Well I guess I'll try to start a discussion about what would be needed
for an ISP distribution, and present a basic primer to how I run my
systems as an example of needs or things to keep in mind developing an
ISP distribution that can meet a wide variety of needs.
I think it might be easier to develop and maintain ISP specific
meta-packages, as Ben Lisle suggested? Would he be willing to put his
existing meta-packages on the open market for community review and
maintenance?
Meta-Packages that reflect my deployments would include:
Qmail-MX-scanner (options for NFS, local, and qmtp delivery)
(vpopmail, djbdns, qmail-scr, qmail-scanner, spamassassin,
ClamAV)
Qmail-mailstore-admin
(vpopmail, mysql, qmail-src, apache-ssl, vqadmin, qmailAdmin,
qmailMrtg)
Qmail-POP/Imap(options for delivery from localhost or nfs)
(vpopmail, qmail-src, courier imap, imp/horde)
listserv-exim ( exim4, mailman, majordomo, majorcool, mhonarc)
listserv-qmail( qmail, mailman, ezmlm, majordomo, majorcool, mhonarc)
Webserver(apache, suPHP, fastcgi, mod_perl, mod_ssl, zope/plone,
awstats, )
MediaServer(icecast2, Darwin, Helix)
DNS-primary (djbdns, VegaDNS, mysql)
DNS-secondary (djbdns)
Radius-primary (freeRadius, DialupAdmin, mysql)
Radius-Secondary (freeRadius, mysql)
Admin-backup (mysql, rsnapshot, phpMyadmin, snort, mrtg, spong )
One advantage of an ISP specific branch of Debian may be a quicker
release cycle since, hopefully, it will depend on fewer packages, and
the bug squashing will be easier. The slow release cycle has been the
biggest problem for me as a systems administrator. It is difficult to
keep your product line up to date and services up to date, when you are
working with outdated packages. I finally gained enough trust in testing
and moved over most of my production servers which has alleviated this
problem, but I expect I will have it again in a year or two.
Other expectations I would have of an ISP friendly distribution of
debian would be a cluster friendly file system layout, and a set of
shell scripts for managing users, ftp, and web accounts. Currently
I use a layout along the lines of /var/www/domains/a/adomain.com/,
/var/www/usersite/u/username/, /var/media/qt/a/auser,
/var/media/real/a/user
With symlinks from the users home directory ~/domains/adomain.com ->
domains owned by user, ~/public_html->usersite, ~/media/real/ -> real
server content dirs, ~media/Darwin/ -> Darwin content dirs
I only have to provide shell access on particular servers and users can
manage data for all of their services via nfs or your shared file system
of choice. I do not have a central authentication architecture in place,
currently, just keep uids/permissions etc in line across servers via
shell scripts && ssh). I haven't clustered anything besides my mail
services yet(still trying to figure out how to best implement
everything), but I am currently looking into LVS, and looking for a good
low-budget filer/nfs setup to start-with.
I think it is something to keep in mind for allowing ISPs to have an
easy expansion path to meet growth.
I'm sure there are people out there with better method of implementing
this, or maybe better ideas about going about this kind of work, but
this seems to work pretty well for my small ISP, but I'm relatively in
experienced at this job and kind of hack it together as I go to in
attempts to keep legacy customers happy, provide the widest possible
base of services and options, keep up with current applications, and
make an attempt at maintaining the security of my network. Any feedback,
ideas, or suggestions are greatly appreciated.
.darrel.
> -----Original Message-----
> From: Jonathan G [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 16, 2004 6:12 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Defining ISP?
>
> Well, we can start reading the following documents about how to create
a
> CDD (Custom Debian Distribution):
>
> - http://wiki.debian.net/index.cgi?CustomDebian
> - http://alioth.debian.org/projects/cdd/
> -
> http://people.debian.org/~tille/debian-med/talks/paper-cdd/debian-
> cdd.html/
> - http://people.debian.org/~kalfa/cdd/debian-devel
>
>
> BR,
>
> jonathan
>
>
>
> shift wrote:
> > hej J.
> >
> > Me I'd like to be in it.
> >
> > shift
> >
> >
> > ----- Original Message -----
> > From: "Jonathan G" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, September 15, 2004 12:42 PM
> > Subject: Re: Defining ISP?
> >
> >
> >
> >>I would be so please with the help of the phorun to propose open a
new
> >>branch into the Debian community dedicated to ISP.
> >>
> >>Whom of you're interested??
