“Mice cried and pricked ..” Import substitution in practice. Part 4 (theoretical, final). Systems and Services


    Having talked about options , “domestic” hypervisors and “domestic” Operating Systems in previous articles , we will continue to collect information about the necessary systems and services that can be deployed on these OSes.

    In fact, this article turned out to be mostly theoretical. The problem is that there is nothing new and original in the "domestic" systems. And to rewrite the same thing for the hundredth time, without adding anything new, I see no reason. So there will be an assembly and analysis of data regarding import-substituting systems.

    Plus, only Alt, Astra and Rosa have a more or less normal Wiki . At Red OS has a knowledge base(very modest for my taste). Moreover, Rosa's articles in this Wiki are often outdated and irrelevant, dated 2013-2014 and related to old distributions ... But for other Wiki systems, consider that there are none at all. Therefore, for distributions that do not have a KB or Wiki, we assume that you need to look in the Wiki or KB of their parent distribution. For ROSA - CentOS (Red Hat), Astra - Debian, Calculate - Gentoo, Red OS - Red Hat, AlterOS - openSUSE, OS - CentOS (Red Hat), Ulyanovsk . BSD - FreeBSD, QP OC - completely domestic development (by assurances its creators is not Linux).

    Also, I will omit the moment that I leave the entire infrastructure based on Microsoft and start with the basics - DNS, Directory Service, Proxy-server . Well, user oriented systems and services will go on, such as a mail server, office, chat, etc.

    1. Infrastructure

    1.1. DNS

    The DNS server is presented in all "domestic" operating systems in the form of BIND9 . Nothing new. And there’s nothing complicated in setting up. Only Calculate in the BIND repository does not. But there are others.

    DDNS is a bit more complicated, but there is nothing out of the ordinary here either.
    Instructions for Astra
    Instructions for Alt
    ROSA in the Wiki has the following instructions that have nothing to do with the real situation. So we will assume that the instructions for setting up DDNS for ROSA should be sought as related to CentOS.

    1.2. DHCP

    Again - nothing new, nothing complicated.
    Astra Linux Wiki DHCP
    ROSA Enterprise Linux Server DHCP

    1.3. Directory Service

    1.3.1. Astra Linux Directory (ALD)
    Wiki Link
    It is not possible to include a Microsft Windows machine in an ALD domain using regular Microsft Windows OS tools.

    At the same time, as a client, AD Astra is entered into the domain in just a couple of actions .

    Instructions for setting up ALD. SAMBA 4

    can also act as a domain controller in Astra Linux . This is not a refinement of Astra, it is SAMDA in its original form. Configured like this . Or like that.

    1.3.2. OS Redirected IPA Domain Organization
    Link to the knowledge base , in which everything is described in some detail.

    1.3.3. Rosa directory
    On the Internet there are references to the fact that ROSA has its own development of the ROSA Directory Server. There is an article on this subject in their Wiki . Dated February 28, 2013. There are also references to the interesting Rosa Server Setup tool. And I began to dig, it’s interesting to touch.

    In general, in the release of R7 all this was cut. As I understand it, this was due to the fact that Rosa was rebuilt on the basis of CentOS instead of Mandriva, and their Directory was based on the Mandriva Directory Server , and simply did not fit into CentOS.

    Therefore, like on all other OSs, you can install SAMBA on ROSA and use it as a domain controller.

    1.3.4. Alt FreeIPA

    Almost all “domestic” operating systems on the market have the ability to work as a SAMBA- based domain controller . But SAMBA has a serious limitation when working with Windows based clients:
    Samba AD DC operates at the domain controller level of Windows 2008 R2. You can enter it into a Windows 2012 domain as a client, but not as a domain controller.

    Thus, for the normal operation of Windows servers and workstations, if we need them, but we need them, because there is software that can not work under Linux (the same CAD packages or outdated software packages for devices that generally don’t , except Win XP is impossible to deliver), we need to deploy a domain based on Windows or FreeIPA . Deploying FreeIPA is a rather time-consuming process, while a Windows-based domain can be deployed in a couple of hours. In my case, zero time costs, because I already have a domain running Windows. In this case, Linux can log in using AD. In fairness, I note that Windows can log in through FreeIPA.

    This is how I bring to the rationale for why I do not want to give up domain controllers based on Microsoft Windows. I already have it. I see no reason to waste a lot of time and effort, to retrain administrators who are accustomed to the convenience of the Windows GUI to work with text files of Linux systems. Yes, IPA has a web-based interface, but that doesn’t really change things. (Linuxoids probably quartered me for these words, but I, as a Windows admin who had a chance to work with Linux, imagine what I'm talking about. I can’t understand how you can love digging into text editors, reading through thousands of lines of code Being afraid to be sealed up when making changes, while the graphical interface will show you everything, tell you, explain, just press the button and enter the necessary parameters. That's it. I spoke out. Shoot!)

