 Hello, yeah, yes use mirror, okay Okay, now it's Sorry Okay Identity management and the desktop Play commander So firstly thanks all for coming thanks all for staying to this time We are going to be talking about fit commander and why it is the most efficient way To manage the desktop profiles of her fleet You can see a bunch of logos there it's because Fit commander is a project integrated with cockpit spice Free PA and SSSD at least For now this is a Fedora specific project and I am for confidential and here is whatever which is with me So I guess the first question is Is What is a desktop profile? this is like nothing more than a group of Desktop related settings that you just combine them and distribute them for User group a machine or a group of machines And this is what we will be dealing with so what is split commander the split commander project Was started Few years ago. I was still part of desktop team although not working directly with this It was created mainly because it's a rear real hell a real pain for season means to manage desktop profiles and If you are not a season mean you may be asking my fight Basically There are a few solutions those solutions are usually Leaving behind some or messing with the users homes home directory. We don't do that like we don't want to do that This is like not something quite good to do because well It's not helping like when you are going to update those changes. So This is something like that is not good And So far We have been lacking a tool that will do that for us like that could help us and that's when Fleet commander was created and the main idea behind the project is this is integrated with none We know what we are doing. We Are not leaving files behind in the users home directory. We are just like Doing it in the most clean and easy way. We are going to show you guys later on how is it actually is And just to have like everyone on the same page, let me just tell you what the commander is not We are not a system-wide management configuration too. We we don't do that. We just care about desktop. We are just caring about no There are other tools that can help with this. This is not what we do Uh, we are not a scripted-based solution. We are a natural tool integrated with none desktop so you're not going to be uh to have your hands dirty at some point And we are not an identity and policy management tool We we actually rely on free ita for doing this job for us and let me just Actually Oliver is going to give you guys like a brief overview about the project its parts Yeah, go ahead well, uh flick commander is divided in three pieces of software Uh, the first one is the flick commander arming. Uh, it's a plug. It's a cockpit plugin and It's a web-based solution where you can manage and modify and add settings to a desktop profile Uh, the second part is a flick commander logger because we use a an special way you will see later to Get the settings you will you will add to the to the actual profile Because we have a program running in a virtual machine Logging all the changes you are doing for the computer the desktop configuration and you will have the option to check What changes have you done and select the ones you want for the for that profile And there is the flick commander flick commander client that it's a tool that is installed in all the machines you have in your network So when the ssd, uh, completes the logging, uh, processor Uh, it takes the information for the profiles that apply to that user And flick commander clients do the step of taking that information and apply the configuration to the to the desktop user so There currently we support, uh, Different subsets of settings And we have two ways to get those settings into a profile the first one that is the Easier one in some way is the web interface where you can Using a custom Web web Interface to add some kind of settings. For example, the nob software editor picks applications Okay, when you open nob, you can on software you have, uh, the editor picks Uh, in the upper row so you can change it you can Set them in a web tool inside the flick commander admin plugin The normal line accounts, uh, follow the same procedure. You have a special ui for For editing the the accounts that apply to to some user And we have the live session that is the one where logger step in and With the live session we are able to get any g setting based application Whatever setting of a g settings based application can be logged with the logger also for LibreOffice And a network manager for example creating a bpn or a wi-fi With that and it will become stored inside the the profile Well, this is demo time. We have a video for that. We have a video for that, but we will dare to try to do it Uh life So if it explodes disclaimer Just cover your face Okay, so I have the machines here we'll open. Okay, so Master the bpn sample I will enter into wapbit here Yeah, we are logging into wapbit as the flick commander admin is a wapbit plugin There is this uh flick commander tab there You click it on it and then you can add a new profile This is quite simple. You just like set the profile name uh set which are the users which are going to be affected by the by this desktop profile And then you can edit that just wait a minute You have like here is the settings. We told you like we have these abnormal accounts. We have the uh alert apps, but we are going to actually show you the live session And hopefully it's going to work Uh So when you're in the live session, it's just going to uh don't uh load like a template All the machines you have on your link read session Usually you get uh completely raw installation to apply your profiles like on top of that And this is what we are doing. We're just like putting up the machine Uh, it's using spice hml 5 Let's see Okay Yeah, because of the resolution I have to scroll And here what we are going to do is uh, you can see this is the the background