 We're starting out with Steven Sanks talking to us about an automated roll out of Linux with a Windows VM guest. Thanks for coming, everyone. I work at the University of Canterbury, as you can see from up there. I've actually been in the computer science department for a little over two years having been elsewhere on campus a'nd was fortunate to be able to slip into the role there. What we had before I got involved and started fiddling with things is, sorry, this is a 2009 netbook with an Atom N270, so this is probably a bit of hard work for it, but we'll see how we go. We've got roughly 260 machines in our department across four labs. This includes staff and post-graduates as well. Previously, we used Fedora Linux with Windows 7 in a dual boot configuration, and all Linux authentication account information came from our own department, LDAP service. And why would we want to change anything? Well, no matter which way you spin it, dual booting is paying the neck for anyone. Interruption workflow, if you are somebody who needs to use both operating systems you need to maybe plan ahead and then of course you've got to wait for your software to shut down, reboot, log in the other operating system, see yourself up, and it's awful. And because of that, both Windows and Linux got behind on updates. Students could come into a lab, sit down at any particular machine, see it's not running the operating system they want. Yeah, they could restart the machine and pick the operating system I did want, but that hardly ever happened. They'd just move across a machine to something that already is running the operating system that they wanted to use. So this left us with a situation where the dormant operating system could go a very long time without getting any kind of updates or software that we wanted to push out. So when the dormant operating system became active because someone rebooted it and started it up, hello, and the machine got busy sucking everything in and this was kind of not a good look when if you've got a lab test going on and your machine's starting to get hammered because it's catching up, because it's been weeks or possibly a month or two behind. The other thing that made it tricky is the release schedule and the life cycle of Fedora. We would always go with the even-numbered releases which gets releases, you know, towards the end of the year. Fedora 18, for example, I think it was seven times its release date got pushed back and when you throw into the mix Christmas holidays and other people want to take a little bit of extended leave and you've got an academic year starting at the end of February, having things delayed until January-ish is a bit of a tense time for us, especially when some of the bleeding-edge stuff that you see in Fedora, it gets thrusted on you and you've got very little time to work out how to make this work on 260-odd machines. I'm looking at you, Nome 3, and because the life cycle of any given Fedora release is about 12 or so months when you've got things like shell shock and heart bleed, the last thing you want to do is have machines which aren't getting updates anymore and so this is not kind of working for us. So I figured this could be better. We are a department who really loves Linux. We use it a lot. So I figured it was time to show it a bit more love. So I decided, well, all our hardware in our labs are all capable of virtualisation and it's sitting there unused, so let's go for it. I decided and I convinced everyone this was a good idea. So the other methods we considered, the bare-bone system with the simple Linux underneath wasn't really going to work because even if you have a very simple Linux hosting operating system, that's another operating system you have to maintain. This also doesn't work for us as we students need to create their own virtual machines. So you won't be creating virtual machines inside virtual machines because that just doesn't work. Thought about for like a millisecond of using Windows as the host operating system but the other requirement was that I needed this to work and work reliably. If you've ever had the displeasure of using Microsoft's SCCM, the system configuration... configuration manager, as a colleague of mine accurately puts it, it's a great big hairy beast and we've observed that it's not predictable when it actually pushes out software. You can install a machine, observe the order that software gets installed, reinstall the same machine and it's in different order. And our experience with Linux is that every time you say jump it says, how high? So obviously we're going to have Linux as the hosting operating system and addressing the issues that I described with Fedora, I said, hey, yes, let's use Linux Mint and we'll use a long-term support version because we get updates for five years and we switch to the next long-term support version every two years. This is kind of good for us because at the end of the year when summertime comes on students around, we've got a bit more time now that we can work on other summertime projects and with the long-term support version being released early in the year, it's got time to mature, stabilise and we can fiddle about and see what's going on and let it mature. So to have a machine set up, like we buy a bunch of machines and to shove this into our environment, the way I went about it, I didn't spend too long looking at other systems that other people had already possibly created because there was a risk of maybe it didn't quite do all the things I felt like it might wanted to do and the fact that I had the end of year in which to get this done by and we were also dealing with the fact that since you will have noticed from the very first slide from Earthquake City, we had building remediation going on as well so whether or not we were actually going to get our lives back in time for the academic year was something else, adding a little bit of pressure into the mix. So I thought, well, by the time I'd looked at everything else, I probably could have knocked something up which works. Unfortunately