----- Original Message ----- From: "Darrel O'Pry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 16, 2004 5:35 PM Subject: RE: Defining ISP?
> Well I guess I'll try to start a discussion about what would be needed > for an ISP distribution, and present a basic primer to how I run my > systems as an example of needs or things to keep in mind developing an > ISP distribution that can meet a wide variety of needs. > > > I think it might be easier to develop and maintain ISP specific > meta-packages, as Ben Lisle suggested? Would he be willing to put his > existing meta-packages on the open market for community review and > maintenance? > > Meta-Packages that reflect my deployments would include: > > Qmail-MX-scanner (options for NFS, local, and qmtp delivery) > (vpopmail, djbdns, qmail-scr, qmail-scanner, spamassassin, > ClamAV) > Qmail-mailstore-admin > (vpopmail, mysql, qmail-src, apache-ssl, vqadmin, qmailAdmin, > qmailMrtg) > Qmail-POP/Imap(options for delivery from localhost or nfs) > (vpopmail, qmail-src, courier imap, imp/horde) > > listserv-exim ( exim4, mailman, majordomo, majorcool, mhonarc) > listserv-qmail( qmail, mailman, ezmlm, majordomo, majorcool, mhonarc) > > Webserver(apache, suPHP, fastcgi, mod_perl, mod_ssl, zope/plone, > awstats, ) > > MediaServer(icecast2, Darwin, Helix) > > DNS-primary (djbdns, VegaDNS, mysql) > DNS-secondary (djbdns) > > Radius-primary (freeRadius, DialupAdmin, mysql) > Radius-Secondary (freeRadius, mysql) > > Admin-backup (mysql, rsnapshot, phpMyadmin, snort, mrtg, spong ) > > > > One advantage of an ISP specific branch of Debian may be a quicker > release cycle since, hopefully, it will depend on fewer packages, and > the bug squashing will be easier. The slow release cycle has been the > biggest problem for me as a systems administrator. It is difficult to > keep your product line up to date and services up to date, when you are > working with outdated packages. I finally gained enough trust in testing > and moved over most of my production servers which has alleviated this > problem, but I expect I will have it again in a year or two. > > Other expectations I would have of an ISP friendly distribution of > debian would be a cluster friendly file system layout, and a set of > shell scripts for managing users, ftp, and web accounts. Currently > I use a layout along the lines of /var/www/domains/a/adomain.com/, > /var/www/usersite/u/username/, /var/media/qt/a/auser, > /var/media/real/a/user > > With symlinks from the users home directory ~/domains/adomain.com -> > domains owned by user, ~/public_html->usersite, ~/media/real/ -> real > server content dirs, ~media/Darwin/ -> Darwin content dirs > > > I only have to provide shell access on particular servers and users can > manage data for all of their services via nfs or your shared file system > of choice. I do not have a central authentication architecture in place, > currently, just keep uids/permissions etc in line across servers via > shell scripts && ssh). I haven't clustered anything besides my mail > services yet(still trying to figure out how to best implement > everything), but I am currently looking into LVS, and looking for a good > low-budget filer/nfs setup to start-with. > > I think it is something to keep in mind for allowing ISPs to have an > easy expansion path to meet growth. > > I'm sure there are people out there with better method of implementing > this, or maybe better ideas about going about this kind of work, but > this seems to work pretty well for my small ISP, but I'm relatively in > experienced at this job and kind of hack it together as I go to in > attempts to keep legacy customers happy, provide the widest possible > base of services and options, keep up with current applications, and > make an attempt at maintaining the security of my network. Any feedback, > ideas, or suggestions are greatly appreciated. > > .darrel. > > > > > -----Original Message----- > > From: Jonathan G [mailto:[EMAIL PROTECTED] > > Sent: Thursday, September 16, 2004 6:12 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Defining ISP? > > > > Well, we can start reading the following documents about how to create > a > > CDD (Custom Debian Distribution): > > > > - http://wiki.debian.net/index.cgi?CustomDebian > > - http://alioth.debian.org/projects/cdd/ > > - > > http://people.debian.org/~tille/debian-med/talks/paper-cdd/debian- > > cdd.html/ > > - http://people.debian.org/~kalfa/cdd/debian-devel > > > > > > BR, > > > > jonathan > > > > > > > > shift wrote: > > > hej J. > > > > > > Me I'd like to be in it. > > > > > > shift > > > > > > > > > ----- Original Message ----- > > > From: "Jonathan G" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, September 15, 