Mass installation procedure for Debian?
Hi, I have to deal in the near future with a lot of Debian machines, that I will setup and configure for two customers. I like to develop or use some mechanism for mass installation of these machines, and for easily setting up a spare part machine if one crashes. Basically, I like to do something like kickstart does for RedHat or Mandrake. You created some kind of config file for the installer and afterwards it just works. (More or less) Does something like this exist already in Debian, or is it planned and I can contribute to it? This is a desperate need, cause I have to enable not so skilled admins to get the machine up and replaced without actually needing to travel to the location of the machines. I hacked up a crude solution for this yet. I took the dpkg -l output of an existing machine, put it in a this depends on that table and selected all packages which nothing depends on. So, I have the list which installs the system, with some apt-get magic. But this is still a two way solution, cause you need to get a basic machine up and running, ftp the perl scripts and the data, and then finish the installation. Finally, you have to fetch the configuration files from the ftp too, and put them in place. Not very fine and not very easy. I don't need a backup, cause the machines that can be replaced this way don't have any user data on it. Web servers, proxies, and so on. The data storages are backed up, setup redundantly and if these machines crash, I am in trouble which needs my attention. So, any ideas would be highly appreciated. best regards, Oliver -- - Oliver Andrich | Tel.: 0261-5009075 IT Projektmanagement,| Mobil: 0172-6538591 Systemprogrammierung und -design | Fax: 069-13305990076 | Email: [EMAIL PROTECTED] - Fingerpring: 2AB5 B998 8BD2 AC3A E12A 3A8A 171E 5B1B EC4B 3C2B - msg05197/pgp0.pgp Description: PGP signature
Re: Mass installation procedure for Debian?
-BEGIN PGP SIGNED MESSAGE- On Sat, 2 Feb 2002, Oliver Andrich wrote: I have to deal in the near future with a lot of Debian machines, that I will setup and configure for two customers. I like to develop or use some mechanism for mass installation of these machines, and for easily setting up a spare part machine if one crashes. Hello, it seems like there's a lot of interest in this topic lately. Basically, I like to do something like kickstart does for RedHat or Mandrake. You created some kind of config file for the installer and afterwards it just works. (More or less) Have a look at http://www.informatik.uni-koeln.de/fai/ Quite close to you, also in Germany :-) This website seems to be down currently. You can also find this nice little thingie as Debian package fai. http://packages.debian.org/testing/admin/fai.html Does something like this exist already in Debian, or is it planned and I can contribute to it? This is a desperate need, cause I have to enable not so skilled admins to get the machine up and replaced without actually needing to travel to the location of the machines. Actually, I am currently investigating the following, and I wonder if it already exists and how much work it would be to really implement it: 1) setup FAI server and client on i386 platform (identical arch) 2) setup FAI server and client on different platforms (swapping client and server roles), still Debian but also on sparc architecture 3) setup FAI server on another Linux distribution than Debian (distribution independence) and maybe *BSD 4) port FAI server to run on Unix platforms (Solaris) or even use the native tool (JumpStart) to perform the same task, whichever seems appropriate 5) modify FAI to work not only with Debian but also with RPM-based Linux distributions, .tar.gz based distributions (e.g. LFS) and finally BSDs 6) you don't wanna know that :-) I didn't have the chance to visit the FAI mailing list archives yet, but basically the first two should already work as far as I read the docs. The third one should be possible at least with a manual setup, just configuring DHCP, TFTP and NFS manually. Same applies to 4, because these are standard services, even Win2k should theoretically be possible, but I don't really know if I want that :-). The fifth one would be the real killer application, but it's probably a lot of work because you don't only have to switch to rpm on the client, but also configure the basic stuff, which probably looks a little different in every distro... If we could share the workload, that would be way cool! Have a nice weekend Alex - -- Forgive me, but I'm talking to a politician. John Simpson, BBC World -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBPFvR9WWTYnZjEXP1AQFb9gQAgOnW7BLkCCFkEjX1Vvq1Hx1ZrTi3K0Xk YR1KFQb5GzKckd2TOnCLRmyq6Y2cpYTswosEWS5tDnHO58XFeXLAQle2S9jZBFXc cUbXku2RbgdjOYWXlkDE5w/dPVnO4+eJJXyF+59cgByqZZ3Ef4IMWpaDWhHDVjSe F2mUyTOw3DQ= =d+tT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: recheck for new partition without reboot?
