Having discussed in past articles about , ΠΈ , we will continue to collect information about the necessary systems and services that can be deployed on these OSes.
In fact, this article turned out to be mostly theoretical. The problem is that there is nothing new and original in the "domestic" systems. And to rewrite the same thing for the hundredth time, without adding anything new, I donβt see the point. So there will be an assembly and analysis of data regarding import-substituting systems.
Plus, only Viola, Astra ΠΈ Pink. I Red OS Yes (very modest for my taste). Moreover, Rosa articles in this Wiki are often outdated and outdated, dated 2013-2014 and related to old distributions ... But for other Wiki systems, consider that they do not exist at all. Therefore, for distributions that do not have a KB or Wiki, we will assume that you need to look in the Wiki or KB of their parent distribution. For PINK CentOS (Red Hat) Astra β Debian Calculated - Gentoo Red OS -Red Hat AlterOS - openSUSE Axis CentOS (Red Hat) Ulyanovsk.BSD - FreeBSD QP OC - completely domestic development (according to the assurances of its creators, this is not Linux).
Also, for now, I will skip the point that I leave the entire infrastructure based on Microsoft, and start with the basics - DNS, Directory Service, Proxy Server. And then there will be user-oriented systems and services, such as a mail server, office, chat, etc.
1. Infrastructure
1.1. DNS
DNS-server is presented in all "domestic" operating systems in the form BIND9. Nothing new. And there is nothing complicated in setting up. Only Calculate does not have it in the BIND repository.
DDNS - a little more complicated, but also nothing out of the ordinary here.
ROSA's Wiki has the following , which has nothing to do with the real state of affairs. So we will assume that the instructions for setting up DDNS for ROSA should be looked for as related to CentOS.
1.2.DHCP
Again, nothing new, nothing complicated.
1.3. Directory Service
1.3.1. Astra Linux Directory (ALD)
It is not possible to include a Microsft Windows OS machine into an ALD domain using regular tools of Microsft Windows OS.
At the same time, as an AD client, Astra is entered into the domain literally .
Also, as a domain controller in Astra Linux can act SAMBA 4. This is not a revision of Astra, this is SAMDA in its original form. .
1.3.2.ED OS organization of the IPA domain, in which everything is described in sufficient detail.
1.3.3. ROSA directoryThere are mentions on the Internet that ROSA has its own development of ROSA Directory Server. Their wiki has on this account. Dated February 28, 2013. There are also mentions of an interesting Rosa Server Setup tool. And I began to dig, it's interesting to touch.
In general, in the R7 release, all this was cut out. As I understand it, this was due to the fact that Rosa was rebuilt based on CentOS instead of Mandriva, and their Directory was based on Mandriva Directory Server, and just didnβt fit on CentOS.
Therefore, as with all other operating systems, PINK can be installed SAMBA, and use it as a domain controller.
1.3.4. Alt FreeIPA
Almost all "domestic" operating systems on the market have the ability to work as a domain controller based on SAMBA. But SAMBA has a serious limitation when working with Windows based clients:
Samba AD DC functions at the level of a Windows 2008 R2 domain controller. You can enter it into a Windows 2012 domain as a client, but not as a domain controller.
Thus, for the normal operation of Windows servers and workstations, if we need them, and we need them, since there is software that cannot work under Linux (the same CAD packages or outdated software packages for devices that do nothing at all , except for Win XP, it is impossible to install), we need to deploy a domain based on Windows or FreeIPA. Deploying FreeIPA is a rather laborious process, while a Windows-based domain is deployed in a couple of hours. In my case, zero time cost, because I already have a Windows domain. At the same time, Linux can log in using AD. In fairness, I note that Windows can log in through FreeIPA.
This is how I bring up the rationale for why I don't want to give up Microsoft Windows-based domain controllers. I already have it. I see no reason to spend a lot of time and effort retraining administrators who are used to the convenience of the Windows graphical interface to work with text files on Linux systems. Yes, IPA has a web interface, but that doesn't really change things. (Linuxoids will most likely give me quarters for these words, but as a Windows admin who happened to work with Linux, I know what Iβm talking about. I canβt understand how you can love digging into text editors, reading through thousands of lines of code , afraid of being sealed when making changes. Whereas the graphical interface itself will show you everything, prompt, explain, just press the button and enter the necessary parameters. That's it. I spoke out. Shoot!)
Just in case, about deploying an IPA server. Suddenly someone will be useful.
1.4. Proxy server
Squid can be found in the repositories of almost all "domestic" operating systems. I don't know about anyone, but I have deployed Squid for a long time. I like.
ROSA did not have a similar article in the Wiki. But there is a lot of literature on configuring Squiid on the Internet. And the setting will differ only in the installation command to the package manager and, possibly, in the location of the config files.
1.5. Monitoring
Zabbix is in the repositories Astra, ROSA, Viola, Red OS. There will be no problems with this, you will only need to export all the necessary information from the product server, and then import it into the new server. Yes, we will lose history, but this is not critical in most cases. In cases where this is critical, you can leave both servers running until the information on the old server becomes outdated and no longer needed. And one moment. , judging by which, we can conclude that Maria DB will be blacklisted and will be cut out of the repositories of all "domestic" operating systems.
