Linux Desktop Automation

Linux Desktop Automation

Rui LapaSenior Linux System Administrator

MeOutsourcerFreelancer

Linux NewbiesJunior SysAdmin2010-04 2013-07 2014-09

TeamMicro TeamAlmost 6 years

Senior SysAdmin 2014-122009-02

Central Farm

Solutions3 DifferentLAN and Internet

Laptops Local Stations

800x

17x

2x

IBM HS2120x

ServersProduction/Tests and SupportReal and Virtual

WebDBDNSCloningLocal MirrorRadiusVPNWi-FiPrintMonitoringDeploymentAutomationLBDesktops...

Work StationUsers ViewDesktop

Applications

Work StationHelp Desk ViewShared

5x Service Desk 5x Field Support

Applications Settings

Manager

Work StationVirtual View System AdministratorOperating System?

Applications Settings Operating System

Work StationReal View System AdministratorTotal management


Updates Global Changes Inventory Validation

User Profile Security Remote Access

Network Profile Operation Automation

Monitoring 3ª Line Help Desk

Administration Solution Architect

Engineering

Project Management

<

Total ManagementZero CostOpen Source

Clone Lapa?


Updates Global Changes Inventory Validation

User Profile Security Remote Access

Network Profile Operation Automation

Monitoring 3ª Line Help Desk

Administration Solution Architect

Engineering

Project Management

DevOpsDevelopmentOperation

DEV OPS

PuppetWhy?Help!

Settings Operating System

- Unix/Windows

- Equipment Access Control (Certificates)

- Team Access Control (Role Based Access Control)

- Puppet Forge

- Easy Learning

- Rules are interpreted in Runtime based on programmable Facts

PuppetForgeApt Puppet Labs


> puppet module install puppetlabs-apt

</etc/puppet>/modules/trusty/manifests/apt.pp

class trusty::apt {

class { '::apt': always_apt_update => false, disable_keys => undef, purge_sources_list => true, purge_sources_list_d => false, purge_preferences_d => false }

apt::key { 'puppetlabs': key => '4BD6EC30', key_server => 'keyserver.ubuntu.com', }

apt::source { 'puppetlabs-trusty': location => 'http://mirror/puppetlabs', release => 'trusty', repos => 'main dependencies', key => '4BD6EC30', key_server => 'keyserver.ubuntu.com', include_src => false, }}

PuppetExample 1Ubuntu Trusty


class trusty::postfix {

package { 'postfix': ensure => latest }

file { '/etc/mailname': notify => Service['postfix'], content => "$::fqdn\n", require => Package['postfix'], }

file { '/etc/postfix/main.cf': ensure => present, mode => '0644', owner => root, group => root, content => template('trusty/postfix/main.cf'), notify => Service['postfix'], require => Package['postfix'], }

service { 'postfix': ensure => running, enable => true, require => Package['postfix'], provider => init, subscribe => [ Package['postfix'], File['/etc/postfix/main.cf'], File['/etc/aliases'] ] }}

PuppetExample 2Common


define model_ppd( $ppd ) {

file { "/etc/cups/provision/ppd/${title}.ppd": ensure => present, mode => '0644', owner => lp, group => lp, source => "puppet:///modules/common/cups/ppd/${ppd}", require => File['/etc/cups/provision/ppd/'] }

}

class common::cups_update_ppd {

file { '/etc/cups/provision/': ensure => directory, mode => '0755', owner => lp, group => lp, }

file { '/etc/cups/provision/ppd/': ensure => directory, mode => '0755', owner => lp, group => lp, require => File['/etc/cups/provision/'] }

model_ppd { 'bizhub36': ppd => 'bizhub36.ppd', }}

PuppetFile SystemGIT

Devs

DEV


Puppetpuppet_node_classifierHistory

Puppet – Dashboard – History

common::userscommon::java

trusty::firefox

radius::freeradius...

OPS


PuppetClassificationDB

Portal / Provision Server – Model/Function/Image

Vivo PC - Trusty - 20140808Vivo PC - Trusty - 20141208

Asus P52F - 20140710PuppetMaster - 20140809

Radius - 20131001...

Puppet – Models

NN

N + N + Filtro Nome

(“serverp.*, server\d{2}", "serverp*, !serverp01", ".*, !serverp01”)

Puppet – Class

common::userscommon::java

trusty::firefox

radius::freeradius ...

DEV

OPS


DevOpsActionsMore Help?

DEV OPS



- Cluster e HA

- Web UI

- Authentication and Authorization

- Message with TTL

- Multiple Client Programming Languages

- AMQP, STOMP, MQTT, HTTP

...

RabbitMQComparisonOther MQs


RabbitMQ is one of the leading implementation of the AMQP protocol (along with Apache Qpid). Therefore, it implements a broker architecture, meaning that messages are queued on a central node before being sent to clients.This approach makes RabbitMQ very easy to use and deploy, because advanced scenarios like routing, load balancing or persistent message queuing are supported in just a few lines of code.However, it also makes it less scalable and “slower” because the central node adds latency and message envelopes are quite big.

ZeroMQ is a very lightweight messaging system specially designed for high throughput/low latency scenarioslike the one you can find in the financial world.Zmq supports many advanced messaging scenarios but contrary to RabbitMQ, you’ll have to implement most of them yourselfby combining various pieces of the framework (e.g : sockets and devices).Zmq is very flexible but you’ll have to study the 80 pages or so of the guide(which I recommend reading for anybody writing distributed system, even if you don’t use Zmq) before being able to do anything more complicated that sending messages between 2 peers.

ActiveMQ is in the middle ground.Like Zmq, it can be deployed with both broker and P2P topologies.Like RabbitMQ, it’s easier to implement advanced scenarios but usually at the cost of raw performance.It’s the Swiss army knife of messaging :-).

Finally, all 3 products:• Have client APIs for the most common languages (C++, Java, .Net, Python, Php, Ruby, …)• Have strong documentation• Are actively supported

(Source: http://stackoverflow.com/questions/731233/activemq-or-rabbitmq-or-zeromq-or)

RabbitMQAutomationsINPUT

Portal / Provision


Actions

Inventory

DNS Update

Help Desk

RabbitMQAutomationsOUTPUT

Portal / Provision


Actions

Passwords Expire Notification

User Profile- Drives- Printers- Applications

Messages

Update local NSS

OPS

RabbitMQRetries and statusMySQL Table

Portal / Provision

MQ - Tasks

TaskTargetCorrelation ID BodyReplyStatusRetriesExpireAuthor


DEV

DevOpsHelp DeskMore Help?

DEV OPS

Help Desk

RabbitMQAutomationsOUTPUT

Portal / Provision


Actions

Profile Recreation

Application Kill

Backup e Restore

Help Desk



Portal / Provision


KnowledgeCentralized and SharedHistory and Inventory

Help DeskCloningUpdates

Help Desk

PXE

CloningRsync + Automation + InventoryLinux e Windows

(Mac + Image + Prefix)→

Nome

Linux/WindowsImagesISOs

OPS

Help Desk

CustomPackages

OfficialMirrors

Images

Mirror

Servers

UpdatesMirrorImages

DEV OPS

PuppetCode ReviewGIT

Admins

DEV


CodeReview

AutomationsOldNot fully updated/migrated

Active Directory

Logon Scripts

Name

Email

Company

Department

Account Expiration Date

Password Expiration Date

Logon Scripts

Printers

Drives Rede

Quota Configured

Quota Usada

Provision

NFS

Data OriginAD + LogonsNFS

Active DirectoryNIS

UID

GID

Shell

Home

Provision

Data DestinationMySQL + SFUUnix Attributes

Printing - Provision - PrintersBD → GIT → PuppetManual

Admins

Portal / ProvisionPrinter

BrandModelLocationIPMacPPD FileDefault Settings

Radius

RadiusWi-FiWPA2-PEAP e TLS

Portal / Provision

Mac Address Authorization

User / HostnameEmailEmail SentEmail WhenMacMac ManufacturerVLANAuthorization Author

AD

“Insanity:

doing the same thingover and over

again and expecting different results

”

Name Rui LapaEmail [email protected]

Thank you

Linux Desktop Automation

Technology