“Mice cried and pricked ..” Import substitution in practice. Part 4 (theoretical, final). Systems and Services

Having talked in past articles about options , “domestic” hypervisors and “domestic” Operating Systems , we will continue to collect information about the necessary systems and services that can be deployed on these Axes.

In fact, this article turned out mostly theoretical. The problem is that there is nothing new and original in the “domestic” systems. And to rewrite for the hundredth time the same thing, without adding anything new, I do not see the point. So there will be a collection and analysis of data regarding import-substituting systems.

Plus, only the Alt, Astra and Rosa have a more or less normal Wiki. Red OS has a knowledge base (very modest for my taste). Moreover, Rosa articles in this Wiki are often outdated and irrelevant, dated 2013-2014 and related to old distributions ... But for other Wiki systems, consider that they do not exist at all. Therefore, for distributions that do not have a KB or a Wiki, we will assume that we need to look at the Wiki or the BR of their parent distribution. For ROSA - CentOS (Red Hat), Astra - Debian, Calculate - Gentoo, Red OS - Red Hat, AlterOS - openSUSE, OS - CentOS (Red Hat), Ulyanovsk.BSD - FreeBSD, QP OC - completely domestic development (according to assurances its creators are not Linux).
')
Also, for the time being I will omit the moment that I leave the entire infrastructure based on Microsoft, and begin with the basics - DNS, Directory Service, Proxy-server . Well, then go user-oriented systems and services, such as mail server, office, chat, etc.

1. Infrastructure

1.1. DNS

DNS-server is represented in all "domestic" operating systems in the form of BIND9 . Nothing new. Yes, and there is nothing difficult in setting up. Only Calculate is not in the BIND repository. But there are others.

DDNS - a little harder, but also nothing out of the ordinary is not here.
Astra instructions
Instructions for Alt
ROSA in the Wiki has the following instruction , which has no relation to the real state of things. So we will assume that the instruction for configuring DDNS for ROSA should be searched for as related to CentOS.

1.2. DHCP

Again, nothing new, nothing complicated.
Astra Linux Wiki DHCP
ROSA Enterprise Linux Server DHCP

1.3. Directory service

Almost all “domestic” operating systems on the market have the opportunity to operate as a SAMBA- based domain controller. But SAMBA has a serious limitation when working with Windows based clients:

Samba AD DC operates at the level of a Windows 2008 R2 domain controller. You can enter it into the Windows 2012 domain as a client, but not as a domain controller.

Thus, for normal operation of Windows servers and workstations, if we need them, and they are needed, since there is software that cannot work under Linux (the same CAD packages or outdated software packages for devices that are generally besides Win XP is impossible to deliver), we need to deploy a domain based on Windows or FreeIPA . Deploy FreeIPA is quite a laborious process, while a Windows domain is deployed in a couple of hours. In my case - zero time costs, because I already have a domain running Windows. In this case, Linux can authenticate with AD. In fairness, I note that Windows can be authorized via FreeIPA.

This is what I bring to the rationale of why I do not want to abandon domain controllers based on Microsoft Windows. I already have it. I see no reason to spend a lot of time and effort, to retrain administrators who are used to the convenience of the Windows graphical interface to work with text files on Linux systems. Yes, IPA has a web-interface, but that doesn’t really change things. (Linuxks are probably the fourth for these words, but I, as a Windows administrator who has worked with Linux, can imagine what I'm talking about. I can't figure out how to love digging through text editors, reading in thousands of lines of code fearing to be sealed when making changes. While the graphical interface itself will show you everything, prompt, explain, just press the button and enter the necessary parameters. Everything. I spoke. Shoot!)

Just in case, here is a very useful article on deploying an IPA server. Suddenly someone will be helpful.

1.4. Proxy server

Squid can be found in the repositories of almost all "domestic" OS. I do not know how anyone, but I have Squid deployed for a long time. It works for me.
Astra Linux Squid
Alto Squid with authorization through AD
Squid for RED OS with authorization through IPA
ROSA did not find such an article in the Wiki. But there is a lot of literature on setting up Squiid on the Internet. And the configuration will differ only by the installation command of the package manager and, possibly, by the location of the config files.

