oldman provoked me when he mentioned the wonderful tools he has to manage PCs/servers in his system. I thought I would describe my tools. Mine cost $0 and work for me so I see high performance/$.
Infrastructure
My network is not unusual. I use a router just as a firewall and router. I put DHCP on my own server so I can control what each machine looks like on the network. I record the MAC for each machine in a database and placed all the relevant statements in /etc/dhcp3/dhcpd.conf. That way every machine gets the same IP address on each boot and the dhcp server updates the DNS server locally so I can address machines by name. There are GUI tools for doing this but my system is so small, I just edit the lists. I use scripts to create the configuration files. All I needed was a list of machine name and MAC and IP address. I took that from the router when I took away its DHCP function and added machines as they came on line. While DHCP/DNS is a management tool system there is nothing remarkable about that. It is fairly normal on any system.
Custom tools
When I want to tweak anything from my chair, I use tools I built from lower-level tools in the GNU system. I use an account on a particular server to control everything in the system. The OpenSSL public key /root/.ssh/id_rsa.pub for that account is stored in /root/.ssh/authorized_keys in every GNU/Linux disc image so that when I restore the image to install GNU/Linux on a machine, I have passwordless logins remotely for that machine. The /root/.ssh/known_hosts file and the host keys prevent man-in-the-middle attacks once the key signature is approved by me. I can examine that by ssh-keygen -l . This gives me reasonable security for a system like mine. I could improve security by adding more layers but this is enough considering the value of our data etc. Most of our data comes from the web and we just keep a local copy. Most really important documents end up on paper and stored in steel boxes somewhere.
How the tools work is simple. I prepend some stuff to any command and it goes to any and all PCs I control. I can run a private process or a GUI app on any machine I control.
e.g. to check the time on all machines in the system:
./all date
I get a column of date-time data and I can spot any laggards. They should all be synchronized so a discrepancy means a machine has a problem like being off at the time of attempted sync, flaky network, or a misconfiguration. If a machine is off-line, I get an indication of that. All messages are prefixed by the name of the targetted machine:
Here is “all”:
#!/bin/bash
for f in /root/scripts/lab/*;do (echo `basename $f`;ssh `basename $f`.example.com $1 ;echo)&done
The directory /root/scripts/lab/ has touched files with the name of each PC in my lab. I have another command which does similar things for every PC on the LAN. $1 is the command following ./all. I could put all on my PATH to make this easier but I like being in my file structure so I can instantly edit anything so all is in a good place. For the classrooms, I can create directories with the names of the PCs therein. If I forget a room number I can use locate nameofpc to find it.
Here is “wall”:
#!/bin/bash
#wol all PCs in lab
wakeonlan -i 192.168.0.255 `cat /root/scripts/macs/*`
macs is a directory containing files named after the PCs. The content of each file is the MAC (hardware address of the NIC).
Here is “sall”:
#!/bin/bash
#shutdown all PCs in lab
for f in /root/scripts/lab/*;do (echo `basename $f`;ssh `basename $f`.rsl.edu “shutdown -h now&exit;”;echo)&done
~
If I want to run a GUI application on any machine, I can use ssh -Y user@machine application and the X connection is forwarded. This is useful for demonstrating to a user who has walked up to my desk or to use a GUI tool for my system administration. I normally prefer text because it is simpler and methods and results are easily saved.
I also have scripts for waking any or all and shutting any or all down. The most frequently used command to ferry around this way is apt-get update;apt-get upgrade which synchronizes the system with the repositories of which I have a cache of used packages on my server. It all works very nicely. I have used similar tools for that other OS and they are all propietary add-ons and because of the lack of a package manager much more complex. No doubt oldman will tell us the wonders of a provisioning system that can install x and y inside a virtual machine on any machine in the system in minutes but I have no use for such a thing. I have not enough RAM per machine. I have 12 machines capable of that on teachers desks and GNU/Linux as a normal installation does everything they need done and more. My problem is getting teachers to use all the capabilities of this system not adding more to it.
To a stock Debian GNU/Linux installation all I need to get this to work is to apt-get install openssh-server and then plug in the authorized_keys as mentioned above. It takes seconds to do that. My cache of the repositories runs at gigabit/s between servers and 100 megabits/s to any client. That’s many times faster than our Internet connection and makes the packaging system APT a joy to use. My cache has 500gB drives so this system could likely work well for a few thousand machines. RedHat, Novell and IBM have toolsets that they claim work for 10K machines. My school with less than 100 does not need that and it would take longer for my successor to adopt to say nothing of the year or more it would take to get that in the budget.
Oh, in particular, for teaching, a teacher should control the PCs used by the students. With this system I can add stuff to view/control the desktop (x11VNC) or I can watch their list of active processes. I can stop any process, too. pkill -u user, pkill -f somecommand, /etc/init.d/gdm stop, all get their attention instantly. The last logs everyone in a GUI off the terminal server in seconds. Very dramatic way to send them on their way. I can also shut down the lab as described above. This sure beats arguing with a student or phoning Mommy. It helps to have a lab where I can view each monitor directly. If all are supposed to be writing a report and one has a video game running, he/she stands out. 
Needless to say, the password of root on the main server is a priceless commodity in my system. I will not sell it cheaply…
10349
8015
107
2
0
14332 
7212 
7166 
2724 
2035 
1232 
198 
7 
0 
0 
0 
0 