of this machine. Whoops, not anymore Yeah, yeah, I have to to click to kill the the welcome application So you have this background the the default one Yeah, and we are going to change the background Uh during this live session and then we are going to show you guys how it's going to be applied Like on a client machine Okay, I will get for example this one Okay, so the background is changed here and we have this button. There is a review and submit one with a minute before you Can open a machine client machine just to be sure that we didn't like that we don't have a machine with that background set up Yeah, yeah, we are not cheating. We are not cheating So I log in with administrator Yeah, please don't do that. This is not like Use it like with different users and administrator, please So here is like the the client machine. We are going to do the changes on the live session Apply them log out and then uh, look in again to show you guys Okay, so that it actually backs to this I have this uh background and I can review the changes I have done and In the changes I have done there is the background one So I will select it and save it To the profile Okay, now it's saved so The the setting is the setting is already saved into free IPA So I can just log out here And then when I log in again It should have a different background The one I selected the profile Just that Thank you Well Going back to the presentation. What happened here? Uh, do you want to spin in or go ahead for the fleet commander part? Okay Really what we have we don't here was uh, okay, we created a profile at the Copied session we had using the fleet commander admin plugin that profile Need some settings inside it. So for getting them I just connected by ssh to the bare metal machine And run a virtual machine That has the logger installing it The logger is all the time checking the changes in the configuration in decons in several places Depending on the kind of settings you are trying to to to log And that information is sent using a spice you directly to to the fleet commander admin When you click on the review boot button You have the list of all that changes that the logger was all the time reporting You just select them and when you click the save profile That information is stored in the free IPA just to profile's plugin that it's written specifically by Alexander Bogovoy for free IPA This is what happens pretty much on the master side and then on the virtual machine Uh on the client side, this is quite simple. Uh, we took advantage of uh Our machinery that sssd already had For it back So we just like expanded this made the code like reusable and Had the support for this so pretty much what we do is like once you are logging in Uh We have a pun session model that Is just pretty much what it does is it asks free IPA like i and this user part of those groups On this machine that is part of this whole group. Do you have something for me? In case it has we are just going to download to fetch all those profiles and fire The bus call To fit commander client Then the client will just combine all those profiles together And apply them at log in time And this is pretty much what we uh what showed you guys like And let me tell you like, uh, if you guys want to give that try Everything is available on fedora 26 or newer kind of kind of While we were preparing this presentation, we found some bugs On sssd side, so my part We have the packs So the patches are going to be reviewed and hopefully marriage it by next week Today Perfect. So we have someone to review the patch today. Nice. Thanks And they will be backported to fedora at least 27 not sure about 26 But in the worst case, actually, this is not that bad While you're doing this whole presentation, we came up with a project that is called fleet commander vagans that just use Some vagrant machines and ansible to set up an environment that will be used to provide you guys in imu So you can just clone it run setup And you are pretty much done to start testing this and taking a look on how it works and see whether it fits you or not and as As I have control of those patches are there already. So Just like clone it and start using it if you guys have some issues just come come and talk to us Here is the triple those slides are already updated in the website. So go there clone it if you have some issues open some Uh, yeah, some issues on on github and I really have to fix that Hopefully Sorry Sorry, sorry, so, uh plans for Future releases you can okay Well right now, uh, we are working on supporting the browsers because uh, we don't have a currently software for them we want to support firstly the The settings of on the browser and then aboard the part of Getting the bookmarks that is kind of a different way to handle them Also, there are We are in need of a lot of enhancements in the ui and user experience as you seen We have to create the profile and then edit it to go inside and it's kind of Well, but it's something that we Created when we started with with the prototype and we don't we didn't have to time to do that until now and also we want to support direct integration without the directory because Right now there are a lot of customers Asking us for using this with the existing environments. They have so We think this is a it's a good part of it to do it Here the key for this I guess is gpo and Andreas is looking his better. That's nice because Here's a summer developer. We need some help from samba guys. We had some talks before this Before this presentation And if you are some developer if you are interested interested to help us to give us some help, please Let's talk We need your knowledge. We don't need you to do the work for us. We just need some help And I guess we are going to get it, right Andreas? Tomorrow Thanks And talking about we need your help. We need to do and We have some ideas that may be Around for this round of books on rough code Some of