Discussion:
[lopsa-tech] Configuration Management for laptops?
(too old to reply)
Yves Dorfsman
2018-10-25 18:54:19 UTC
Permalink
(in case you wonder where you've seen this, I tried an "Ask HN" earlier this
am that got zero traction)


I'm looking at Config Management for lpatops. Are there systems that work well
for laptops, as opposed to servers? Laptops are different because:

- they aren't always on (basic cron doesn't work, have to use @daily or similar)

- users don't know and don't care about background processes, so will suspend
(close lid) and reboot at random (as far as the OS is concerned)

- they are often disconnected from the internet

- need to take care of user "states" (mainly for installed packages, diff
users use diff packages)

I can educate users, teach them to update list of packages they want to
install in a git repo rather than installing packages directly, I can also ask
them to run an "update" regularly when they are connected to the internet and
will leave the laptop on rather than use cron etc...

I have used basic bash scripts, which worked well after the initial OS
install. Then used ansible pull, with complicated bash script to determine if
ansible was already running, had access to git repo, pull git repo, kill
failed ansible sessions etc..., which allowed continuous upgrade and the push
of some new configs. Major ansible changes made me reverse to bash scripts.
What else is out there? Runing local Salt minions? Will they have all the same
issues as ansible?

When writing my own stuff in bash, I feel like I'm re-inventing the wheel, but
"bash" has outlived everything else, no major version changes, my 10 year old
scripts are still working fine, ansible/salt etc.. didn't exist 10 years ago
and aren't tuned for laptop life.

Is there something well suited for laptops?

What do you use (for others, not just yourself)?
--
https://yves.zioup.com
gpg: 4096R/32B0F416
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/c040d14a-6841-0080-caeb-3c294ead6a30%40zioup.com.
Marcos Alano
2018-10-25 19:59:53 UTC
Permalink
my 0.02 dollars: I really love Ansible. But may be you could try Chef or
Puppet which have an agent on the machine (laptop in this case) which polls
a central server and gets the configuration from it. Salt could work, but I
don't know nothing about it.
Post by Yves Dorfsman
(in case you wonder where you've seen this, I tried an "Ask HN" earlier this
am that got zero traction)
I'm looking at Config Management for lpatops. Are there systems that work well
- users don't know and don't care about background processes, so will suspend
(close lid) and reboot at random (as far as the OS is concerned)
- they are often disconnected from the internet
- need to take care of user "states" (mainly for installed packages, diff
users use diff packages)
I can educate users, teach them to update list of packages they want to
install in a git repo rather than installing packages directly, I can also ask
them to run an "update" regularly when they are connected to the internet and
will leave the laptop on rather than use cron etc...
I have used basic bash scripts, which worked well after the initial OS
install. Then used ansible pull, with complicated bash script to determine if
ansible was already running, had access to git repo, pull git repo, kill
failed ansible sessions etc..., which allowed continuous upgrade and the push
of some new configs. Major ansible changes made me reverse to bash scripts.
What else is out there? Runing local Salt minions? Will they have all the same
issues as ansible?
When writing my own stuff in bash, I feel like I'm re-inventing the wheel, but
"bash" has outlived everything else, no major version changes, my 10 year old
scripts are still working fine, ansible/salt etc.. didn't exist 10 years ago
and aren't tuned for laptop life.
Is there something well suited for laptops?
What do you use (for others, not just yourself)?
--
https://yves.zioup.com
gpg: 4096R/32B0F416
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups
"LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/c040d14a-6841-0080-caeb-3c294ead6a30%40zioup.com
.
--
Marcos H. Alano
Linux System Administrator
***@gmail.com
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com.
Nick Anderson
2018-10-25 21:05:54 UTC
Permalink
I use CFEngine. It's been around for a quarter century.
Post by Marcos Alano
my 0.02 dollars: I really love Ansible. But may be you could try Chef or
Puppet which have an agent on the machine (laptop in this case) which polls
a central server and gets the configuration from it. Salt could work, but I
don't know nothing about it.
Post by Yves Dorfsman
(in case you wonder where you've seen this, I tried an "Ask HN" earlier this
am that got zero traction)
I'm looking at Config Management for lpatops. Are there systems that work well
- users don't know and don't care about background processes, so will suspend
(close lid) and reboot at random (as far as the OS is concerned)
- they are often disconnected from the internet
- need to take care of user "states" (mainly for installed packages, diff
users use diff packages)
I can educate users, teach them to update list of packages they want to
install in a git repo rather than installing packages directly, I can also ask
them to run an "update" regularly when they are connected to the internet and
will leave the laptop on rather than use cron etc...
I have used basic bash scripts, which worked well after the initial OS
install. Then used ansible pull, with complicated bash script to determine if
ansible was already running, had access to git repo, pull git repo, kill
failed ansible sessions etc..., which allowed continuous upgrade and the push
of some new configs. Major ansible changes made me reverse to bash scripts.
What else is out there? Runing local Salt minions? Will they have all the same
issues as ansible?
When writing my own stuff in bash, I feel like I'm re-inventing the wheel, but
"bash" has outlived everything else, no major version changes, my 10 year old
scripts are still working fine, ansible/salt etc.. didn't exist 10 years ago
and aren't tuned for laptop life.
Is there something well suited for laptops?
What do you use (for others, not just yourself)?
--
https://yves.zioup.com
gpg: 4096R/32B0F416
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups
"LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/c040d14a-6841-0080-caeb-3c294ead6a30%40zioup.com
.
--
Marcos H. Alano
Linux System Administrator
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups
"LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/CADTN-8xh%3D5hCDUHUf%3DJ3uA6dUUrTHeAdGtANbxwWMGPm7D0PEw%40mail.gmail.com.
Tom Perrine
2018-10-25 21:56:32 UTC
Permalink
As many of you probably know, I'm a pretty fierce open source fan, but....
there are times when it's just a better use of your time to push the
"commodity" stuff into a product, saving your time for the hard stuff,
corner cases, and things that you can't buy.