On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: unstable is unstable; stable is outdated
Donovan Baarda wrote: What do you think of having a mini distribution that limits the number of packages allowed? Why not just call it debian-core. Then you can have debian-gnome, debian-kde, debian-xfree etc. Each of these can be implemented as seperate distro's with their own releases, using Packages files pointing into the pool. I was thinking something similar to this would be cool, just I wouldn't like to have to add a lot of lines in my sources.list. Maybe something like tasks with versions could be used. Packages from other tasks (or the task itself) could depend on a certain version of another task instead of depending on many packages within that task. Tasks that are not yet released could be called unstable, testing, and stablish (maybe somthing better). Unstable would have new untested packages. Testing would have packages that passed some automated tests. Stablish would have packages that were in testing and didn't have any important bug reports within a certain amount of time. Maybe there could be one more for alplha and beta versions of packages. If all works well, unstable should have the lastes packages and be a little stable, testing should be a little less stable than Red Hat, stablish should be a little more stable than Red Hat, and stable should be as stable as it's always been, but more up to date. :) This paritions the dependancies, making it all easier to manage, speeding the release cycle and potentialy allowing people to mix-n-match stable-core with unstable-gnome if they wish. Yup. :) P.S. I think we need a better name than stablish... Maybe call that stable and the current stable rockstable??? Also maybe they souldn't be called tasks but something new. I'm not good at making up names. -- Ivan Jager -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Remote Client Relay
On 01/02/02, Gene Grimm wrote: We are trying to configure our new Postfix mail server to allow relay for a new remote client. Our configuration file currently includes the following directive in main.cf: smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_access, reject_unknown_client Please show the content of the file /etc/postfix/client_access. Feb 1 10:17:23 mail-gr-oh postfix/smtpd[19051]: connect from unknown[207.17.252.3] Feb 1 10:17:23 mail-gr-oh postfix/smtpd[19051]: 87555337E2: client=unknown[207.17.252.3] Feb 1 10:17:23 mail-gr-oh postfix/smtpd[19051]: reject: RCPT from unknown[207.17.252.3]: 554 [EMAIL PROTECTED]: Recipient address rejected: Relay access denied; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] What configuration do we need to permit a specific external IP address to relay from outside our network to any recipients without opening the server for spammers? Is this a dynamically or a statical IP? In case of a statical one, you can use a map with check_client_access or mynetworks. In case a of a dynamical one, you would need to either use SMTP-after-POP or SMTP-Auth. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853 msg05201/pgp0.pgp Description: PGP signature
Re: Mass installation procedure for Debian?
On Sat, 2 Feb 2002, Oliver Andrich wrote: I hacked up a crude solution for this yet. I took the dpkg -l output of an existing machine, put it in a this depends on that table and selected all packages which nothing depends on. So, I have the list which installs the Have a look at dpkg(8)'s --get-selections and --set-selections. Jeremy C. Reed echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL@8L?:5GDEJ8LDG1' |\ sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: recheck for new partition without reboot?
On Sat, Feb 02, 2002 at 02:02:31PM +0100, Marcin Owsiany wrote: On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... It does; however IIRC the ioctl call results in a successful reread of the partition table only if none of the other partitions on that drive are currently mounted. Since the OP says other partitions were in use, I assume he means they were mounted. I'm afraid in this case a reboot is called for, though I'd love to hear otherwise. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton msg05203/pgp0.pgp Description: PGP signature
postfix with LDAP smtp authentication
Hey, I am considering using postfix as mail server, working completely with LDAP as database backend. I got everything working, but smtp authentication with LDAP. I have searched around, but could not find anything related with direct LDAP authentication, only SASL which too me looks like introducing an unnecesarry component. Is there any way to do direct LDAP smtp authentication? Or do I have to write such a patch myself?? Regards, -- Paul Fleischer // ProGuy [EMAIL PROTECTED] PGP key fingerprint: 755A 9FB3 F7E4 DB62 8154 C5D6 381B BBCD 7BE1 FF30 Registered Linux User #166300 http://counter.li.org msg05204/pgp0.pgp Description: PGP signature
