0

I have 40 new Ubuntu 14.04 Workstations. I have knowledge of locally managed Ubuntu, but I don't know how can I manage multiple workstations globally.

Facts I have 40 new Ubuntu 14.04 LTS based workstations. I need to blacklist removable storage I need to Install printers (same printers to all Workstation) I can't find a good way how can I do :(

Any help will be greatly appreciated.

TIA, Alonso

sugab
  • 4,367
Kefealo
  • 3
  • What's the user population that will be using these workstations? Are they for a school, or work, or something else? Are they open to the public, or are there 40 users who will typically sit in the same 40 seats day after day, or 80 users who will switch off, or 20 users who each get two workstations at their desk? – david May 27 '15 at 14:24
  • just a plain office... and cca 60 users for these 40 computers. – Kefealo May 27 '15 at 18:39
  • you can try saltstack or puppet they will full fill all your requirements - personally puppet is best – PKumar May 28 '15 at 04:25

3 Answers3

1

All computers, and an additional server, if used, should be on the same LAN to make things easier. To make life easier, you should either mount certain directories of the clients from a central location, or use a remote interface, such as SSH or VNC. Else, you'll have to apply each setting 40 times.

Printing

The easiest and safest way would be to use another computer as a print server, which itself connects to all required print servers. By doing so, you can change the printer configuration on one host only. If you can't manage to get one, you could instead use one of the 40 workstations as a server additionally.

Linux uses the Common Unix Printing System CUPS. It's by default installed on the desktop version of Ubuntu, and you'll have the option to install it on the server edition on installation time. If you already installed the server, you can install CUPS with the command sudo apt-get install cups

By default, the CUPS server only works when accessed locally. To change that, open the file /etc/cups/cupsd.conf and replace the loopback entry by one referencing the hostname, i.e. replace

Listen 127.0.0.1:631

by

Listen <hostname>:631

You can get the hostname with the hostname command. If the server has a firewall (I'll assume ufw in the following), you may have to open port 631 to the outside:

sudo ufw allow cups

Also, enable publishing the printers on the network:

Browsing on

To apply these changes, restart CUPS:

sudo service cups restart

Now, you can use set up all printers via the server's desktop (if it has one) or the CUPS interface at http://<ServerIP>:631/. When asked for authentication on the web interface, use your root or admin user credentials.

CUPS web interface

If you have network capable printers, there are chances that CUPS will find them on its own, and all you need to do is to add them to the printer list in CUPS. If some printers aren't found, you should be able to use their IP address to connect to them. When installing a printer, make sure that CUPS will publish them on the server.

If your printers aren't network capable, and only support e.g. USB, attach them to the print server and install them there. Again make sure that the printers are published by CUPS.

To tell the clients that there is a print server, open or create the file /etc/cups/client.conf on each of them.

It would be much easier to mount certain directories from a NAS server (maybe the one that runs the CUPS server), so as to keep certain configuration centralized, but that would go beyond the scope of this answer.

In each client.conf, add the following line, replacing ServerIP by its actual IP, and ensure the server got a static IP (in the Router's settings).

ServerName <ServerIP>

Now, you have to restart CUPS on the client systems, using the same command as described above.

In the clients's printer settings, or CUPS web interface, add the printers from the CUPS server.

(src: https://wiki.archlinux.org/index.php/CUPS_printer_sharing)

Drive mounting

To prevent a user from mounting and unmounting drives, remove him from the plugdev group:

userdel <username> plugdev

If the user is currently logged in, this may not apply immediately; a relog may be required.

Community
  • 1
s3lph
  • 14,314
  • 11
  • 59
  • 82
1

Not so much an answer to your specific questions, but general advice.

Set up passwordless SSH login from the root account on a central "management" server out to all the workstations.

If your user population needs to share and protect files or otherwise identify themselves, set up all user accounts in NIS or LDAP and mount /home via NFS from a central sever. Otherwise, have a "guest"-ish account (without "sudo"!) as the default auto-login on all workstations.

Mount "/var/cache/apt/archives" read-write and "no_root_squash" via NFS from a central server, and use scripting to do rolling updates around the whole lab ... that way you'll typically only download a package once. For example,

for machine in `cat /usr/local/all_lab_machines.txt`
do
    ssh $machine apt-get update
    ssh $machine apt-get install  foo
done

Make configuration tweaks (such as CUPS setup, for printing) in one place, and use rdist or a loop around rsync to push them out.

Try clusterssh.

david
  • 176
1

How about puppet ?

Puppet is a cross platform framework enabling system administrators to perform common tasks using code.

I don't know much about it but it seems to pretty fit your requirement.

https://help.ubuntu.com/14.04/serverguide/puppet.html

There are other alternatives like Landscape, spacewalk, foreman: Are there any open source alternative to Landscape?

Community
  • 1
solsTiCe
  • 9,231