I think that mobile management has hit this stage at least for Windows and
Mac. For LINUX, much as I love bash, it's probably time to migrate from
scripts into a higher level system, such as Puppet, Ansible or CFengine.
I've seen or heard of all of those being used to manage laptops, with
varying degrees of success.

If you can afford it, I'd def try to manage Windows and Mac laptops using
commercial software.

For Linux, anything you can use to manage a server will probably work for a
laptop, with all those issues you mentioned :-( One key killer is what do
you do when the laptop is always on the road and can't connect to your
internal repos and control system?

For Windows, you probably want to be heading towards InTune, a cloud-based
customizable configuration and management system. Windows 10 is well
supported and the focus, W7 not as much. If you have any major MS
licenses, you may already be licensed for InTune. This has the advantage of
not requiring access to your internal networks, as the system is in the
cloud and accessible using any Internet connection, no VPN required. As
much as I AM NOT a Microsoft fan, they seem to have gotten this one right,
at least in principle. We're rolling it out globally starting in a month or
two. It will also manage Android and do basic management for IOS. We'll
probably be managing upwards of 3000 laptops and 5000 Windows desktops
within a year or so.

For Apple, I recommend JAMF - it's been around a while, and manages all
those weird states that laptops can get into pretty well. While it was born
"on prem" there is a cloud version coming, see InTune cloud comments. It
will manage MacOS and provides a better IOS feature set than InTune. We
already manage about 300 (mostly laptops) and I think we're expecting to
eventually manage about 2000 Mac laptops ( and some desktops) using this
system by next summer.

JAMF will integrate with InTune, as in Apple products managed by JAMF will
be "visible" to the InTune system, for things like asset management, etc.
*SOME* policies can supposedly be defined in InTune, which will be
translated into JAMF magic and then pushed via JAMF. Announced, but I
haven't seen it.

This advice is worth exactly what you paid for it, YMMV, etc.