them are going to be under gnomes. Some of them are going to be under fedora As soon as we know whether the organizations are actually accepted, we're going to just Do some blog posts and try to Find someone willing to help us with this And of course, we need some help of coding in all projects that are affected by this Well software we have bugs please Come to us if you are interested like we are going to help you to help us and if you have some Enhancement requests you try to you give it a try you just give it a try and There's something that you are not happy with Come talk to us join the fit commander channel, uh at freeload And we are going to talk if your idea is something that fits with What we want for the project for sure. We're going to just Try to implement it as soon as possible Uh Here I really would like to say a big thanks to a few people who help out a lot in this project Uh, first one is alexander bokeh boy who wrote the Free IPA desktop profile plugin This is like nice part Yakub who is out there Uh Yakub helped me with the design page the design page came from Yakub and we had like Several rounds of discussions and he reviewed the patch So thanks for that uh christian heim's uh The whole Fit commander vagans project is a fork of one of his projects we talked for Uh and we decided to fork it because it's it's a really nice project and But for a very specific usage. So we got it for fit commander. I talked to him and It was an agreement. So thanks to him. We have like a tool that you can just run and test all this stuff And pavel grunt who is a former spice developer. He did a lot He gave us a lot of help in order to have these spice channel That is just going to send the information from the live client to the From the live session to the flea commander arming Uh, here is pretty much all the place where you can find us We are there like you can just Join those channels. Uh, we are usually friendly. So You show up there Not on base We are going to try to help you If you have some really specific fit commander issue I would recommend both the fit commander channel. I'm there Uh, and then we can start debugging it and and then they will redirect you to either free iqa or sssd channel So questions please The stop This will be overridden next time The question is if I understood well That if you put some Settings manually when you log in in your session that settings are again overridden By flip commander you mean no The way flip commander works is we have the defaults in dconf right now So in in the system. So when you create the profile there with the settings for the for the for an User and the user logins. We create a layer over that Default settings, but the user layer is over that so we read the settings in cascade. So The settings of the user always Will be over the the rest of the settings, but but we are Programming we are now right now developing to force settings that they can don't override, but they are That's part of the dconf implementation really. So we are working on that, but we didn't have time to to add it to That's yours. So, uh, the question is how sssd can cache How well ssd can cache this information? Well, it's well caching like Our cache has a timestamp. Do you remember how long is it by default? Yeah, but even though like if the server is offline the information is there. We are just going to First thing is uh, we are just firing, uh a request well done in a I guess the defaults like 60 minutes or something like that for this So we're not going to keep asking the server every time the user logs in or This is the first thing second thing is Once the it's downloaded in case the server goes down. We are not removing this. We are just checking if the Server is up or not and then you are just calling a food commander client within the information that we have On this This is not like in cache. We end up like writing a five in this actually Oh and the one thing here is that They are Like they change it background But the actual background file is part of what Is on the machine already So then those come through your configuration of package management So if your packages install you just difference those files and the profile in itself is really like a path To a file and the path within decon where it should Set that well so the profile itself is rarely going above A kilobyte or two if you have a lot of settings there and it's catching yep You guys say you don't touch home And yet how do you manage to change settings of library office? Okay The question is How do how do we manage to apply the settings without touching the homes directory? Because we use Well, we sent a patch when this was very early to decon to allow to create that layers Over the over the system default one and also we send another patch to LibreOffice to Make LibreOffice save that configuration inside decon. So we more or less We are we are doing that the modifications in the way that All the information stored In this way is in a slash run slash user slash your uid A slash decon so any changes you Any settings that are there when you reboot they are removed and they are Reapplied again using the flea commander client. So That information is not in the in the home directory in the browser part. For example, we use the browser policies Support For chromium and chrome right now we use the the current support they have and mozilla is developing right now Policize Support also so we are we are going to use that but in the meantime, we will probably do some hacky thing to To allow the to allow using it until that development is is finished No, thank you Thank you very much. Who are the guys who ask the questions? Yeah, well before that just before that this one get the a bit a bit of Request to you. So we we're unposted as a volunteer in there And please help us to clean up rooms because this is the last call Please help us to fill in these Your payment So boy good questions