Administering a network of computers with Ubuntu via a web interface
Not so long ago, I began to work on a rather difficult, long and, as it turned out, not completely possible project to transfer an enterprise’s information infrastructure from a peer-to-peer serverless Windows network to a Ubuntu network with centralized management.
In the process of translation, the workstations were restructured: a primitive file server, an Internet gateway, an application server (most likely, I call it that, but in fact this term implies something else, but it will be clear why I called it , I hope). In combination with some instructions and “tips” of the manual on how to work in the “new” system, the system turned out to be quite user-friendly.
On PC users - Ubuntu 10.04 and the standard set of programs - archivers, codecs, document managers, translators, browsers, Skype, Remmina, a remote desktop client. Using the RDP protocol, users connect to the Windows 2003 terminal server (which I called the application server above) and in terminal sessions they work with applications that were not so easy to replace with counterparts from the Ubuntu world: 1C-accounting, Liga-Law client, MS Office, Me -doc, some client banks. Internet on the application server is disabled and closed by firewall. The set of directories with write and execution permissions for each user (group, if several) is clearly limited. For the growth of files from each user, 1-2 GB of space is allocated on the disks, and the main file server is moved to a separate Ubuntu primitive file server and samba is configured. For each user, a personal directory is entered into samba and a directory is opened with the option to write for each pair of users. On the file server and on the application server, identical users with the same password are set up; on each of the user's computers, only one user and the administrator are entered. This makes it possible to connect the directories shared on the file server to the application server as network drives (for each application server user, these drives are different), and mount these directories to the local PC of the users via the fstab file. The gateway safely runs under FreeBSD, on which ipfw, natd, squid, sams, dhcpd is configured.
So, in the process of setting up and managing the resulting network of PCs with Ubuntu, I often have to do the same type of tasks like institution, delete a user on the server and on the user's local PC, create and delete shared directories on the server and connect them to users' computers, monitor version relevance applications installed by users, re-launching, stopping and restarting various services on the server and on users' PCs, sample editing of the same configs, in general everything that is done after e ssh admin @ remotePC. In searching for automation of all these routine actions, Webmin was found, but, unfortunately, either I didn’t figure out how to manage everything I need on servers and users ’PCs, or Webmin doesn’t yet know how. I didn’t really want to use separate scripts in many different forums, so after a little reflection, I came up with how I can do most of the tasks performed when administering my network to be easy and accessible to even a secretary.
')
1. On a PC with a real IP (or with an unreal, but then the gateway needs to forward the port to the required address within the network), apache is set up, then started as a user with root privileges (edit httpd.conf) - let's call it conditionally admin.
2. The same admin user starts on all PCs on the network.
3. A key pair is generated for passwordless ssh access from the server where apache is located to any PC in the local network.
4. Next, in the / etc / sudoers file of each local PC, you need to add lines of the following type: admin ALL = (ALL) NOPASSWD: ALL - this removes the membership confirmation request for the superuser group, and removes the need to use expect scripts.
5. Apache starts a virtual host where the site with buttons is hung up, like echo 'ssh admin @ remotehost' sudo service smbd restart '' or echo 'ssh admin @ remotehost' sudo apt-get upgrade '' and others added and programmed by need Ie we get for any device that has an Internet and web browser the ability to manage server services and local PCs, their configs, mount and unmount file systems, and generally everything that is allowed to do via ssh - i.e. everybody! It remains only to have a base of our users and a PC and program the necessary functions by pressing the buttons of our primitive admin site. And, it is desirable to configure access to the admin site using ssl, for greater fidelity.
In the process of translation, the workstations were restructured: a primitive file server, an Internet gateway, an application server (most likely, I call it that, but in fact this term implies something else, but it will be clear why I called it , I hope). In combination with some instructions and “tips” of the manual on how to work in the “new” system, the system turned out to be quite user-friendly.
On PC users - Ubuntu 10.04 and the standard set of programs - archivers, codecs, document managers, translators, browsers, Skype, Remmina, a remote desktop client. Using the RDP protocol, users connect to the Windows 2003 terminal server (which I called the application server above) and in terminal sessions they work with applications that were not so easy to replace with counterparts from the Ubuntu world: 1C-accounting, Liga-Law client, MS Office, Me -doc, some client banks. Internet on the application server is disabled and closed by firewall. The set of directories with write and execution permissions for each user (group, if several) is clearly limited. For the growth of files from each user, 1-2 GB of space is allocated on the disks, and the main file server is moved to a separate Ubuntu primitive file server and samba is configured. For each user, a personal directory is entered into samba and a directory is opened with the option to write for each pair of users. On the file server and on the application server, identical users with the same password are set up; on each of the user's computers, only one user and the administrator are entered. This makes it possible to connect the directories shared on the file server to the application server as network drives (for each application server user, these drives are different), and mount these directories to the local PC of the users via the fstab file. The gateway safely runs under FreeBSD, on which ipfw, natd, squid, sams, dhcpd is configured.
So, in the process of setting up and managing the resulting network of PCs with Ubuntu, I often have to do the same type of tasks like institution, delete a user on the server and on the user's local PC, create and delete shared directories on the server and connect them to users' computers, monitor version relevance applications installed by users, re-launching, stopping and restarting various services on the server and on users' PCs, sample editing of the same configs, in general everything that is done after e ssh admin @ remotePC. In searching for automation of all these routine actions, Webmin was found, but, unfortunately, either I didn’t figure out how to manage everything I need on servers and users ’PCs, or Webmin doesn’t yet know how. I didn’t really want to use separate scripts in many different forums, so after a little reflection, I came up with how I can do most of the tasks performed when administering my network to be easy and accessible to even a secretary.
')
1. On a PC with a real IP (or with an unreal, but then the gateway needs to forward the port to the required address within the network), apache is set up, then started as a user with root privileges (edit httpd.conf) - let's call it conditionally admin.
2. The same admin user starts on all PCs on the network.
3. A key pair is generated for passwordless ssh access from the server where apache is located to any PC in the local network.
4. Next, in the / etc / sudoers file of each local PC, you need to add lines of the following type: admin ALL = (ALL) NOPASSWD: ALL - this removes the membership confirmation request for the superuser group, and removes the need to use expect scripts.
5. Apache starts a virtual host where the site with buttons is hung up, like echo 'ssh admin @ remotehost' sudo service smbd restart '' or echo 'ssh admin @ remotehost' sudo apt-get upgrade '' and others added and programmed by need Ie we get for any device that has an Internet and web browser the ability to manage server services and local PCs, their configs, mount and unmount file systems, and generally everything that is allowed to do via ssh - i.e. everybody! It remains only to have a base of our users and a PC and program the necessary functions by pressing the buttons of our primitive admin site. And, it is desirable to configure access to the admin site using ssl, for greater fidelity.
Source: https://habr.com/ru/post/124507/
All Articles