--tep
Post by Nick Anderson
I use CFEngine. It's been around for a quarter century.
Post by Marcos Alano
my 0.02 dollars: I really love Ansible. But may be you could try Chef or
Puppet which have an agent on the machine (laptop in this case) which polls
a central server and gets the configuration from it. Salt could work, but I
don't know nothing about it.
Post by Yves Dorfsman
(in case you wonder where you've seen this, I tried an "Ask HN" earlier this
am that got zero traction)
I'm looking at Config Management for lpatops. Are there systems that work well
- users don't know and don't care about background processes, so will suspend
(close lid) and reboot at random (as far as the OS is concerned)
- they are often disconnected from the internet
- need to take care of user "states" (mainly for installed packages, diff
users use diff packages)
I can educate users, teach them to update list of packages they want to
install in a git repo rather than installing packages directly, I can also ask
them to run an "update" regularly when they are connected to the internet and
will leave the laptop on rather than use cron etc...
I have used basic bash scripts, which worked well after the initial OS
install. Then used ansible pull, with complicated bash script to determine if
ansible was already running, had access to git repo, pull git repo, kill
failed ansible sessions etc..., which allowed continuous upgrade and the push
of some new configs. Major ansible changes made me reverse to bash scripts.
What else is out there? Runing local Salt minions? Will they have all the same
issues as ansible?
When writing my own stuff in bash, I feel like I'm re-inventing the wheel, but
"bash" has outlived everything else, no major version changes, my 10 year old
scripts are still working fine, ansible/salt etc.. didn't exist 10 years ago
and aren't tuned for laptop life.
Is there something well suited for laptops?
What do you use (for others, not just yourself)?
--
https://yves.zioup.com
gpg: 4096R/32B0F416
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google
Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/c040d14a-6841-0080-caeb-3c294ead6a30%40zioup.com
.
--
Marcos H. Alano
Linux System Administrator
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups
"LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups
"LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CADTN-8xh%3D5hCDUHUf%3DJ3uA6dUUrTHeAdGtANbxwWMGPm7D0PEw%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CADTN-8xh%3D5hCDUHUf%3DJ3uA6dUUrTHeAdGtANbxwWMGPm7D0PEw%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/CAJq%3DPCU_QoPUqa984i2V-13iGwAq9g9QDoU-M7FigXJV6pG3UQ%40mail.gmail.com.
Ski Kacoroski
2018-10-26 03:06:22 UTC
Permalink
I agree with TOm on the Macs. We used cfengine and then puppet, but the
learning curve was just too steep for our staff skills. We have been on
Jamf for several years, it works very well, and has a vibrant community
to help you out. We manage around 7000 laptops and desktops with it.

For windows we are on SCCM, but looking at InTune. Unfortunately InTune
has several limitations right now so it will not work in our shop.
Perhaps in the future.

We do not manage linux laptops, but I would think that pretty much any
of the configuration management tools out there should work.