*****SPAM***** Re: unstable is unstable; stable is outdated]
Hi, Thank you for telling me. Unfortunately, Spews and OSIRUS (they use Spews' list, so essentially the same applies) have listed many ISPs in Hong Kong and around Asia, meaning many of us over here are blocked from sending emails to the USA if a company uses Spews. That is why we suggest that businesses use ORDB (http://www.ordb.com) as it blocks most spam, but ONLY blocks spam and very rarely legitimate emails (we use this list for our personal emails too). Spews is supposedly early warning, hence if the owner of Spews thinks there may be spam coming from a certain place, they block if off first, whether or not spam will really come through there or not. ORDB, on the other hand, uses automated testing to block mail servers, rather than rely on the decision of one or two unaccountable people with their own ideas. Telstra in Australia, PCCW (Pacific Century Cyberworks/ Hong Kong Telecom), Singtel, and others in Asia have many netblocks listed in Spews. Sprint is also has large chunks of netblocks blocked. We used it before and had too much legitimate business email blocked. So, again, thanks for telling me, but there is little I can do to unblock Asian ISPs. Spews is unaccountable to anyone and no one can contact them (which they say on their website). They have banged heads with many ISPs in Asia... maybe the owner of Spews is overly patriotic to the USA to the point of being racist (but I'll leave that discussion there). Sincerely, Jason - Original Message - From: Oliver Andrich [EMAIL PROTECTED] To: Jason Lim [EMAIL PROTECTED] Sent: Saturday, February 02, 2002 8:52 AM Subject: [EMAIL PROTECTED]: *SPAM* Re: unstable is unstable; stable is outdated] Hi, may be it is of interest to you, that the mailservers of your provider are in a anti-spam list. If not, just delete this mail. Discovered it, when my spamassassin caugth your email. Best regards, Oliver -- -- --- Oliver Andrich | Tel.: 0261-5009075 IT Projektmanagement,| Mobil: 0172-6538591 Systemprogrammierung und -design | Fax: 069-13305990076 | Email: [EMAIL PROTECTED] -- --- Fingerpring: 2AB5 B998 8BD2 AC3A E12A 3A8A 171E 5B1B EC4B 3C2B -- ---
Re: unstable is unstable; stable is outdated
This paritions the dependancies, making it all easier to manage, speeding the release cycle and potentialy allowing people to mix-n-match stable-core with unstable-gnome if they wish. So do you mean that these sub-distros don't have any dependencies on any packages within the other sub-distros? I think that is what he means... that you could throw a hybrid system together. For example... most ISPs would probably want the most up to date apache and proftpd (or whatever your combination is). They don't really care to have the most up to date compilers or libraries or anything else... only what is required to get the latest apache and proftpd. I can see a problem in this idea though, as many packages have cross depedancies. EG. apache needs library A version 2, while proftpd needs library A version 3. How would that be handled? Upgrading to libarary A version 3 might break apache...
Mass installation procedure for Debian?
Hi, I have to deal in the near future with a lot of Debian machines, that I will setup and configure for two customers. I like to develop or use some mechanism for mass installation of these machines, and for easily setting up a spare part machine if one crashes. Basically, I like to do something like kickstart does for RedHat or Mandrake. You created some kind of config file for the installer and afterwards it just works. (More or less) Does something like this exist already in Debian, or is it planned and I can contribute to it? This is a desperate need, cause I have to enable not so skilled admins to get the machine up and replaced without actually needing to travel to the location of the machines. I hacked up a crude solution for this yet. I took the dpkg -l output of an existing machine, put it in a this depends on that table and selected all packages which nothing depends on. So, I have the list which installs the system, with some apt-get magic. But this is still a two way solution, cause you need to get a basic machine up and running, ftp the perl scripts and the data, and then finish the installation. Finally, you have to fetch the configuration files from the ftp too, and put them in place. Not very fine and not very easy. I don't need a backup, cause the machines that can be replaced this way don't have any user data on it. Web servers, proxies, and so on. The data storages are backed up, setup redundantly and if these machines crash, I am in trouble which needs my attention. So, any ideas would be highly appreciated. best regards, Oliver -- - Oliver Andrich | Tel.: 0261-5009075 IT Projektmanagement,| Mobil: 0172-6538591 Systemprogrammierung und -design | Fax: 069-13305990076 | Email: [EMAIL PROTECTED] - Fingerpring: 2AB5 B998 8BD2 AC3A E12A 3A8A 171E 5B1B EC4B 3C2B - pgpSgiAtDS6xk.pgp Description: PGP signature
Re: Mass installation procedure for Debian?
