[wpkg-users] multi-site / multi wpkg "repo" deployments for roaming laptops and notebooks

Marco Gaiarin gaio at sv.lnf.it
Fri Jan 27 11:26:15 CET 2012 

Mandi! Urs Rau (UK)
  In chel di` si favelave...

> The basic wish, need or requirement is / (or would be) to handle staff and
> equipment in branch offices. So that their desktops would all read from a local
> installation, but laptops would update themselves from either. So if they come
> for a weeks training or even a months sick cover their laptops and notebooks
> would still update using the companies wpkg setup.

I've the same problem, and i've solved it (see later); i manage a
''central repository'' of WPKG recipe that i spread across a dozen of
sites using csync2 (good compromise between a simple 'scp' and a full
blown configuration manager like puppy).

Every WPKG sites have, world is not perfect ;), some particularity, so
the recipe base are identical but hosts list and profile lists differs;
before this setup, some mobile users if forgot to unplug the ethernet
cable before shutdown will get a bunch of uninstall/install tasks, then
when come back in the ''home'' network, a bunch of install/uninstall.
Absolutely boring.

I think there's at least three method to solve that:

1) create a user dedicated to access wpkg shares, using different users
 (and/or passwords) in different networks, so simply a client cannot
 connet to a stranger network.
 Pro:
  + simple and effective
  + better security (wpkg shares can be accessible only by that user(s)
    and administrators
 Coons:
  + you have to manage that credentials
  + bootstrap of a wpkg client is a bit more complex

2) (i think the better) if you have an AD domain, use ''machine
 account'' authentication and let wpkg shares accessible only by
 machine accounts and administrators.
 Pro:
  + as above
  + you don't have to manage more accounts
 Coons:
  + does not work in samba/nt domains
  + works only if all machine are joined to the domain
  + clearly doesn't solve your problem if the domain are the same
    across branch offices. ;-)

3) (what i use) setup a variable in wpkgClient/wpkg-gp configuration
 and check on pre/post script; if differs, exit.
 Pro:
  + extremly simple and effective
  + easy bootstrap
 Coons:
  + no security


Pratically, i've on wpkgClient 'settings.xml':

	<script-variable name="LOCALNET">sv</script-variable>
	<pre-action>\\FILE\wpkg\wpkg-before.bat</pre-action>

and on \\FILE\wpkg\wpkg-before.bat:

	if not "%LOCALNET%" == "sv" (
		exit 1
	)

'wpkg-before.bat' are a server-side script, so effectively this
identify if client match the ''server''.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                http://www.sv.lnf.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the wpkg-users mailing list