Designing A Linux Distribution For NASA? 22
Zenker asks: "At NASA we are offering Linux as an alternative to Windows for anyone who wants it. I am working on a contract that puts a new computer on everyone's desktop and we will provide support and services for them. I need to assemble a distribution that will have all the necessary applications without flooding them with numerous option. I don't want to support every word processor and every spreadsheet out there. A good security policy is also necessary. What distribution would you use as a base for supporting a few hundred Linux desktops? Which applications would be standard for your office suite? What would your security policy be?"
Always wanted to know, myself (Score:1)
Start with an existing distribution and modify it to your needs. Redhat has great hardware detection and stability. Further, VA Linux Distro (based off of redhat) has additional features (2.4.0 IDE backport patch included in their 2.2.18 kernel).
Applications? That's a toughie. StarOffice seems like a good way to go because it has most the apps a user will need, and has great upgradability with future openoffice versions.
You might look into creating cookie-cutter installations where everyone has the same exact desktop, buttons, etc. It would be easier to support, but annoying for power users.
HTH
Why not... (Score:1)
There won't be many software issues that the user can screw up in this configuration, an upgrade will only need to happen on the cluster (NOT on hundreds or thousands of workstations), and everything can be managed separately.
Forcing users to store their files on the cluster (or encouraging this, by having
At that point, you can consider giving 'power users' access to install their own software in
Think ahead - what happens if there's another critical upgrade necessary (like Linux kernel
Next, install StarOffice. Yes, I know, it's not the greatest, but it has decent support for MS document formats, and as much as I hate to say it, you need them. Your customers/partners/suppliers might send you stuff in those formats and you *have* to be able to read them.
Next, install a decent web browser. Perhaps the latest Mozilla milestone release or something (NOT Netscape 6!) or maybe something lighter derived from Mozilla.
Whatever you decide to do, please choose carefully. I think you have a great opportunity to make things easier on your IS department in the long run.
Mandrake (Score:2)
--
Re:Mandrake (Score:1)
Make no mistake, you are going to have to spend a good bit of time and effort up front with this sort of thing. With Linux, you are in control, rather than a vendor, so the buck really stops with you. Doing the research up front saves a lot of, "Oh, shit!!! What did I fsck up?!?! and how in the hell do I fix it?" later. Believe me, I know.
Even though it looks as if it has a huge amount of stuff, as do most of the major distros, you're defintitely better off starting with a full distro, installing it, testing it, and removing what you don't want. I wouldn't know where to begin "rolling your own" distro, but I wouldn't think it is an overnight project. I haven't used KickStart, but I have heard good thing about it. KickStart is used to script a RedHat/Mandrake install, to install what you need, and leave out what you don't. Other distros probably can use it as well, and I am sure there are other utils to do the same thing.
Do you have a good internet connection? I'd recommend checking out as many distros as you can firsthand, after reading the other replies. Most of the major distros are going to have way more than you want or need, and will need to be customised for you. Find out what "goodies" people really ARE using in their everyday life. You might be surprised. Well, maybe not about music;) Finding a LUG is a really good thing to do. Find someone with more experience than me. Find someone with more experience than you.
--
Linux from Scratch? (Score:1)
I think this project is well suited for tailor made copies of Linux, like you would like to have. Of course it will take more time to start from scratch but I feel in your situation it would be worth the extra effort. Good luck with your undertaking.
Re:Linux from Scratch? (Score:1)
Nice thing about alfs is that you just have to learn the XML syntax to make your own profiles.You could make a profile(ie your own distro, or specific nasa-worker) or just about anything.
You could put this all on a cdrom and use it that way, or more preferably you could do it through your network.... For a cd you would need the source packages, probably could use up through chap 5 in LFS on your cdrom, with perl and some extra alfs perl modules, and really that should be it. Stick it in a drive, run alfs and the profile and watch it go to work. You could also chroot your cd enviroment to make sure it worked etc. before you burnt the cd...
No more coasters..... :)
btw alfs.linuxfromscratch.org [linuxfromscratch.org] has just went up and is being worked on, and you can find the alfs code, and chap4, chap5, chap6 from LFS at http://cvs.linuxfromscratch.org/index.cgi/ALFS/bac kend/ [linuxfromscratch.org]
and you can find more info like the syntax docs in the ALFS directory.
BTW this is all changing fast so check the mail lists, and cvs occasionally....
Slackware (Score:1)
Re:Linux from Scratch? (Score:1)
Plus, using Debian/Red Hat/Mandrake/etc. will make applying security updates way easier than doing it by hand - it's a pain to keep track of all the software yourself.
My personal recommendation for distributions: Debian if you want a stable, secure, technically superior distribution; or Mandrake if you want something that's really easy to use and want to have all the latest software.
Re:Linux from Scratch? (Score:1)
PS, ALFS does work right now, it doesn't have a fancy interface like what is planned but it is usable to an extent, btw there are other implementations that were started when we first were talking about using XML with ALFS, one is Richard Lightmans RALFS [demon.co.uk] and Rod Roark LFSMake [lfsmake.org]
Re:Mandrake (Score:2)
I'm incredibly happy with Mandrake, coming from Redhat.
Re:Linux from Scratch? (Score:1)
Re:Linux from Scratch? (Score:1)
Ahh, OK, my .02 USD from marginal similar exp. (Score:4)
I have admin'd in a few middling-large environments (one, at a math dept with ~450 desktops, the other, at a chip designer firm with ~300 (and ~150 nodes in a sim farm); these numbers are subject to my bad memory). There are a few tips I have arrived at and have observed others say that may help:
One: NFS mount /home. Preferably not off of a linux NFS server, apparently Linux still isn't as good as, say, Solaris WRT NFS serving. Also note that, in the linux distros I've used in NFS/NIS environments, if the NFS/NIS server goes down and comes back up, the Linux clients can exhibit "odd" behavior. odd == {not coming back up, etc}. Both the client and server NFS funkiness may not be an issue with the new kernel, btw. This allows for _much easier_ centralized backup {tape library, raid, whatever). I imagine you already have your own network-centric user authentication system like NIS(+), ldap, kerberos, whatever. A second benefit to this is that of a user's machine dies, and you have a stock of "premade" workstations, you can just plug it in and they're back up. This requires a minimal bit of education WRT "keep all your shit in /home" but it's worth it.
Two: (this from an article written by the head admin @ RH). Use a source control system for your config files. That way you can track versions, changes, retrieve old versions, etc. CVS was the referenced system. This makes mucho sense when you think about it, as config file nightmares are enough to give the sturdiest admin pause.
Three: security is of course a combination of many things. network security is outside of the question's space, and I assume you already have that aspect covered anyway (NB: openbsd makes a kickass firewall router if you are looking for a cisco/lucent/whatever alternative). WRT host-based security, just turn off all the services you don't need. That's step #1. Axe inetd. Use shadow/MD5 passwords, or customize the distro to use something else secure (OTPIE, kerberos, isn't there encrypted NIS+ transmission?, et al. (the places I've worked at haven't been more paranoid than shadow/MD5 for the workstations)). Have a centralized loghost that you spend a LOT of time securing. (OTPIE == one time passwords in everything. a google search will pull it up; I think it's dicussed in the ORA Practical Unix and Internet Security book). There are other tweaks that can be done but I think what I've described will take you a long way. There is a book on the LDP (Linux Documentation Project) called Securing and Optimizing Linux that was IIRC pretty good.
The previous posters were all pretty much dead on that a pre-extant distro is probably what you want to start with. Either debian or Mandrake/RH would do fine. Debians package management system is pretty neat once you get used to it. Mandrake has an interesting install-time option that lets you affect system security on a wholescale level (file and dir permissions, su-ability, blah blah) via a selection box ranging from "Hello, Crackers!" to "Insane" or some such. Of course you may also have the resources to build a distro effectively from scratch to exactly fit you needs. Whatever works. I will say the one-step installs like KickStart (RH/?Mandrake?) or a Big Ass (tm) shell script launched from a boot/root floppy combined with a central media mount point (e.g. an NFS'd cdrom or a FTP dir) are _nice_ when you have 100s of machines to install. There was an article in the most recent LJ (maybe it was the one before that) about this.