1.5. Monitoring

Zabbix is in the Astra, ROSA, Alt, Red OS repositories. There will be no problems with this; you will only need to export all the necessary information from the product server and then import it into the new server. Yes, we will lose history, but this is not critical in most cases. In cases where it is critical, you can keep both servers in operation until the information on the old server becomes outdated and loses the need. And one moment. There was information , judging by which, it can be concluded that Maria DB will be blacklisted, and will be copied from the repositories of all "domestic" operating systems.
Installing and configuring Zabbix on Astra
Installing and configuring Zabbix on Alt
Installing and configuring Zabbix on OS RED

2. User oriented systems

2.1. As mentioned in one of the previous articles , we have a system called TEKTON on Firebird 1.5 . Accordingly, in case of import substitution, this business should be transferred to a new infrastructure. Firebird has versions for Linux, but there is no version 1.5 of the “native” OS repositories. And there is no possibility to switch to a later version, since the principle of operation of stored procedures has changed at the junction of Firebird versions 1 and 2, and no one will rewrite them ... and it cannot ... yes, it makes no sense, because in the near future this system should be replaced 1s. So “for the first time” it will be possible to download the package and install it not from the repository.

2.2. OASIS e-reporting system for Linux does not work. Moreover, OASIS does not work for anything other than MSSQL Server. Thus, we need a virtual machine with Windows and MSSQL Server. Express version is enough, since the database is small. But it is impossible to get away from this, since the reporting to the FIU and the tax is based on this.

2.3. As a web server, MS IIS, of course, will not work, you will have to use Apache or Nginx included in the repositories (the latter is in the ROSA, Alt, Calculate repositories).
Which one is better? You can read the article by comrade rrromka

Wiki Link:
For Alt
For Calculate
For ROSA, there are only installation commands that will have to be configured in other literature. For example, documentation from the official site . Or you can find a bunch of articles on customization on Habré .

2.4. Corporate chat with authorization through AD. OpenFire or ejabberd. Simple and free.
ejabberd on viola
Configuring ejabberd without binding to the OS
OpenFire Setup

As a chat client, you can use anything from Pidgin and Miranda , which are in OS builds, to something samopisnym.

2.5. Mail server. As I have repeatedly mentioned, I like Zimbra. It can be deployed on the basis of RELS.
Implementation of Zimbra Collaboration Open Source, authorization through AD and automatic creation of mailboxes
Setting up backup and recovery of Zimbra OSE entirely and in separate boxes
Creating and updating mailing lists in Zimbra Collaboration OSE based on Active Directory groups and users

Here specifically deployed on the basis of RELS

Also in the OS repositories there are Postfix / exim / Dovecot packages.
Alto Wiki Postfix Dovecot
Astra Linux. Installing Dovecot Mail Server
Regarding the setting of Rosa. Their wiki has an article on mail server deployment dated February 28, 2013. The only trouble is that it described the method using RSS (ROSA Server Setup), which, as I said above, was derived from the current version of the distribution. So now you can use the instructions for setting up the mail server without reference to the OS. For example, like this .

You can also consider the option of proprietary software in mind " MyOffice server " or " CommuniGate Pro ". But I do not like this option. At least because it is paid. On the other hand, support is good, it is a guarantee. But provided that almost all administrators can guarantee the efficiency of the mail server, the need for support is questionable. And if CommuniGate is proven software, then MoiOffice was created in 2014, and I personally have concerns about the number of bugs that can still be found in this system. With all this, the price of both products in my opinion is unreasonably high.

2.6. Backups in distributions are represented by Bacula . Setting up this monster is a whole epic. There are a lot of materials on this issue, but still it is a whole work. But Bacula is a powerful and extremely useful multiplatform tool.
Astra instructions
Instructions for Alt
Documentation on the official website </ a
The official website of the project web-interface for Bacula

Taking into account the fact that Alt is the official partner of Bacula in Russia, one can hope that they will have relatively fresh versions of this distribution in their repository.

2.7. I will not say anything about the Thunderbird e-mail client presented from all “domestic” OSes.

2.8. About web browsers Mozilla Firefox , presented in all "domestic" operating systems and Yandex Browser, which can be installed on all "domestic" operating systems, just keep quiet.

