[Samba] parallel administration tool for PCs?

[John H Terpstra]

On Tuesday 09 September 2008 17:01:08 David Mathog wrote:
> This is a bit off topic, but I'm looking for a convenient way to manage
> N "identical" Windows PCs, using as much as possible 1 command to do the
> same thing on all of them.  The capabilities I'm looking for, preferably
> in a single tool are, given a designated master machine and N clones of
> that master:
>
> 1.  Compare all (or to a specified depth) files below some directory on
> the workstations, displaying differences.  For instance, compare the
> directory tree below C:\Program Files.
>
> 2  After determining which subset of the differences from (1) need to be
> pushed, designate those files and "put", whereupon all such files are
> copied from the master to the N remote machines.
>
> 3. Select a .bat file in the synchronized directory tree, invoke "run",
> whereupon it runs inside a DOS shell on all remote machines.  The output
> from that run is saved and diffed, so that anything that went wrong on
> one of the machines may be spotted.
>
> 4  Run a program on the master (using Windows GUI), and it runs
> on all the other machines at once, applying the same key strokes and
> mouse events to all of them at once.  For instance, do an install on the
> master and everything happens the same way on the other N machines.
> If something different happens along the way, the option to address that
> machine specifically would be provided.  This one is sort of the holy
> grail for Windows administration, I'm not entirely sure that the Windows
> GUI even provides a place to hack in between the mouse and keyboard to
> achieve this.
>
> I already have a collection of tools for doing bits and pieces of this,
>
> but nothing that covers all of these bases:
> >From Samba there is smbclient, which if buried in a script can be used
>
> for the file transfers, so long as port 445/tcp is open on each
> workstation.  That isn't too bad a security hole since it can be
> restricted through the firewall to only talk to one controlling machine.
> It is relatively easy to make it talk to N machines by addressing them
> sequentially within a script, although it also requires one more machine
> running Linux to perform all the smbclient operations.  Tar can do
> the directory traversals, but there seems not to be any way to generate
> checksums on the remote machines, so for a directory comparision one
> would have to move all the relevant data over the net back to the
> central machine.  Not very efficient if N is large and the disk space
> being traversed is also large.
>
> UltraVNC lets me do any console operation remotely, but only one machine
> at a time.  If there was some way to run UltraVNC in parallel it would
> almost do what (4) requires, but currently all one can do is switch from
> display to display, and then repeat the same commands on each.
>
> Disk cloning (ghost and the like).  Massive overkill when just a few
> files need to be tweaked.  Plus on Windows if the partition being copied
> includes C:\Windows (and it always does for me) the whole sysprep etc.
> dance must be carried out.
>
> md5deep generates a tree'd md5sum report, which could be used for the
> file comparisons in (1), but it just runs on one machine at a time.
>
> Boot all machines under linux.  This lets me use ssh to run scripts,
> and since NTFS can be mounted read/write these days, access to the
> XP directories is possible from linux.  That makes the file
> synchronization relatively straightforward, but at the cost of having
> to run a completely different OS, and the loss of the ability to run
> programs within Windows.
>
> Thanks,
>
> David Mathog
> mathog at caltech.edu
> Manager, Sequence Analysis Facility, Biology Division, Caltech

Have you considered doing these types of updates from a logon script?  There 
are a number of tools you could use to do intelligent processing from a logon 
script environment.  Check the Samba3-HOWTO for info on logon scripts.

Cheers,
John T.
-- 
John H Terpstra

"Don't do as I do; Show me better!" - Anonymous.