this does. So I have on a web server just a simple text file. It is a CSV file except everything is semi-colon delimited because there is also information about where your Windows virtual machine sits in Active Directory and to make it easier in dealing with this information from the Windows side of things, the organizational unit has commas in it. So I've got to change my field separator. Our virtual machines are based upon the host name that the host operating system has just so it's easy to tell them apart and all the virtual machines have their own unique MAC address and when I was making this up I thought 10,000 MAC addresses seems like a good number. They're all unique and we're using VirtualBox as the hypervisor and in my experience I've noticed that all MAC addresses created by VirtualBox all start with 08,000,27 so we've got another 16.7 MAC addresses we can use at the end of that we're not likely to run out any time soon and so when we buy a group of machines to shove them into this system we get that information as a CSV file I just did a little Python program which pulls out the information we need which contains the MAC address of the active interface we're going to use on the computer and it's we have an in-house asset ID system and that makes up part of the host name so it pulls all that, shoves it into this simple flat file database and bulbs your uncle and so from Linux I modified the Ubuntu customization kit very very slightly and that it doesn't actually build an ISO at all for Linux Mint because it looks up to see what distribution Ubuntu you're using and at that point it fails when you're trying to create your ISO so I just told it not to do that the reason I'm making an ISO rather than say using Pixie Boot to do all this is because I can share it around other places on campus there's a growing need for people who see Linux as a genuine need to have, not a I want it, it's I need it to do my stuff primarily in my undergraduate studies so when I've knocked up my ISO and I write it on, I only need eight memory sticks because by the time I've done the eighth machine the first one's finished so I can just pull it out and keep going around so when the machine sets up it grabs a copy of this file looks at the MAC address of the active ethernet device there's my host name names itself and then a post and store script pretty much does everything else as you can see up there the important part of that is that each Linux machine joins Active Directory we chuck all our machines into the same OU because they're not going to pay any attention to any windows group policies or anything that might get applied so it's not relevant OK, thank you so now we've taken care of part of the LDAP issue earlier on whereby anybody who logs into a Linux machine their password is always authenticated against Active Directory but their account information still comes from our own LDAP servers this is because the information we want in our LDAP servers central IT don't seem to be too keen on including having the passwords authenticated with AD is a big plus because previously we had been replicating our password information with central IT and things could get a little better out of sync now that problem goes away so when you're making up a windows VM you need to use network bridging if you don't your machine will not join Active Directory and things just won't work so you just create a virtual machine with virtual box and you allocate how much disk you feel like giving to your virtual machine RAM and all that kind of stuff chuck it in the domain and install the windows updates because that will save time later on set aside two hours for the windows updates alone ask me how I know and then you can chuck in your SCCM client and if you're not aware what you would use that for it's basically Microsoft's way of getting your software these days on to windows when you've done that just join it from the domain sites in the work group and reboot it and then you copy some key files into strategic places the unattend.xml is an xml file created by the windows automated installation kit it's a free tool for Microsoft and there's various websites where it will build you this file for you the PowerShell scripts and command scripts I refer to there are things that I wrote which basically replicate the same kind of function that Linux uses windows will look at its MAC address that it's been assigned look up that file there's my name and name itself do a reboot and then it will join your domain when you're actually deploying it and when you've got those files in place then you can run the syspreq utility which will really windows so that after it's deployed it will do the first time run on startup and then you can export this whole thing as an OVA and when you actually deploy it I took the approach of having a special user which is local to the machine and the windows VM is run as this user the last thing we want is anyone being able to start up the virtual box virtual machine manager and seeing the windows VM there and thinking oh well play with that and generally muck around and give you a bad day and break it for anyone else who wants to use it on that machine so they don't see it at all all they see is a desktop file in their start menu oh my goodness what's happening to me on their desktop and also in the menu they run that and VM starts up and goes full screen they can toggle out of that if they want to and when the VM is imported the bash script looks up the machine the Linux machine that this is happening on and goes well okay this virtual machine is to be allocated this particular MAC address the Yank set out and then configures the virtual machine so that it uses it then CRON entries are created so that updates can occur at night time so now we can apply updates and other software to windows at night and we can still do Linux at the same time so yes in the wee small hours we can set up the virtual machine headless this is a feature in virtual box and windows will do its first time run and there is a path in windows c column