cheers,

ski
Post by Tom Perrine
As many of you probably know, I'm a pretty fierce open source fan,
but.... there are times when it's just a better use of your time to push
the "commodity" stuff into a product, saving your time for the hard
stuff, corner cases, and things that you can't buy.
I think that mobile management has hit this stage at least for Windows
and Mac. For LINUX, much as I love bash, it's probably time to migrate
from scripts into a higher level system, such as Puppet, Ansible or
CFengine. I've seen or heard of all of those being used to manage
laptops, with varying degrees of success.
If you can afford it, I'd def try to manage Windows and Mac laptops
using commercial software.
For Linux, anything you can use to manage a server will probably work
for a laptop, with all those issues you mentioned :-(  One key killer is
what do you do when the laptop is always on the road and can't connect
to your internal repos and control system?
For Windows, you probably want to be heading towards InTune, a
cloud-based customizable configuration and management system. Windows 10
is well supported and the focus, W7 not as much.  If you have any major
MS licenses, you may already be licensed for InTune. This has the
advantage of not requiring access to your internal networks, as the
system is in the cloud and accessible using any Internet connection, no
VPN required. As much as I AM NOT a Microsoft fan, they seem to have
gotten this one right, at least in principle. We're rolling it out
globally starting in a month or two. It will also manage Android and do
basic management for IOS.  We'll probably be managing upwards of 3000
laptops and 5000 Windows desktops within a year or so.
For Apple, I recommend JAMF - it's been around a while, and manages all
those weird states that laptops can get into pretty well. While it was
born "on prem" there is a cloud version coming, see InTune cloud
comments. It will manage MacOS and provides a better IOS feature set
than InTune. We already manage about 300 (mostly laptops) and I think
we're expecting to eventually manage about 2000 Mac laptops ( and some
desktops) using this system by next summer.
JAMF will integrate with InTune, as in Apple products managed by JAMF
will be "visible" to the InTune system, for things like asset
management, etc. *SOME* policies can supposedly be defined in InTune,
which will be translated into JAMF magic and then pushed via JAMF.
Announced, but I haven't seen it.
This advice is worth exactly what you paid for it, YMMV, etc.
--tep
I use CFEngine. It's been around for a quarter century. 
my 0.02 dollars: I really love Ansible. But may be you could try
Chef or Puppet which have an agent on the machine (laptop in
this case) which polls a central server and gets the
configuration from it. Salt could work, but I don't know nothing
about it.
(in case you wonder where you've seen this, I tried an "Ask
HN" earlier this
am that got zero traction)
I'm looking at Config Management for lpatops. Are there
systems that work well
- they aren't always on (basic cron doesn't work, have to
- users don't know and don't care about background
processes, so will suspend
(close lid) and reboot at random (as far as the OS is concerned)
- they are often disconnected from the internet
- need to take care of user "states" (mainly for installed
packages, diff
users use diff packages)
I can educate users, teach them to update list of packages
they want to
install in a git repo rather than installing packages
directly, I can also ask
them to run an "update" regularly when they are connected to
the internet and
will leave the laptop on rather than use cron etc...
I have used basic bash scripts, which worked well after the
initial OS
install. Then used ansible pull, with complicated bash
script to determine if
ansible was already running, had access to git repo, pull
git repo, kill
failed ansible sessions etc..., which allowed continuous
upgrade and the push
of some new configs. Major ansible changes made me reverse
to bash scripts.
What else is out there? Runing local Salt minions? Will they
have all the same
issues as ansible?
When writing my own stuff in bash, I feel like I'm
re-inventing the wheel, but
"bash" has outlived everything else, no major version
changes, my 10 year old
scripts are still working fine, ansible/salt etc.. didn't
exist 10 years ago
and aren't tuned for laptop life.
Is there something well suited for laptops?
What do you use (for others, not just yourself)?
--
https://yves.zioup.com
gpg: 4096R/32B0F416
--
This list provided by the League of Professional System
Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the
Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/c040d14a-6841-0080-caeb-3c294ead6a30%40zioup.com.
--
Marcos H. Alano
Linux System Administrator
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the
Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CAO3Us%3D%3DPfJrHq4zZoJhy8UwiOEfGrrZLhRbo5%2B2Me0xk%2Bfm1xw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google
Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it,
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CADTN-8xh%3D5hCDUHUf%3DJ3uA6dUUrTHeAdGtANbxwWMGPm7D0PEw%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CADTN-8xh%3D5hCDUHUf%3DJ3uA6dUUrTHeAdGtANbxwWMGPm7D0PEw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google
Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send
To view this discussion on the web visit
https://groups.google.com/a/lopsa.org/d/msgid/tech/CAJq%3DPCU_QoPUqa984i2V-13iGwAq9g9QDoU-M7FigXJV6pG3UQ%40mail.gmail.com
<https://groups.google.com/a/lopsa.org/d/msgid/tech/CAJq%3DPCU_QoPUqa984i2V-13iGwAq9g9QDoU-M7FigXJV6pG3UQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir

Chris "Ski" Kacoroski, ***@gmail.com, 206-501-9803
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/5d63f1a4-5faa-ffc4-fad9-55b61d43da25%40gmail.com.
Continue reading on narkive:
Loading...