-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/02/13 09:37, Philipp Gassmann wrote: > Ballock asked me for some explanation on our Desktop Setup. See > below for the questions. > > The Setup is designed as a one-time setup. Without configuration > management. There are two scripts. one is executed directly after > installation, before shutdown. There I add some additional software > and sources. If an nvidia-graphics card is detected, I install the > proprietary driver (nvidia-current-updates), by default Ubuntu > installs the open source nouveau driver and on first login asks for > installation of additional drivers. The RESOURCES Variable is just > the first part of the http URL where I download some files. e.g. > the script 2 or templates, so I can use wget $RESORURCE/script2.sh. > It is nowhere used in the published script because I replaced the > URL and removed things like the templates. I'll remove that. > > Skript 2: User-setup: Script 2 is a interactive script which runs > in a X screen where I use zenity for user Input. It is started by a > custom upstart job which hooks in on "starting-dm" i.e. before > lightdm (login-screen) is started. The script then launches the X > Server, and a gnome-terminal on the X screen, which launches the > same script again with "stage2" as parameter, that's the part with > the graphical queries. > > Disk Encryption: The Preseed file sets a temporary password. And in > the User Setup script, a Sys-Admin has to enter the default > password, which is veryfied by the hash. Then the temporary > password is replaced with the default admin password and the users > password is added as an additional passphrase. Like that we have > the same admin password on every machine (for emergency access or > whatever). I like the Idea of ballock to generate a passphrase and > upload that to a central server, where it can be looked up if > needed. How exactly do you do that?
Several people/organisations on this list have written their own tools to do such a task, there is also a third party toolset which has been developed for this purpose (amongst others). http://www.gazzang.com/products/zescrow Enjoy. > Cheers, Philipp > > > > Am 15.02.2013 08:58, schrieb Bolesław Tokarski: >> Hi Philipp, >> >> Ok, I can elaborate a bit on this. >> >> The seed file and the scripts are working in your company and >> this is good, as the reader (myself) knows that these actually >> work fine there. >> >> However, what suited your company may not be the best fit for >> somebody else, so what he (me) does is he tries to read what you >> achieved and use the parts that apply. I can read shell code, so >> I am in a good position to find out, but it's not always >> obvious. >> >> For example, as I read Skript 1: ubuntu-desktop-bootstrap.sh I >> can see a RESOURCES variable definition and this suggests that I >> should have a webserver running that provides some variables. >> Later on I see that you install additional gpu and wlan drivers, >> but I do not know the reason for it. I thought Ubuntu installs >> the drivers on its own. >> >> In Skript 2: ubuntu-desktop-bootstrap-user.sh I come to a halt, >> as I believe you set up your environment in a X-server window and >> I can't find a reason for it. I guess that either you are not >> using central authentication server but set up users manually, >> manage crypted LVM and/or do some other magic. >> >> The environment you describe looks pretty refined, so I would >> love to read some background/introduction before getting into the >> actual scripts. The good thing about the scripts is that you put >> in a lot of comments, so each action is described at least with a >> minimal comment. I am particularly interested in the HDD password >> management part, as I know we needed to do a similar tool and >> upload a backup password to a central server. >> >> That put aside, during our phonecall I believe you mentioned >> someting about you using Puppet for Configuration Management? I >> found that some of your tweaks we did with CFEngine and I can >> tell you there is a number of benefits from doing it from a CM >> instead of from a post-install script. >> >> Cheers, Ballock >> >> >> On 02/14/2013 03:42 PM, Philipp Gassmann wrote: >>> Hi Ballock >>> >>> What do you mean by "and I would use some comment on what you >>> achieved with them. " ? >>> >>> >>> Am 14.02.2013 14:39, schrieb Bolesław Tokarski: >>>> Hello, Philipp, >>>> >>>> It's great to see you made it and it works for you :) >>>> >>>> I had a glimpse at both the preseed site and the scripts and >>>> I see the seed file resembling the one we use. However, the >>>> additional scripts are interesting and I would use some >>>> comment on what you achieved with them. >>>> >>>> Cheers, Ballock >>>> >>>> On 02/14/2013 02:15 PM, Philipp Gassmann wrote: >>>>> Hello Everyone >>>>> >>>>> Some time ago I asked for help about automating Ubuntu >>>>> Desktop Installation. In the meantime I finished the Setup >>>>> and it works great. >>>>> >>>>> Now i published the full preseed file including the scripts >>>>> I use to configure the system for the User. >>>>> >>>>> https://wiki.ubuntu.com/Enterprise/WorkstationAutoinstallPreseed >>>>> >>>>> I removed some specifics, but I kept much possibly useful information >>>>> and details. >>>>> >>>>> Greetings from Switzerland, Philipp Gassmann >>>>> >>>>> Am 04.01.2013 09:40, schrieb Philipp Gassmann: >>>>>> Hello everyone >>>>>> >>>>>> I'm looking for a nice way to set up Ubuntu Desktop on >>>>>> Notebooks for our Company. >>>>>> >>>>>> Till now we've been using Fedora and automated >>>>>> installation over PXE with Cobbler and Kickstart. >>>>>> >>>>>> We want encryption for /home /tmp /swap. We used full >>>>>> disk encryption with LVM an luks/cryptsetup. >>>>>> >>>>>> Fedora uses Anaconda and Kickstart files that make it >>>>>> easy to automate the full installation process, including >>>>>> disk encryption, package installation and post-scripts. >>>>>> We're using a custom firstboot script to set up the user >>>>>> and add his password to cryptsetup. >>>>>> >>>>>> I was looking for ways to integrate Ubuntu Desktop >>>>>> Staging into our existing Cobbler PXE Setup (on CentOS) >>>>>> but I could only find fragments and not much on 12.04. A >>>>>> lot of the information is incomplete or outdated (11.10 >>>>>> or earlier) >>>>>> https://help.ubuntu.com/community/Installation/Netboot >>>>>> http://michaeldehaan.net/post/39496835943/experiences-with-cobbler-deploying-ubuntu-precise >>>>>> >>>>>> >>>>>> >>>>>> Does Ubuntu save the answers / preseed file when installing manually? >>>>>> Couldn't find the information on the installed system or >>>>>> during installation. Fedora generates a kickstart file >>>>>> you can then reuse to set up other systems. >>>>>> >>>>>> What do you use/recommend for desktop installation? >>>>>> >>>>>> It would be great if some more detailed information could >>>>>> be found on the Enterprise Ubuntu Wiki. >>>>>> https://wiki.ubuntu.com/Enterprise/Needs >>>>>> >>>>>> Our needs: >>>>>> >>>>>> - Fully automated - Network Boot (PXE) - Integration in >>>>>> current Cobbler Setup - Encrypted Disk - Custom package >>>>>> selection - Script to set up printers etc. - Firstboot >>>>>> User setup (OEM-Install option?) >>>>>> >>>>>> Thank you >>>>>> >>>>>> Philipp Gassmann >>>>>> >>>>>> Puzzle ITC GmbH http://www.puzzle.ch >>>>>> >>>>>> Telefon +41 31 370 22 00 Direkt +41 31 370 22 13 Fax >>>>>> +41 31 370 22 01 >>>>>> >>>>>> Werfen Sie einen Blick in unseren Blog: >>>>>> http://www.puzzle.ch/blog >>>>>> >>>>>> > > - -- Cheers, Dave Russell Global Sales Engineering Manager Canonical Mobile +44 (0) 787 298 5998 GPG FPR: 050C DFF1 08FC E3E5 FC88 CEDB 65B7 66C7 2C2E DE51 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRHgKVAAoJEGW3ZscsLt5RhtkH/i0mUomSqT8q0ewJCc31VqXi u7iSLBn8T1GrVBlcoZwX396McxgNAm1pWUa2pMKSs9dmLRxpVSm5oOE+eAewYOR+ FiFC87cDs+0jWPNtsMYw/sE1uPGLHr8geDu0n+D0zcn+sd21EuabZ4zxrMeN+VJW qlbMzabIB+38wF/xf81EqMFX/jNB2C714xKtaBbN5vlpKHzKo/kSzM4nfm+Z7O1z I2mHIYzAB21tqXqmmt9Z5PUlSm7JC13uHM0POwi8rUJ3d1CbQ3afT8h2V9ue0Sfd M1H/Yz+YfI6J+lT03gpOTla56BF0Kdfxuh7HL5Vkr2pIgiObU3ehy9R6UHCPsxE= =vlOS -----END PGP SIGNATURE----- -- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