    Just in case,here there is a very useful article about deploying an IPA server. Suddenly someone will be useful.

    1.4. Proxy server

    Squid can be found in the repositories of almost all "domestic" OS. I don’t know how anyone, but I have Squid deployed for a long time. It works for me.
    Astra Linux Squid
    Alt Squid with authorization via AD
    Squid for RED OS with authorization via IPA
    ROSA did not find such an article in the Wiki. But there is a lot of literature on setting up Squiid on the Internet. And the setup will differ only in the installation command for the package manager and, possibly, in the location of the config files.

    1.5. Monitoring

    Zabbix is in the repositories Astra, ROSA, Alt, Red OS . There will be no problems with this, you will only need to export all the necessary information from the product server, and then import it into a new server. Yes, we will lose history, but this is not critical in most cases. In cases where this is critical, you can leave both servers in operation until the information on the old server becomes outdated and no longer needed. And one moment. There was information , judging by which, we can conclude that Maria DB will be blacklisted and will be cut out from the repositories of all "domestic" OS.
    Install and configure Zabbix on Astra
    Install and configure Zabbix on Alt
    Install and configure Zabbix on EDIT OS

    1.6. IP telephony

    There are several software solutions from domestic developers in the registry of the Ministry of Communications.
    Ideco PBX does not require an OS. Off site .
    Roskom. IP-PBX also does not require a working OS. Off site .
    MetPBX also does not require an OS under it. Off site .
    SKIT.ATS can be deployed on Linux. Off site .
    And finally, the GetCall platform , which also does not require an OS. Off site .

    I personally had no business with IP telephony, so I can’t say anything about them.

    2. User oriented system

    2.1. As mentioned in a previous article , we have a system called TECTON running on Firebird 1.5 . Accordingly, with import substitution, this business must be transferred to a new infrastructure. Firebird has versions for Linux, but in repositories there are no "domestic" OS versions 1.5. And there is no possibility to switch to a later version, since at the junction of Firebird versions 1 and 2 the principle of operation of stored procedures has changed, and no one will be able to rewrite them ... and it will not be able ... and it makes no sense, since this system should be replaced in the near future 1s So "for the first time" it will be possible to download the package and install it not from the repository.

    2.2. OASIS Electronic Reporting Systemunder Linux does not work. Moreover, OASIS does not work on anything other than MSSQL Server. Thus, we need a virtual machine with Windows and MSSQL Server. The Express version will suffice, since the database is small. But you can’t get away from this, since the PFR and tax reporting are based on this.

    2.3. Naturally, MS IIS is not suitable as a web server , you will have to use the Apache or Nginx repositories included in the repository (the latter is in the ROSA, Alt, Calculate repositories).
    Which one is better? You can read the article by comrade rrromka

    Wiki Link:
    For Alt
    For Calculate
    For ROSAthere are only installation commands, you will have to configure according to other literature. For example, documentation from the official site . Or you can find a bunch of articles on setting up on Habré .

    2.4. Corporate chat with authorization through AD. OpenFire or ejabberd. Simple and free.
    ejabberd on Alt
    Configuring ejabberd without being tied to the OS
    Configuring OpenFire

    As a chat client, you can use anything from Pidgin and Miranda , which are in OS builds, to something self-written.

    2.5. Mail server. As I have repeatedly mentioned, I like Zimbra. It can be deployed based on RELS.
    Implement Zimbra Collaboration Open Source, authorize via AD and automatically create mailboxes
    Configure backup and recovery of entire Zimbra OSE and separate mailboxes
    Create and update mailing lists in Zimbra Collaboration OSE based on groups and users of Active Directory

    Here you can see the deployment based on RELS

    Also in OS repositories have Postfix / Exim / Dovecot packages .
    Alt Wiki Postfix Dovecot
    Astra Linux. Installing the Dovecot mail server
    Regarding the configuration of Rosa. Their Wiki has an article on deploying a mail serverdated February 28, 2013. The only trouble is that there is described a method using RSS (ROSA Server Setup), which, as I said above, was vipile from the current version of the distribution. So now you can use the instructions for setting up the mail server without being tied to the OS. For example, this one .

    You can also consider the option of proprietary software in the form of " MyOffice Server " or " CommuniGate Pro". Но мне этот вариант не нравится. Как минимум потому, что он платный. С другой стороны, поддержка — это хорошо, это гарантия. Но при условии, что почти все администраторы могут гарантировать работоспособность почтового сервера, необходимость поддержки вызывает сомнения. И если CommuniGate это проверенное ПО, то «МойОфис» был создан в 2014 году, и лично у меня вызывает опасения мысль о количестве багов, которые в этой системе еще можно словить. При всем при этом цена обоих продуктов на мой взгляд необоснованно завышена.