backslash windows backslash system32 backslash I think it's set up complete any fault any cmd file you chuck on there windows will run I believe it actually has to be called 8.cmd and from there you can launch your PowerShell scripts which make all this work and when you've got that set up then your windows guys can apply group policy, SCCM anything they want to because as far as AD and all that is concerned it's just a real windows machine and at 5 am it'll shut down and this is something that happens every day so if you want to do it anytime we can and they'll happen at night time so the result with this is that well it works students tended to as I said earlier they would sit down at a machine and see it's not running the operating system that they wanted and move over now students don't even bother half the time starting up the virtual machine and they just use Linux which is what I was going for in the first place that's a win and the exceptions there are that you need to still use windows for office and students who are doing computer vision tend to use an actual windows machine box rather than have it in the VM because virtual box does will rather the other way around the Microsoft SDK for the Xbox camera does not work under virtual box does under VMware but the reason I chose to do this in virtual box over VMware is because I wanted to not spend any money and the licensing allows us to actually to do this there's a an add-on pack an extension pack where the licensing because we're an academic institution and after having read the license from beginning to end in its entirety and understood it I figured yep we can use this feedbacks been quite positive from everybody without asking I had people coming to me and say yep this works for us so we've managed to nail what is it birds with two two birds with a stone so yeah it works and the other thing that we've managed to do using the kind of thing here is shameless blood given that we are hosted at the University of Auckland right now in the last year University of Canterbury was successful and having its introduction to the programming course the COSQ121 have all their students complete their final exam completely online there was no paper based exam any more and the students walked out of the computer lab knowing what they scored in the exam which is a much more natural way to program than using pen and paper and it's also easier for people to mark exams on a computer even though this is actually automated because if you've ever tried to read someone's code written on the pen it's really hard so that's all I really had to tell you all the best scripts and power shell stuff if you're interested I will be making available along with the slides here so if it's something that you're keen to muck about with then go for it please and no doubt there will be improvements because I did say I did knock this up kind of over the summertime so things can always be improved so if anyone's got anything they want to ask now would be a good time we've got about five minutes for questions just quick query you said you still needed to use MS Office is that mostly because the rest of the uni sorry I didn't catch that you needed to use MS Office you couldn't use Libra Office presumably that is there anyway that's definitely there but I think most people are kind of wired into thinking I need to use a word process so I have to use EMS Office right so it's not actually a requirement because every other part of the uni is using stuff that doesn't migrate well to Libra then it's just that we do have a course which does teach EMS Office but the kind of principles that are taught in that can apply to Libra Office anyway but this is this is a small part in the big picture and you have to start somewhere with this so it's more just the momentum at the moment rather than technical yes you mentioned AD before sorry I'm over here you mentioned AD before do you run SAM before or do you actually have a Microsoft AD control that links into your elder back end so I can't I don't know if it's the audio but I didn't quite catch all of that question so I was just asking if you use SAM before that's a Microsoft back end entirely that we use SSD to join the domain and this is a good thing because it means we don't have to ask IT or can you change this, can you change that in order for us to work with you we can just simply using all the Linux tools we can slot in and then one day we can say hey did you know we were doing this and they haven't had to make any changes to anything in their system which is how I want it to be but one thing at a time thanks hi there what have you done with your iMac lab the iMac lab have you got Linux Mint running on that no Mac lab yeah the Mac lab which basically everyone was just running windows on we've got some labs have moved places because because of earthquakes and stuff we have got some labs now which do have Macs and they are dual boot OSX and windows as to who uses which operating system I don't know because that's on the other side of campus and I never go there okay we've got time for one more question so with respect to your VMs you've got these scripts that you run to set up the VMs there's a tool called cloudbase init from this company cloudbase which is like a windows provisioning tool to do exactly this I didn't know if you'd heard about that or looked at that at all as a way to provision things more automatically than what you've got or I've haven't come across it sorry I didn't look all that hard before I started this I was sort of making up in my head thinking this could work if we do it this way and it does seem to work and the way that this works pushes out the windows VM also works for doing our virtual machine for doing the online exam I was talking about because that's all inside of Linux VM as well which is locked down so what was good about that was that I could reuse code that already written and I didn't need to completely redo things so it seemed like a natural thing to do at the time Craig thank you please join me in thanking Stephen