-BEGIN PGP SIGNED MESSAGE- On Sat, 2 Feb 2002, Oliver Andrich wrote: I have to deal in the near future with a lot of Debian machines, that I will setup and configure for two customers. I like to develop or use some mechanism for mass installation of these machines, and for easily setting up a spare part machine if one crashes. Hello, it seems like there's a lot of interest in this topic lately. Basically, I like to do something like kickstart does for RedHat or Mandrake. You created some kind of config file for the installer and afterwards it just works. (More or less) Have a look at http://www.informatik.uni-koeln.de/fai/ Quite close to you, also in Germany :-) This website seems to be down currently. You can also find this nice little thingie as Debian package fai. http://packages.debian.org/testing/admin/fai.html Does something like this exist already in Debian, or is it planned and I can contribute to it? This is a desperate need, cause I have to enable not so skilled admins to get the machine up and replaced without actually needing to travel to the location of the machines. Actually, I am currently investigating the following, and I wonder if it already exists and how much work it would be to really implement it: 1) setup FAI server and client on i386 platform (identical arch) 2) setup FAI server and client on different platforms (swapping client and server roles), still Debian but also on sparc architecture 3) setup FAI server on another Linux distribution than Debian (distribution independence) and maybe *BSD 4) port FAI server to run on Unix platforms (Solaris) or even use the native tool (JumpStart) to perform the same task, whichever seems appropriate 5) modify FAI to work not only with Debian but also with RPM-based Linux distributions, .tar.gz based distributions (e.g. LFS) and finally BSDs 6) you don't wanna know that :-) I didn't have the chance to visit the FAI mailing list archives yet, but basically the first two should already work as far as I read the docs. The third one should be possible at least with a manual setup, just configuring DHCP, TFTP and NFS manually. Same applies to 4, because these are standard services, even Win2k should theoretically be possible, but I don't really know if I want that :-). The fifth one would be the real killer application, but it's probably a lot of work because you don't only have to switch to rpm on the client, but also configure the basic stuff, which probably looks a little different in every distro... If we could share the workload, that would be way cool! Have a nice weekend Alex - -- Forgive me, but I'm talking to a politician. John Simpson, BBC World -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBPFvR9WWTYnZjEXP1AQFb9gQAgOnW7BLkCCFkEjX1Vvq1Hx1ZrTi3K0Xk YR1KFQb5GzKckd2TOnCLRmyq6Y2cpYTswosEWS5tDnHO58XFeXLAQle2S9jZBFXc cUbXku2RbgdjOYWXlkDE5w/dPVnO4+eJJXyF+59cgByqZZ3Ef4IMWpaDWhHDVjSe F2mUyTOw3DQ= =d+tT -END PGP SIGNATURE-
Re: recheck for new partition without reboot?
On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Re: unstable is unstable; stable is outdated
Donovan Baarda wrote: What do you think of having a mini distribution that limits the number of packages allowed? Why not just call it debian-core. Then you can have debian-gnome, debian-kde, debian-xfree etc. Each of these can be implemented as seperate distro's with their own releases, using Packages files pointing into the pool. I was thinking something similar to this would be cool, just I wouldn't like to have to add a lot of lines in my sources.list. Maybe something like tasks with versions could be used. Packages from other tasks (or the task itself) could depend on a certain version of another task instead of depending on many packages within that task. Tasks that are not yet released could be called unstable, testing, and stablish (maybe somthing better). Unstable would have new untested packages. Testing would have packages that passed some automated tests. Stablish would have packages that were in testing and didn't have any important bug reports within a certain amount of time. Maybe there could be one more for alplha and beta versions of packages. If all works well, unstable should have the lastes packages and be a little stable, testing should be a little less stable than Red Hat, stablish should be a little more stable than Red Hat, and stable should be as stable as it's always been, but more up to date. :) This paritions the dependancies, making it all easier to manage, speeding the release cycle and potentialy allowing people to mix-n-match stable-core with unstable-gnome if they wish. Yup. :) P.S. I think we need a better name than stablish... Maybe call that stable and the current stable rockstable??? Also maybe they souldn't be called tasks but something new. I'm not good at making up names. -- Ivan Jager
Re: Mass installation procedure for Debian?
On Sat, 2 Feb 2002, Oliver Andrich wrote: I hacked up a crude solution for this yet. I took the dpkg -l output of an existing machine, put it in a this depends on that table and selected all packages which nothing depends on. So, I have the list which installs the Have a look at dpkg(8)'s --get-selections and --set-selections. Jeremy C. Reed echo '9,J8HD,[EMAIL PROTECTED]:[EMAIL PROTECTED];[EMAIL PROTECTED]@5GBIELD54DL@8L?:5GDEJ8LDG1' |\ sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'
Re: recheck for new partition without reboot?
On Sat, Feb 02, 2002 at 02:02:31PM +0100, Marcin Owsiany wrote: On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... It does; however IIRC the ioctl call results in a successful reread of the partition table only if none of the other partitions on that drive are currently mounted. Since the OP says other partitions were in use, I assume he means they were mounted. I'm afraid in this case a reboot is called for, though I'd love to hear otherwise. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpMiQUPp6fkV.pgp Description: PGP signature
postfix with LDAP smtp authentication
Hey, I am considering using postfix as mail server, working completely with LDAP as database backend. I got everything working, but smtp authentication with LDAP. I have searched around, but could not find anything related with direct LDAP authentication, only SASL which too me looks like introducing an unnecesarry component. Is there any way to do direct LDAP smtp authentication? Or do I have to write such a patch myself?? Regards, -- Paul Fleischer // ProGuy [EMAIL PROTECTED] PGP key fingerprint: 755A 9FB3 F7E4 DB62 8154 C5D6 381B BBCD 7BE1 FF30 Registered Linux User #166300 http://counter.li.org pgpG97gUQABKB.pgp Description: PGP signature