantage of an ISP specific branch of Debian may be a quicker
release cycle since, hopefully, it will depend on fewer packages, and
the bug squashing will be easier. The slow release cycle has been the
biggest problem for me as a systems administrator. It is difficult to
keep your product line up to date and services up to date, when you are
working with outdated packages. I finally gained enough trust in testing
and moved over most of my production servers which has alleviated this
problem, but I expect I will have it again in a year or two.
A quick release in not as important as mantain your distro secure and fault tolerant. However, again i'm agree that is better to patch a small package distro than a general purpose distro with thousands of packages.
Other expectations I would have of an ISP friendly distribution of
debian would be a cluster friendly file system layout, and a set of
shell scripts for managing users, ftp, and web accounts. Currently I use a layout along the lines of /var/www/domains/a/adomain.com/,
/var/www/usersite/u/username/, /var/media/qt/a/auser,
/var/media/real/a/user
Use LVM or help admin use it, ok! But inject script to manipulate users or accounts is not a good idea. For example in my case i use a different organization than your, organization that as you i love and i don't want to be forced to change it:
/export/virt-isp/TLD/DOMAIN/htdocs/SUBDOMAINS
/export/virt-isp/org/debian/htdocs/www/*
With symlinks from the users home directory ~/domains/adomain.com -> domains owned by user, ~/public_html->usersite, ~/media/real/ -> real server content dirs, ~media/Darwin/ -> Darwin content dirs
Due to my config i only use 1 symlink for a directory at the same level in the directory structure that 'htdocs' named 'secure' which is intended to be used for SSL content.
/export/virt-isp/org/debian/secure | +-----> /export/virt-isp/org/debian/htdocs/secure
I only have to provide shell access on particular servers and users can manage data for all of their services via nfs or your shared file system of choice. I do not have a central authentication architecture in place, currently, just keep uids/permissions etc in line across servers via shell scripts && ssh). I haven't clustered anything besides my mail services yet(still trying to figure out how to best implement everything), but I am currently looking into LVS, and looking for a good low-budget filer/nfs setup to start-with.
This is not the moment in fact but i recommend you use a radius for centlam management (there are pam modules for radius authentication named pam_radius) and at least a RAID device or RAID software because your business deppendens on the reliability you can offer. LVS will come then, and beliveme... LVS is not the panacea.
I think it is something to keep in mind for allowing ISPs to have an
easy expansion path to meet growth.
I'm sure there are people out there with better method of implementing this, or maybe better ideas about going about this kind of work, but this seems to work pretty well for my small ISP, but I'm relatively in experienced at this job and kind of hack it together as I go to in attempts to keep legacy customers happy, provide the widest possible base of services and options, keep up with current applications, and make an attempt at maintaining the security of my network. Any feedback, ideas, or suggestions are greatly appreciated.
Same feeling. :)
.darrel.
BR,
jonathan
-----Original Message----- From: Jonathan G [mailto:[EMAIL PROTECTED] Sent: Thursday, September 16, 2004 6:12 AM To: [EMAIL PROTECTED] Subject: Re: Defining ISP?
Well, we can start reading the following documents about how to create
a
CDD (Custom Debian Distribution):
- http://wiki.debian.net/index.cgi?CustomDebian - http://alioth.debian.org/projects/cdd/ - http://people.debian.org/~tille/debian-med/talks/paper-cdd/debian- cdd.html/ - http://people.debian.org/~kalfa/cdd/debian-devel
BR,
jonathan
shift wrote:
hej J.
Me I'd like to be in it.
shift
----- Original Message ----- From: "Jonathan G" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 15, 2004 12:42 PM Subject: Re: Defining ISP?
I would be so please with the help of the phorun to propose open a
new
branch into the Debian community dedicated to ISP.
Whom of you're interested??
BR,
jonathan
shift wrote:
The idea seems still interesting to me 2 days after the week-end!
( Did
some definitive dammage happen? :) I imagine an install, giving possibilities of Raid, backup,
replication,
networking etc from the start, all necessary tools and programs, in
a
compact, easy to use distribution with some "ncursed" ISP specific administration tools. Something secure, minimalistic (I like the
word
and
the concept) and with some optimization possibilities. does-it still seem confuse? Is it "une idee farfelue"?
shift
----- Original Message ----- From: "Jonathan G - Mailing Lists" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 14, 2004 3:39 PM Subject: Re: Defining ISP?
Hi,
what i used to do is install a base system and then install some
of
the
package packs i've defined.
For example, if what i want is install a web server with php %
perl
support i use a config file what i've defined myself which
contains
this:
apt-get install apache2-common apache2-mpm-prefork libapache2-mod-auth-mysql libapache2-mod-perl2 php4-common libmailtools-perl libhtml-format-perl bzip2 file
libio-socket-ssl-perl
ca-certificates libapache2-mod-php4 php4-mysql php4-pear
For the rest of services exactly the same. I'v defined manually
the
whole list of packages needed for web server, ftp server, irc
server,
mail server (smtp, pop and imap), antivirus server, etc...
If you can build a local mirror of you version of debian, i.e.
sarge,
you can do local network installations, and your installs will be
so
fast.
That work fine for me at least :)
BR,
jonathan
Christian Hammers wrote:
On 2004-09-14 shift wrote:
Thinking maybe of a an ISP specific install. Lighter and even
more
secure. A minimalistic distribution...
Most ISP will probably have different servers for the different
services
and on each of them they will start with a secure base install with
as
few
software installed as possible and then just install
apache/postfix/proftpd
whatever they need and customize it.
I don't see a big bonus in a special ISP distribution. A better
integration of iptables firewalls, vlans or traffic shapers would
be
nice
but that's nothing ISP specific.
bye,
-christian-
P.S.: pbuilder is a nice tool to build minimal installations that
you
can just untar onto a new harddisk
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
-- :::: Jonathan Gonzalez Fernandez ::::
(o> mail : [EMAIL PROTECTED] //\ jabber: [EMAIL PROTECTED] V_/ site : www.surestorm.com
::: Registered Linux User #333386 :::
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
-- :::: Jonathan Gonzalez Fernandez ::::
(o> mail : [EMAIL PROTECTED] //\ jabber: [EMAIL PROTECTED] V_/ site : www.surestorm.com
::: Registered Linux User #333386 :::
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Incoming mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.269 / Virus Database: 264.9.0 - Release Date: 9/13/2004
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]