> >>
> >>BR,
> >>
> >>jonathan
> >>
> >>
> >>
> >>
> >>shift wrote:
> >>
> >>
> >>> The idea seems still interesting to me 2 days after the week-end!
> ( Did
> >>>some definitive dammage happen? :)
> >>>I imagine an install, giving possibilities of Raid, backup,
replication,
> >>>networking etc from the start, all necessary tools and programs, in
a
> >>>compact, easy to use distribution with some "ncursed" ISP specific
> >>>administration tools. Something secure, minimalistic (I like the
word
> >
> > and
> >
> >>>the concept) and with some optimization possibilities.
> >>>does-it still seem confuse? Is it "une idee farfelue"?
> >>>
> >>>shift
> >>>
> >>>----- Original Message -----
> >>>From: "Jonathan G - Mailing Lists" <[EMAIL PROTECTED]>
> >>>To: <[EMAIL PROTECTED]>
> >>>Sent: Tuesday, September 14, 2004 3:39 PM
> >>>Subject: Re: Defining ISP?
> >>>
> >>>
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>what i used to do is install a base system and then install some
of
> the
> >>>>package packs i've defined.
> >>>>
> >>>>For example, if what i want is install a web server with php %
perl
> >>>>support i use a config file what i've defined myself which
contains
> >
> > this:
> >
> >>>>
> >>>>apt-get install apache2-common apache2-mpm-prefork
> >>>>libapache2-mod-auth-mysql libapache2-mod-perl2 php4-common
> >>>>libmailtools-perl libhtml-format-perl bzip2 file
libio-socket-ssl-perl
> >>>>ca-certificates libapache2-mod-php4 php4-mysql php4-pear
> >>>>
> >>>>
> >>>>For the rest of services exactly the same. I'v defined manually
the
> >>>>whole list of packages needed for web server, ftp server, irc
server,
> >>>>mail server (smtp, pop and imap), antivirus server, etc...
> >>>>
> >>>>If you can build a local mirror of you version of debian, i.e.
sarge,
> >>>>you can do local network installations, and your installs will be
so
> >
> > fast.
> >
> >>>>That work fine for me at least :)
> >>>>
> >>>>BR,
> >>>>
> >>>>jonathan
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>Christian Hammers wrote:
> >>>>
> >>>>
> >>>>
> >>>>>On 2004-09-14 shift wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Thinking maybe of a an ISP specific install. Lighter and even
more
> >>>>>>secure. A minimalistic distribution...
> >>>>>
> >>>>>
> >>>>>Most ISP will probably have different servers for the different
> >
> > services
> >
> >>>and on each of them they will start with a secure base install with
as
> >
> > few
> >
> >>>software installed as possible and then just install
> >
> > apache/postfix/proftpd
> >
> >>>whatever they need and customize it.
> >>>
> >>>
> >>>>>I don't see a big bonus in a special ISP distribution. A better
> >>>
> >>>integration of iptables firewalls, vlans or traffic shapers would
be
> >
> > nice
> >
> >>>but that's nothing ISP specific.
> >>>
> >>>
> >>>>>bye,
> >>>>>
> >>>>>-christian-
> >>>>>
> >>>>>P.S.: pbuilder is a nice tool to build minimal installations that
you
> >>>
> >>>can just untar onto a new harddisk
> >>>
> >>>
> >>>>--
> >>>>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> >>>>with a subject of "unsubscribe". Trouble? Contact
> >>>
> >>>[EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>
> >>--
> >> :::: Jonathan Gonzalez Fernandez ::::
> >>
> >> (o> mail : [EMAIL PROTECTED]
> >> //\ jabber: [EMAIL PROTECTED]
> >> V_/ site : www.surestorm.com
> >>
> >> ::: Registered Linux User #333386 :::
> >>
> >>
> >>--
> >>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> >>with a subject of "unsubscribe". Trouble? Contact
> >
> > [EMAIL PROTECTED]
> >
> >>
> >
> >
> >
>
> --
> :::: Jonathan Gonzalez Fernandez ::::
>
> (o> mail : [EMAIL PROTECTED]
> //\ jabber: [EMAIL PROTECTED]
> V_/ site : www.surestorm.com
>
> ::: Registered Linux User #333386 :::
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
>
> --
> Incoming mail is certified Virus Free.
> Checked by AVG Anti-Virus (http://www.grisoft.com).
> Version: 7.0.269 / Virus Database: 264.9.0 - Release Date: 9/13/2004
>
--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.269 / Virus Database: 264.9.1 - Release Date: 9/15/2004
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
