Re: RH to Debian migration

• Previous message: Rodney D. Myers: "Re: kernel-source-2.5.69.tar.bz"
• In reply to: Roberto Sanchez: "RH to Debian migration"
• Next in thread: John Hasler: "Re: RH to Debian migration"
• Reply: John Hasler: "Re: RH to Debian migration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 29 Jul 2003 22:24:33 -0600
To: debian-user <debian-user@lists.debian.org>

Roberto Sanchez wrote:
> -The lab director does not want to pay for support or for RH Enterprise
> Workstation, so they setup one RHN account, added all 10 machines and then
> rotate the demo entitlement amongst them to be able to run up2date for each
> one.

I don't know about the Enterprise Workstation license, but having
looked carefully at the Advanced Server license I will say that it
specifically forbids doing that. The AS license says that you are
contractually agreeing to pay license fees for every AS system that
you have. I assume the EW license says the same thing. So getting
that situation cleaned up as soon as practical could save you some
legal grief. You will have to look at your own license to know where
you stand. Debian is completely free of course and a better way to go.

> I would like to transition all the machines over Debian (Sid for the
> 8 workstations and Woody for the two servers) while preserving the
> user home directories.

You sound like you have a good grip on the problem. You should be
able to proceed with confidence.

> I would also like to setup a DHCP (I know how to do this, but would like a
> suggestion as to whether it belongs on the web or fileserver),

Logically DHCP is its own service. It does not really belong either
place. If you are doubling up on the duty of a machine (which is
fine) then it is your choice where you put it.

I personally don't like running anything on the firewall machine. I
would have the firewall be only a firewall and nothing else. If I
only had two machines then all of the other services would be running
on the non-firewall machine. But that is only a preference for the
maximum in security. As a practical matter you can get away with
running other services there.

Usually putting DHCP on a firewall machine requires a few special
rules to enable the broadcast packets through. Therefore I would put
it on the fileserver. But it is a small thing.

> DNS (currently each machine is named after the person that uses it
> and since all the IPs are static the hosts file on each must be
> updated after each change),

That works. But I suggest one of two things. Do you have your own
domain? In that case run your own DNS zone with BIND. That
eliminates the need for a local /etc/hosts file. Just update your DNS
zone and it has immediate affect. Don't have your own domain but are
running these as a NAT'd network? In that case make make up a local
domain and masquarade it behind your firewall and mailserver. With
Postfix that is simply 'masquerade_domains = $mydomain'.

Additionally, for your configuration I would run all of the
workstations as DHCP clients. On your DHCP server configure it to
give the clients the same IP address every time. In practice this
means that you will need to make DNS changes and DHCP changes
centrally on the server when new network cards come or go from
machines. But being centrally managed makes that easier in my
opinion and things like that don't change very often.

> and VMWare workstation for each machine (I would need some help for
> doing this on Debian since they don't officially support Debian as a
> distro).

I personally don't use vmware but colleagues here do. It runs fine on
Debian.

> Any other suggestions/comments/whatever would be greatly appreciated.

For your stable machines check out cron-apt to get security updates
painlessly. Pull the version from unstable and backport it to stable
since there have been some enhancements. If you need help, ask. For
IDE disks look at the smartsuite set of tools to monitor disk health.
Look at mdadm to monitor RAID status. In a student environment I
would run a customized configuration of aide on your servers to look
for intrusions. I modify my aide configuration to reduce the spurious
noise from it. On your server contemplate running logcheck in the
'workstation' mode to report issues seen by the system.

Bob

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• application/pgp-signature attachment: stored

• Previous message: Rodney D. Myers: "Re: kernel-source-2.5.69.tar.bz"
• In reply to: Roberto Sanchez: "RH to Debian migration"
• Next in thread: John Hasler: "Re: RH to Debian migration"
• Reply: John Hasler: "Re: RH to Debian migration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]