    2.6.Резервное копирование в дистрибутивах представлено Bacula. Настройка этого монстра — целая эпопея. Материалов по этому вопросу достаточно много, но все равно это целый труд. Но Bacula — мощный и крайне полезный мультиплатформенный инструмент.
    Instructions for Astra
    Instructions for Alt
    Documentation on the official website. Official website of the Bacula web-interface project.

    Taking into account the fact that Alt is the official Bacula partner in Russia, we can hope that relatively new versions of this distribution will appear in their repository.

    2.7. About e-mail client Thunderbird , presented with all the "native" OS will not say anything.

    2.8. About web browsers Mozilla Firefox , presented in all "domestic" OS and Yandex.Browser, which can be installed on all "domestic" OS, I will also keep silent.

    2.9. Office suite . Libreofficeis part of all "domestic" OS. He has 2 paid alternatives - this is MyOffice and P7 Office . R-7 has a test version of the "try it" distribution. You can request here . As for MyOffice, I’ll just leave this link and this link here (I advise you to pay special attention to comments).

    Wiki Astra has an outdated article about installing 1c for both client and server parts.
    The ROSA Wiki has an article about installing 1c client. It is strange that there is no article on configuring the server, as on CentOS, the esq gets up. For example, here is an article .
    There is an article in the Alt Wiki with a detailed description of installation and configuration, which also provides useful links.

    3. Conclusion

    Well, what can I say after studying the information related to import substitution? All this is profanity. This in no way eliminates the import, dependence on foreign developers in no way cancels. It simply replaces one with another, allowing you to feed not domestic uncles, but ours, domestic. Sales taxes will go to the state treasury, that's a plus. But most of the money will be deposited in the hands of the already rich "uncles and aunts", and will not reach the trust funds, this is a minus. Any enterprises such as “New Cloud Technologies” that claim that “their goal is not to get rich on the import substitution program ...”, in fact, pursue this goal, otherwise there would be no such statements, there would be no lawsuits and statements to the courts FAS. They wouldn’t take a piece of LibreOffice and repaint it under SvoyOffice.

    To take a free product, already made by someone, finish it a bit and sell it under the guise of your own, in my opinion, at least a little bit of ... cheating. No, of course, they did security systems, they encrypted everything, everything was done, they brought everything under FSTEC certification ... But it’s all the same products that they didn’t make. With the exception of the QP OS, CryptoSoft did everything by itself. And because of this, they will have compatibility problems, lack of software for their OS, uncaught bugs, etc. etc. But they did. Alt did even before hype with import substitution, they also did well, not for the sake of momentary profit, they did it honestly, because they earned money from what was not the main stream.

    I’m not just writing the word “domestic” in quotation marks, since there are one, two, and fewer domestic systems. Operating systems - generally only one. What kind of "import substitution" is in question remains a mystery.

    No, in general, if you really want and spend a lot of time and energy, then you can raise the infrastructure and most of the services on Linux. But for this you need to retrain or change the windows-administrators, and make them red-eyed application settings in text files. But 90% of these systems will not be domestic, they will be free and, in rare cases, a little repainted. With boring wallpapers. All in all, all this fuss looks like expensive nonsense. If the Germans failed, then what can we say about us? .. "The mice were crying and pricking ..", and the big brother continued to stuff his pocket. The healthy grain in this entire program ended at the stage of the idea, when it was said that the secret must be transferred to our secure systems so that “the enemy could not find out anything.” But in the end, this resulted in what we have all the normal ideas. Well, the business in our country is so constructed - maximum profit at minimum cost.

    4. What to do?

    Cry and inject ... There is an order - must be done, otherwise they will punish. How to punish is unknown. The problem is that no one knows how they will check the results of the import substitution program, including those who will check. There is no evidence of the ability to use software from OS repositories. Can I use it? You can’t? Everyone uses it - so you can? But the Ministry of Communications is not in the register - then it’s impossible? There are no answers to these questions. But someone reported using the same LibreOffice, which is part of the OS. It rolled. What about Zabbix? The one that is included in the repository - you can, but if the same version can be downloaded from the official - you can not? Etc. etc. And where is the logic here?

    As a result, it remains only to lead to the established indicators of the share of the software used, spend a lot of money on its purchase and support, and train employees to work with new software for them. There is an opinion that “the severity of Russian laws is compensated by the non-bindingness of their implementation”, but to hope so is the thing ...

    5. PS:

    While I was writing these articles, I had to shovel up so much information that I wonder how I kept all this in my head. And I am glad that the series of articles has come to an end. All that remains is an article about QP OC, which I promised to write to their representative in exchange for the opportunity to touch the distribution. Perhaps then there will be something else about iron as part of the same import substitution, but for now it’s a pitchfork in the water.

    I hope that the information gathered by me and analyzed by me will help someone in the difficult task of switching to "domestic" software. Thank you all and see you soon.

    You can also read on the topic:

    Previous publications:

    an article about import substitution planning.

    An article about "domestic" operating systems.

    Articleabout systems and services.

    Well, about the QP OS in addition.

    Also popular now: