Standardizing & Automating

Enterprise Deployments of
Debian GNU/Linux

LinuxWorld Conference 2005

September 14 - 16, 2005
Makati City, Philippines

Federico Sevilla III

GNU/Linux Specialist – Q Software Research Corp.
Information Technology Director – The Leather Collection, Inc.
 What is Debian?
● Debian as a Universal Operating System
– 15,490 precompiled software with Sarge (3.1)
– 12 officially supported architectures
● IA-32, IA-64, AMD64, PowerPC, Alpha, SPARC
● ARM, m68k, MIPS (mips and mipsel), HP PA-
RISC, S/390

– GNU/Linux, GNU/Hurd, GNU/NetBSD,

GNU/kFreeBSD
 What is Debian?
● Debian as a Mother Distribution
– Base for a number of popular distributions
● Ubuntu, Knoppix, Libranet

– Base for internal custom distributions

● Debian Jr., Debian-Med, Debian-Edu, Debian
Desktop, Debian-Lex, Debian-NP, Debian
Accessibility, Debian Enterprise, Demudi
 What is Debian?
● Debian as a Community
– 1,682 project participants
● 1,618 independent package maintainers
● 64 package maintenance teams

– Collaboration through mailing lists and IRC

● 28,588 subscribers of debian-announce
● 4,772 subscribers of debian-devel-announce

– Developers all over the world (see map)

Debian Developers
All Over The World
 Why Debian?
● Debian as a Community-Driven Effort
– Proven by time: 12 years and counting
– “For the community, by the community.”
– Largely unaffected by the dot-com burst and
corporate agenda driven restructuring
– Guided by Debian’s Social Contract with the
Free Software Community
 Social Contract with the
Free Software Community

● Debian will remain 100% free.

● We will give back to the free software community.
● We will not hide problems.
● Our priorities are our users and free software.
● [We will make provisions for] Works that do not
meet our free software standards.
 Why Debian?
● Debian means Quality Assurance
– Strict policy guidelines for Debian packages
– Strict adherence to the Debian Free Software
Guidelines (DFSG)
– Peer review and “fraternal correction” within
the Debian Developer community
 Why Debian?
● Tried and Tested Approach
– History of major Debian releases

● 06/17/1996 – 1.1 “Buzz” ● 03/09/1999 – 2.1 “Slink”

● 12/12/1996 – 1.2 “Rex” ● 08/15/2000 – 2.2 “Potato”
● 06/02/1997 – 1.3 “Bo” ● 07/19/2002 – 3.0 “Woody”
● 07/24/1998 – 2.0 “Hamm” ● 06/06/2005 – 3.1 “Sarge”

– Minor releases in between

 Why Debian?
● Tried and Tested Approach
– Timely security updates
● Managed by the Debian Security Team
● 48-hour turnaround time for security updates
● Support for the old stable distribution up to one
year from the release of the next stable
distribution, except when another stable
distribution is released within the year
 Why Debian?
● Robust Package Management System
– dpkg for low-level package management
– apt for higher-level dependency and
repository management
– Well-tested and documented upgrade path
between stable distribution releases
– Just WorksTM upgradability for security
updates for a stable distribution
 What is FAI?
● Fully Automatic Installation System for
Debian GNU/Linux
● Part of the Debian stable distribution
● Uses standard Debian and GNU tools
– dpkg, apt-get, aptitude
– shell, Perl, expect, cfengine
 Why FAI?
● Class-based configuration
– Share common configuration details
– Define custom classes by IP address,
host/domain name, or menu-driven user input
– Support multiple hardware and software
installation profiles
– “Self-document” the standardization of the
installation profiles
 Why FAI?
● Fully customizable
– Default behavior can be modified through
hooks
● Provides a central repository for all
standardized configuration information
● Scales to hundreds of installation clients
● Network- and CD-based installation
 Why FAI?
● Central network-wide monitoring of
installation progress and status
● Central storage of detailed installation logs
● Remote access of installation clients
during installation process via SSH
● Support for soft updates – updating an
existing setup instead of overwriting it
 Why FAI?
● Supports the 2.4 and 2.6 Linux kernels
● Supports multiple architectures
– IA-32, IA-64, AMD64
– PowerPC, Alpha, SPARC
● Flexible disk configuration engine
– Supports dynamic partition sizing
– Supports ext2, ext3, ReiserFS and XFS
 How? FAI Basics.
● Prerequisite network services
– Debian apt repository
● Improve performance using a local mirror
● Use a local apt repository for in-house applications
● Serve packages via HTTP, FTP or NFS

– NFS Server
– DHCP or BOOTP Server
– TFTP Server
 How? FAI Basics.
● Planning your installation
– Network
● Collecting and recording MAC addresses
● Naming and IP addressing schemes for clients
● Network bandwidth requirement during installation
● Physical LAN topology

– Installation server
 How? FAI Basics.
● Planning your installation
– Target hardware
● Support for PXE network booting
● Hard drive sizes
● RAM sizes
● Unique kernel requirements
● Uniformity or non-uniformity of hardware
 How? FAI Basics.
● Planning your installation
– Target configurations
● Hard drive partitioning
● Filesystems to be preserved during updates
● Remote filesystems to be mounted automatically
● Software to be installed
● Configuration requirements of software
● Authentication policies – central or local
 How? Configuration.
● /etc/fai/
– fai.conf
– make-fai-nfsroot.conf
– sources.list
● FAI boot kernel
● NFS root directory
 How? Configuration.
● Configuration space
– class/
● Definition of variables
– Encrypted root password
– Timezone settings
– Console font and keyboard settings
– Installation monitor server address
● Definition of installation classes
● Use $HOSTNAME, $DOMAIN, dialog, et al
 How? Configuration.

#!/bin/sh
case $HOSTNAME in
demohost)
echo "FAIBASE DHCPC DEMO" ;;
gnomehost)
echo "FAIBASE DHCPC DEMO XFREE GNOME";;
*)
echo "FAIBASE DHCPC" ;;
esac
exit 0
 How? Configuration.
● Configuration space
– disk_config/
● Handles partitioning, filesystem creation and
filesystem preservation
● Follows defined classes
● Can be overridden using a custom hook – useful
for configuring software RAID or LVM
 How? Configuration.
# generic disk configuration for one small disk
# disk size from 500Mb up to what you can buy today
#
# <type> <mp> <size> [mount opt][;extra options]

disk_config disk1
primary / 70-200 rw ; -c xfs
logical swap 40-500 rw
logical /var 90-1000 rw ; xfs
logical /tmp 50-1000 rw ; xfs
logical /usr 200-4000 rw ; xfs
logical /home preserve9 rw,nosuid ; xfs lazyformat
 How? Configuration.
● Configuration space
– package_config/
● Packages to be installed, using apt commands
– hold to not upgrade a package
– install to install using apt
– remove to remove using apt
– taskinst to install packages belonging to a task
– aptitude to install using aptitude
– aptitude-r to install with recommended packages
– dselect-upgrade to use package selections
 How? Configuration.
PACKAGES install I386
memtest86+ kernel-image-2.4-386
PACKAGES aptitude DHCPC
dhcp3-client
PACKAGES aptitude GRUB
grub lilo-
PACKAGES aptitude LILO
lilo grub-
PACKAGES aptitude-r GERMAN
german
PACKAGES aptitude-r FAISERVER
fai fai-kernels mknbi dhcp3-server tftpd-hpa
rsh-server wget syslinux debmirror tcpdump
 How? Configuration.
● Configuration space
– files/
● Files to be copied over to installation targets using
fcopy
● Parent directories and file are directories which
contain files named using class names
– scripts/
● Scripts to copy files and configure applications
● Directories and scripts named using class names
 How? Configuration.
#!/bin/sh
if ifclass FAISERVER
then
fcopy -M /boot/fai/pxelinux.cfg/default
fcopy -m root,root,0600 /etc/default/dhcp3-server
fcopy -M /etc/default/tftpd-hpa
fcopy -M /etc/dhcp3/dhcpd.conf
fcopy -M /etc/exports
fcopy -M -r /etc/fai
$ROOTCMD mkdir /opt/fai
$ROOTCMD rsync rsync://faiserver/fai/ /opt/fai
fi
 How? Configuration.
● Configuration space
– debconf/
● Stores data for debconf
● Uses the format used by debconf-set-selections
– hooks/
● Scripts to override default tasks
 We Want More!
● Custom Debian Packages
– Must read: Debian New Maintainers’ Guide
– Step 1: Debianize with dh_make
●
dh_make -e [email protected] -f ../app-0.99.tar.gz

– Step 2: Modify contents of debian/ directory

– Step 3: Build your new package
●
debian/rules build && debian/rules binary
 We Want More!
● Custom apt Repositories
– Must read: Debian Repository HOWTO
– Managing trivial repositories:
●
dpkg-scanpackages binary /dev/null | gzip >
binary/Packages.gz
●
dpkg-scansources source /dev/null | gzip >
source/Sources.gz
 We Want More!
● Local apt mirrors with apt-mirror
– Configuration format similar to apt’s sources
– Can mirror any apt source
– Never produces an inconsistent mirror
● Downloads all packages before updating the
associated control files

– Uses apt’s control files to know which

packages need to be downloaded
 Online Resources
● Debian Website – http://www.debian.org
● Debian New Maintainers’ Guide –
http://www.debian.org/doc/manuals/maint-guide
● Debian Repository HOWTO –
http://www.debian.org/doc/manuals/repository-howto
● FAI Website – http://www.informatik.uni-koeln.de/fai/
● FAI Wiki – http://faiwiki.informatik.uni-koeln.de
● Apt-Mirror – http://apt-mirror.sourceforge.net
 FAI in the Philippines
● Shopwise – Rustan Supercenters, Inc.
– Araneta Center, Cubao, Quezon City
– Festival Supermall, Alabang, Muntinlupa City
– Harrison Plaza, Pasay City
– Antipolo City
● Goldilocks Bakeshop, Inc.
 Contact Information

Federico Sevilla III

GNU/Linux Specialist
Q Software Research Corp.

Tel: +63 (2) 747-3994 Fax: +63 (2) 747-9032

Email: [email protected] YM: JijoSevilla
Website: http://jijo.free.net.ph http://www.qsr.com.ph