2004 12:42 PM > > > Subject: Re: Defining ISP? > > > > > > > > > > > >>I would be so please with the help of the phorun to propose open a > new > > >>branch into the Debian community dedicated to ISP. > > >> > > >>Whom of you're interested?? > > >> > > >>BR, > > >> > > >>jonathan > > >> > > >> > > >> > > >> > > >>shift wrote: > > >> > > >> > > >>> The idea seems still interesting to me 2 days after the week-end! > > ( Did > > >>>some definitive dammage happen? :) > > >>>I imagine an install, giving possibilities of Raid, backup, > replication, > > >>>networking etc from the start, all necessary tools and programs, in > a > > >>>compact, easy to use distribution with some "ncursed" ISP specific > > >>>administration tools. Something secure, minimalistic (I like the > word > > > > > > and > > > > > >>>the concept) and with some optimization possibilities. > > >>>does-it still seem confuse? Is it "une idee farfelue"? > > >>> > > >>>shift > > >>> > > >>>----- Original Message ----- > > >>>From: "Jonathan G - Mailing Lists" <[EMAIL PROTECTED]> > > >>>To: <[EMAIL PROTECTED]> > > >>>Sent: Tuesday, September 14, 2004 3:39 PM > > >>>Subject: Re: Defining ISP? > > >>> > > >>> > > >>> > > >>> > > >>>>Hi, > > >>>> > > >>>>what i used to do is install a base system and then install some > of > > the > > >>>>package packs i've defined. > > >>>> > > >>>>For example, if what i want is install a web server with php % > perl > > >>>>support i use a config file what i've defined myself which > contains > > > > > > this: > > > > > >>>> > > >>>>apt-get install apache2-common apache2-mpm-prefork > > >>>>libapache2-mod-auth-mysql libapache2-mod-perl2 php4-common > > >>>>libmailtools-perl libhtml-format-perl bzip2 file > libio-socket-ssl-perl > > >>>>ca-certificates libapache2-mod-php4 php4-mysql php4-pear > > >>>> > > >>>> > > >>>>For the rest of services exactly the same. I'v defined manually > the > > >>>>whole list of packages needed for web server, ftp server, irc > server, > > >>>>mail server (smtp, pop and imap), antivirus server, etc... > > >>>> > > >>>>If you can build a local mirror of you version of debian, i.e. > sarge, > > >>>>you can do local network installations, and your installs will be > so > > > > > > fast. > > > > > >>>>That work fine for me at least :) > > >>>> > > >>>>BR, > > >>>> > > >>>>jonathan > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>>Christian Hammers wrote: > > >>>> > > >>>> > > >>>> > > >>>>>On 2004-09-14 shift wrote: > > >>>>> > > >>>>> > > >>>>> > > >>>>>>Thinking maybe of a an ISP specific install. Lighter and even > more > > >>>>>>secure. A minimalistic distribution... > > >>>>> > > >>>>> > > >>>>>Most ISP will probably have different servers for the different > > > > > > services > > > > > >>>and on each of them they will start with a secure base install with > as > > > > > > few > > > > > >>>software installed as possible and then just install > > > > > > apache/postfix/proftpd > > > > > >>>whatever they need and customize it. > > >>> > > >>> > > >>>>>I don't see a big bonus in a special ISP distribution. A better > > >>> > > >>>integration of iptables firewalls, vlans or traffic shapers would > be > > > > > > nice > > > > > >>>but that's nothing ISP specific. > > >>> > > >>> > > >>>>>bye, > > >>>>> > > >>>>>-christian- > > >>>>> > > >>>>>P.S.: pbuilder is a nice tool to build minimal installations that > you > > >>> > > >>>can just untar onto a new harddisk > > >>> > > >>> > > >>>>-- > > >>>>To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > >>>>with a subject of "unsubscribe". Trouble? Contact > > >>> > > >>>[EMAIL PROTECTED] > > >>> > > >>> > > >>> > > >>> > > >> > > >>-- > > >> :::: Jonathan Gonzalez Fernandez :::: > > >> > > >> (o> mail : [EMAIL PROTECTED] > > >> //\ jabber: [EMAIL PROTECTED] > > >> V_/ site : www.surestorm.com > > >> > > >> ::: Registered Linux User #333386 ::: > > >> > > >> > > >>-- > > >>To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > >>with a subject of "unsubscribe". Trouble? Contact > > > > > > [EMAIL PROTECTED] > > > > > >> > > > > > > > > > > > > > -- > > :::: Jonathan Gonzalez Fernandez :::: > > > > (o> mail : [EMAIL PROTECTED] > > //\ jabber: [EMAIL PROTECTED] > > V_/ site : www.surestorm.com > > > > ::: Registered Linux User #333386 ::: > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > -- > > Incoming mail is certified Virus Free. > > Checked by AVG Anti-Virus (http://www.grisoft.com). > > Version: 7.0.269 / Virus Database: 264.9.0 - Release Date: 9/13/2004 > > > > -- > Outgoing mail is certified Virus Free. > Checked by AVG Anti-Virus (http://www.grisoft.com). > Version: 7.0.269 / Virus Database: 264.9.1 - Release Date: 9/15/2004 > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
