Debian Workstation Automated Setup

The office_workstation folder contains files used for automated installation, configuration and maintenance of Acorn’s Linux Workstations, which run Debian Linux.

Quickstart

  1. Download the Debian Stretch Netinstall Image.

  2. Copy the ISO to a USB Stick:

    dd if=debian-stretch.iso of=/dev/sdg
    
  3. Boot the new workstation from the USB stick. When the installer menu pops up, hit escape and enter the following:

    auto hostname=NewWorkstation url=http://lucy.acorn/workstation-preseed.cfg
    
  4. After installation is complete, jump to your workstation and install ansible:

    pip install ansible
    
  5. Add the new workstation to the workstations file:

    echo 'NewWorkstation.acorn' >> playbook/workstations
    
  6. Copy your SSH key over to the new workstation:

    ssh-copy-id seseadmin@NewWorkstation.acorn
    
  7. Run the playbook:

    cd playbook; ansible-playbook acorn.yml
    
  8. Make some coffee…

  9. Once the playbook finishes, you should be logged in as the Public User and Mumble should have popped up.

  10. Go through Mumble’s Audio Wizard, complete the Certificate Wizard. To get our Mumble server to show up in the favorites, you will have to rerun the playbook with the mumble tag:

    ansible-playbook acorn.yml -t mumble
    
  11. Right-click the Desktop & hit Unlock Widget, then Configure Desktop. Change the Wallpaper tab’s Layout option to Folder View.

  12. You might need to do some our layout tweaks, like rearranging the Desktop Icons, or increasing the height of the Task Bar(Right-Click Task Bar -> Panel Options -> Panel Settings). Afterards, right-click the Desktop again and choose Lock Widgets.

  13. Open PlayOnLinux and hit Run a Local Script. Choose the PlayOnLinux_msoffice.sh file in the Home directory.

  14. Cleanup by removing the MS Office ISO and the PlayOnLinux script and shortcut from the Public User’s home folder.

  15. Reboot the workstation.

Automated Installs

The preseed.cfg file is configuration file that can be used with the Debian Automated Installer. It is based off of the Automated Install documentation and the example pre-seed file .

Simply boot up using a netinstall image. When the graphical menu appears, press <ESC> and enter auto hostname=<workstation_hostname> url=<preseed_url>. For example, if you wanted the new workstation to be named HelloWorld and your preseed was hosted at http://lucy.acorn/~prikhi/preseed.cfg, you would type:

auto hostname=NewWorkstation url=http://lucy.acorn/workstation-preseed.cfg

This will automatically partition the drives and setup an SSH server along with an seseadmin admin user.

The Ansible playbook may then be used for further configuration.

Note

You can use the mkpasswd command to generate crypted passwords for the pre-seed file:

printf "someSecurePassword" | mkpasswd -s -m sha-512

Ansible Setup

While the Debian Automated Install gets a minimal system up and running with just an SSH server, the Ansible playbook adds the GUI(KDE), desktop applications, and Acorn specific customizations. It will do the following actions:

  • Install basic system utilities and the desktop environment(KDE)

  • Install standard applications (LibreOffice, Firefox, Chromium, Flash)

  • Configure for use with network services (samba, zabbix, cups)

  • Create a public user

  • Apply a standardized configuration to the public user (bookmarks, shortcuts)

  • Prepare the workstation and public user for installing MS Office

  • Create personal user accounts and apply specific configurations to them

Start by using pip to install Ansible:

pip install ansible

You can then run the entire playbook using ansible-playbook:

cd office_workstation/playbook
ansible-playbook acorn.yml

New hosts may be added to the workstations file. Plays will only be run if the host requires it.

You may run specific tags using the -t flag. The following command will only install and configure the Zabbix agent on hosts that do not have the agent installed or are improperly configured:

ansible-playbook acorn.yml -t zabbix

The following tags are available:

  • kde - Install/Remove/Configure KDE packages.

  • apps - Install/Remove available applications.

  • zabbix - Install and configure the Zabbix agent.

  • samba - Configure Samba and mount network shares on boot.

  • cups - Install and configure the CUPS client(for printing).

  • users - Create and configure accounts for all users.

  • public_user - Create and configure a Public user account.

  • pavan - Create and configure Pavan’s user.

Playbook Overview

The playbook will first copy over the apt sources file. This ensures all workstations use a common mirror which allows caching via web proxy(we use squid). Then the new mirrors available packages are updated.

Next various applications are installed such as the desktop environment, web browsers, games, and educational applications. KDE applications are explicitly installed(instead of being implicity linked to the kde-desktop task).

The Zabbix agent is then installed and configured. We rely on Zabbix’s auto-discovery features, monitoring only system resource usage.

Next we set up printing by installing and configuring the CUPS client, using a central print server instead of configuring printers on each machine.

A Public User is then created and application and DE customizations are copied over to it’s home directory. Any additional users for specific people are then created and customized.

Samba is then setup to use a common workgroup and WINS server. Personal and Community samba shares are set to be automatically mounted on boot.

We then prepare the Public User’s home directory for installing Microsoft Office 2007 using PlayOnLinux. This will mount the install ISO, copy over patch files and create a PlayOnLinux script in the Public User’s home directory. The script must still be run manually.

Finally, we configure SDDM, the Display/Login Manager, to automatically login as the Public User.

Microsoft Office 2007

PlayOnLinux requires a GUI to install programs, so this playbook only prepares a workstation for the installation, the actual installation must be done by hand. The installation can be run by opening up PlayOnLinux, selecting Tools -> Run a Local Script, then choosing to run the PlayOnLinux_msoffice.sh script found in the Public User’s home directory.

A network share containing the following files is required:

  • An ISO of the Microsoft Office 2007 install disk

  • The bin, lib and share folders for Wine 1.2.3(manually install Wine 1.2.3 using PlayOnLinux to get a copy of these)

  • The wine-gecko install file

  • The XP SP3 patch file

The Playbook will copy these files to the proper directories & mount the ISO.

Customization

The playbook can be modified for other networks by creating a replacement for the acorn.yml file. You can override any variables found in the roles/common/vars/main.yml file. This will allow you to customize various specifics like the CUPS or WINS servers and the name of the Public user account.

Variables can also be set in the workstations file. See the Ansible Documentation for more information.

Contributing

You should make sure any new features are properly abstracted from your specific implementation through the use of templates and variables.

The main issue tracker lives at http://bugs.sleepanarchy.com/projects/sysadmin, feel free to create a new issue(attach a patch file if you have one). Pull requests are also accepted from our github mirror at https://github.com/prikhi/sysadmintools.

Automated Maintenance with Fabric

A fabfile.py for Fabric is also included to help automate workstation maintenance. Currently it may be used to automatically install and upgrade packages.

First make sure you have Fabric installed:

pip install Fabric

To get a full list of commands, run fab` with the ``-l flag:

cd office_workstation
fab -l

To upgrade all packages, use the update_and_upgrade command:

fab update_and_upgrade

To upgrade all packages and install any new dependencies, use full_upgrade:

fab full_upgrade

To Do

  • Abstract KDE specificities into a separate role

  • Change some of the Public User’s config files into templates or tasks, especially ones that have the sese user hardcoded in them.

  • Add a role that uses a lightweight DE along with customizations for the Public User(for low-power comps or laptops).

  • Refactor the “iommu=pt” grub option needed for SewingMachine into a host_var file.

  • Address deprecation warnings.

  • Update public user files for debian 9 & new KDE.

  • Use Ansible Vault for password hashes.

  • Pre-configure mumble so the audio wizard isn’t required.

  • Configure udevil to allow cifs mounting