Greeting everybody, I am relatively new on this list, so maybe the subject have already been discussed and acted upon. If it is the case, sorry for bothering you with my blabbers.
I have an idea for a spec. Reading the recent post about the spec for etc-in-svn prompted me to discuss it. Hopefully, it will bring something new on the table. For a lack of better terminology, I would call this spec "Ubuntu domain". First, a little prologue. I personnally believe the next great obstacle Linux in general and Ubuntu in particuliar will face toward adoption in large IT infrastrucure is manageability. I define "large IT infrastructure" lousely as a network of more than 20 servers and a thousand users, and manageability as the possibility to define and apply policies in a uniform fashion with as little work as possible. I think all the tools to achieve good manageability already exist in Ubuntu, but they suffer from not being pre-integrated out of the box. A good sysadmin in a large IT infrastructure would setup LDAP for authentication, Nagios for monitoring, write a set of scripts to automate common sysadmin tasks and deleguate work to juniors securely using sudo. However, he have to roll-out most of these tools himself. This is something that might be over the head of junior or average sysadmins, or those coming from another platform. The idea for my spec is to provide an integrated set of network infrastrucure services in a standardized and predictable fashion. This would simplify the life of sysadmins, expecially the juniors and those not experienced in Linux. It would also simplify the writing of administration tools, as it would be easier to make assumption about how things are setup. Setting up an "Ubuntu domain" would involve running a configuration scripts, a wizard, on what will become the reference server (hereafter called the "master"). This would configure the infrastructure services according to the spec. Another setup tool is to be ran on machine that want to make use of these infrastructure services (hereafter called the "clients"). Ideally, you only have to provide the name or address of the master server to the clients to have them auto-configured to make use of pre-defined infrastructure services. Here are some standard services an Ubuntu "domain" might be able to provide : - DNS - Centralized authentication and user/group database using LDAP - DHCP (possibly with dynamic DNS update, where applicable) - PKI (in-house CA and x509 certificates) - NTP - syslog - monitoring (Nagios, Hobbit, or whatever) ... etc Here are some guidelines we might want to consider : - Only standard services and protocols that can be used independantly of this framework should be used - All on-the-wire communication should be encrypted (or signed, at the very least) - All service that have the capability to authenticate using x509 certificates should be configured for doing so (ie LDAP) - As many service as possible should be replicated (LDAP, DNS) for robustness and reliability I have not thought out all the details yet, but I already have some ideas about how most of these could be implemented. If people feel this is worthy of discussing, I could start fleshing it out on the Wiki. I have some pretty wild ideas about what might get integrated into such an initiative eventually, but I think it should start modestly with objective that could get implemented relatively easily. In any case, I would love to hear what people have to say about it. Among other, such a spec would really need a better name than "Ubuntu domain", for not being confused with what is being done by That Other Operating System (TM). Regards, Etienne Goyer -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