2.9. Office package . LibreOffice is part of all "domestic" OS. He has 2 paid alternatives - this is " MyOffice " and " P7-Office ". The P-7 has a test version of the “try” distribution. You can request here . As for MyOffice, I’ll just leave this link here and this link here (I advise you to pay special attention to the comments).

2.10. 1: ENTERPRISE . For example, ALL ASTRA LINUX VERSIONS ARE COMPATIBLE with 1C PROGRAM: COMPANY 8
The Astra Wiki has an outdated article about installing 1c both client and server parts.
In the ROSA Wiki there is an article about installing client 1c . It is strange that there is no article on configuring the server, since esco arises on CentOS. For example, here is an article .
There is an article in the Alt Wiki with a detailed description of installation and configuration, which also contains useful links.

3. Conclusion

Well, what can I say after studying the information related to import substitution? All this is profanation. It in no way relieves of import, in no way does it cancel dependence on foreign developers. It simply replaces the one with the other, allowing them to feed not our foreign uncles, but ours, our own. Sales taxes will go to the treasury of the state, this is a plus. But most of the money will settle on the hands of the already rich "uncles and aunts", and will not reach the trust funds, this is a minus. Any enterprises like “New Cloud Technologies”, which declare that “their goal is not to be enriched on the import substitution program ...”, in fact, they pursue precisely this goal, otherwise there would be no such statements, there would be no lawsuits in courts and statements in FAS. They would not begin to take a piece of LibreOffice and repaint under “OwnOffice”.

Take a free product, someone has already made, a little finish it and sell under the guise of his, in my opinion, at least a little ... not cheating. No, of course, they did the security systems, encryption is there, everything is done, they brought it all under the FSTEC certification ... But it’s still not the products they made. With the exception of QP OS, Cryptosoft has done everything himself. And because of this, they will have compatibility problems, lack of software for their OS, unreported bugs, etc. etc. But they did. Alt did before import substitution before HYIP, they also did great work, did it for conscientious gain, for money earned on the fact that it was not main stream.

I don’t just write the word “domestic” in quotation marks, because I missed the domestic systems once or twice. There are only one operating system. What kind of "import substitution" in question - remains a mystery.

No, in general, if you want to sooo and spend a lot of time and effort, then you can raise the infrastructure and most of the services on Linux. But for this you need to retrain or change windows-administrators, and force them to red-eye in the text files application settings. But 90% of these systems will not be domestic; they will be free and, in rare cases, slightly repainted. With boring wallpaper. In general, all this fuss looks like expensive nonsense. If the Germans could not , then what about us? .. "The mice cried and injected ..," and the big brother continued to fill his pocket. A sound grain in the whole program ended at the idea stage, when it was said that the secret needed to be transferred to our secure systems so that “the enemy could not find out anything”. But in the end it resulted in the fact that we have all the normal ideas. Well, business in our country is built this way - maximum profit at minimum cost.

4. What to do?

Crying and poking ... There is an order - you have to do it, otherwise they will punish. How to punish - is unknown. The problem is that no one knows how they will check the results of the import substitution program, including those who will check. No data on the ability to use software from the OS repositories. Can I use it? Can't you? All use - so you can? But in the registry, the Ministry of Communications and Mass Communications is not - so it is impossible? There are no answers to these questions. But someone reported using the same LibreOffice, which is part of the OS. Rolled. And Zabbix? The one that is included in the repo - can be, and if the same version can be downloaded from the officials - can not? Etc. etc. And where is the logic?

As a result, it remains only to lead to the established indicators of the proportion of software used, to spend a lot of money on its purchase and support, and to train employees to work with the new software. There is an opinion that “the severity of Russian laws is compensated by the non-binding nature of their execution,” but hoping for it is a matter of that ...

5. PS:

While I was writing these articles, I had to shovel so much information that I wondered how I kept all this in my head. And I am glad that the series of articles has come to an end. There was only an article about QP OC, which I promised to write to their representative in exchange for the opportunity to touch the distribution. Perhaps, then there will be something else about iron in the framework of the same import substitution, but for now this will fork in the water.

I hope that the information gathered together and analyzed by me will help someone in the difficult task of switching to "native" software. Thank you all and see you soon.