WRT apps, StarOffice is OK. It gets the job done but you'll probably want 128+ MB of ram and a 400+ MHz processor. Browsing with Netscape is tolerable as long as you don't expect much. Groupware is a whole other thread in the making, and has shown up at least three times here on /. in the past week. That's probably the common subset of functionality the users will need (i.e. progammers and secretaries both check mail). After that, well, it depends on the users. If they're programmers, well, linux is a programmer's _dream operating system_ IMNSHO. As far as desktops go, I know that gdm (gtk-using-update of xdm) can launch different sessions selectively. So give them kde, gnome+(E/fvwm2/Afterstep/Whatever), or any other combo of things your black sysadmin heart desires and let the users choose what they like the best. StarOffice, Netscape, and xterm/rxvt/et.al. work the same in pretty much any desktop environment. KDE is particularly easy for most win32 users to adapt to.
Sorry if it seems like I have babble mode on, but I'm up late. ;-) Good luck! I'd offer to help in person (I'm in Texas, so is JSC, so there's a chance we're in the same area code) but I somehow doubt a national agency is going to be thrilled to have a 22-year-old goth punk who is probably utterly incapable of getting a security clearance (for pretty much all the reasons you could think of except being a spy for a foreign power) poking about their network...
Last tangental thought: ask the fellows over in the NSA about how they did it. Since they just released NSALinux v.01 or some such they have probably tested its use internally and in a similar environment (.gov, $security++). Maybe you could collaborate to produce some guidelines for other .gov agencies looking to make the switch (USDOC-STD-1234-ABCD-LMNOP no doubt ;-) )...
--
Re:Linux from Scratch? (Score:1)
Debian is nearly ideal for this (Score:2)
For supporting large numbers of clients, you can't go wrong with Debian.
After all, you can keep a central store of the software that you need, update it as necessary and have a cron job of apt-get running on each machine. Keep the software syncronized on every machine to a set standard ( with optional bits and pieces of course ). An install would be an easy matter of booting a floppy on the target machine.
Of course, this from someone who is for the first time getting a real handle on Debian ... *so* different from OpenBSD, but nice all the same :)
Only if you're thinking of ASP designs (Score:1)
Re:Mandrake (Score:1)
How would I scale it back? Write a rpm -e routine?? That seems kind of cheesy
Re:Linux from Scratch? (Score:1)
(just email it to highos@highos.com, that would be great)
Re:Linux from Scratch? (Score:1)
Making a bootable CD is not hard, you could take something like Toms bootdisk, burn it as the Bootable ISO Image, stick ALFS, the source packages or binaries just in tarballs on the CD, bootup, format+partition (which can be automated too, it isn't hard once you understand the Linux Boot up system with SysVinit), mount the new partition, mount the cd, untar/start compiling.
As for everyone saying that you should stick with a distrobution, i don't think they have any idea what it's like having 1000+ computers (that are not all in one place) running a distrobution and having to take the time to _clean up_ after the maintainers, it's plain disgusting, with LFS at least, your at the bare minimun, and it's quite complete for the average system, adding X, KDE2, XMMS, RealPlayer, Netscape, Star Office, Word Perfect, ApplixWare, etc is just easy and very clean compared to a "all-in-one-box" like most distrobutions are (don't get me wrong, you could do it that way, but for my 2 desktops and 2 servers, it's easier todo it from scratch, as i spend just _as much_ time doing it ala LFS then doing it with MDK, RH, Deb, Slack, and stripping it down then rebuilding it)
Anyways, i'm just mumbling, keep an eye out on LFS/ALFS slashdot, we are going back to the roots of a Linux system and making it clean and KISS.
Re:Debian is nearly ideal for this (Score:2)
Think that could come in handy?
--
Don't forget the most important utility (Score:1)
Re:Linux from Scratch? (Score:1)