2.User oriented system
2.1. As stated in , we have Firebird 1.5 a system called TEKTON works. Accordingly, during import substitution, this business needs to be transferred to a new infrastructure. Firebird has versions for Linux, but version 1.5 is not in the repositories of "domestic" OSes. And there is no way to switch to a later version, since at the junction of versions 1 and 2 of Firebird, the principle of operation of stored procedures has changed, and no one will rewrite them ... and they wonβt be able to ... and thereβs no point, since this system should be replaced in the near future 1s. So "for the first time" it will be possible to download the package and install it not from the repository.
2.2. Electronic reporting system OASIS does not work under Linux. Moreover, OASIS does not run on anything other than MSSQL Server. Thus, we need a virtual machine with Windows and MSSQL Server. The Express version will suffice, since the database is small. But you canβt get away from this, since reporting to the FIU and tax is based on this.
2.3. As the web server MS IIS, of course, will not work, you will have to use the ones included in the repositories Apache or Nginx (the latter is in the repositories of ROSA, Alt, Calculate).
Which one is better? You can get acquainted with comrade
Wiki link:
there are only installation commands, you will have to configure according to other literature. For example, . Or maybe .
2.4. Corporate chat with authorization through AD. OpenFire or ejabberd. Simple and free.
You can use anything as a chat client, from Pidgin ΠΈ Miranda, which are in the OS assemblies, and ending with something self-written.
2.5. Mail server. As I have repeatedly mentioned, I like Zimbra. It can be deployed on the basis of RELS.
There are also packages in the OS repositories postfix/exim/dovecot.
Concerning the Rosa setup. Their wiki has , dated February 28, 2013. The only trouble is that it describes a method using RSS (ROSA Server Setup), which, as I said above, was removed from the current version of the distribution. So now you can use the instructions for setting up the mail server without being tied to the OS. For example, .
You can also consider the option of proprietary software in the form of "MyOffice server" or "CommuniGate Pro". But I don't like this option. At least because it's paid. On the other hand, support is good, it is a guarantee. But given that almost all administrators can guarantee the health of the mail server, the need for support is questionable. And if CommuniGate is a proven software, then MyOffice was created in 2014, and I personally have concerns about the number of bugs that can still be caught in this system. With all this, the price of both products, in my opinion, is unreasonably high.
2.6. Π Π΅Π·Π΅ΡΠ²Π½ΠΎΠ΅ ΠΊΠΎΠΏΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ in distributions presented bacula. Customizing this monster is a whole epic. There are a lot of materials on this issue, but still it is a whole work. But Bacula is a powerful and extremely useful multi-platform tool.
Taking into account the fact that Alt is the official partner of Bacula in Russia, we can hope that relatively fresh versions of this distribution will appear in their repositories.
2.7. About mail client Thunderbird, presented from all the "domestic" operating systems, I will not say anything.
2.8. About web browsers Mozilla Firefox, presented in all "domestic" operating systems and Yandex.Browser, which can be installed on all "domestic" operating systems, I will also keep silent.
2.9. Office suite. included in all "domestic" operating systems. It has 2 paid alternatives - these are "" and "". P-7 has a test version of the distribution kit "to try". Can . As for "MyOffice", I'll just leave it here ΠΈ (I advise you to pay special attention to the comments).
2.10. 1C: ENTERPRISE. For example,
Wiki Astra has about installing 1c both client and server parts.
The ROSA Wiki has . It is strange that there is no article on configuring the server, since the esque gets up on CentOS. For example, here .
The Alt Wiki has installation and configuration, which also contains useful links.
3. ΠΠ°ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅
Well, what can I say after studying the information related to import substitution? All this is profanity. This in no way eliminates imports, it in no way cancels dependence on foreign developers. It simply replaces one with another, allowing you to feed not foreign uncles, but ours, domestic ones. Sales taxes will go to the state treasury, this is a plus. But most of the money will end up in the hands of already rich βuncles and auntsβ, and will not reach trust funds, this is a minus. Any enterprises like βNew Cloud Technologiesβ that declare that βtheir goal is not to get rich on the import substitution program ...β actually pursue this very goal, otherwise there would be no such statements, there would be no lawsuits in the courts and statements to the Federal Antimonopoly Service. They would not take a piece of LibreOffice and repaint it under "Own Office".
To take a free product, already made by someone, finish it a little and sell it under the guise of your own, in my opinion, at least a little nae ... swindle. No, they, of course, made protection systems, encryption is there, that's all, they brought everything under the FSTEC certification ... But these are still not products made by them. With the exception of QP OS, Cryptosoft did everything by itself. And because of this, they will have compatibility problems, with the lack of software for their OS, bugs that have not been caught, etc. and so on. But they did. Alt did before the hype with import substitution, they are also great, they did not do it for the sake of momentary profit, in good faith, because they earned money on what was not the main stream.
Itβs not just that I write the word βdomesticβ in quotation marks, since there are only one or two domestic systems. There is only one operating system. What kind of βimport substitutionβ we are talking about remains a mystery.
No, in general, if you really want to and spend a lot of time and effort, then you can raise the infrastructure and most services on Linux. But for this you need to retrain or change windows administrators, and make them red-eye into application settings text files. But 90% of these systems will not be domestic, they will be free and, in rare cases, slightly repainted. With boring wallpapers. In general, all this fuss looks like expensive nonsense. If then what to say about us? The sound grain in this whole program ended at the idea stage, when it was said that the secret should be transferred to our secure systems so that "the enemy would not find out anything." And in the end, it resulted in what all normal ideas pour out in us. Well, business in our country is built like this - maximum profit at minimum cost.
4. What to do?
Cry and inject ... There is an order - you must do it, otherwise they will punish you. How they will be punished is unknown. The problem is that no one knows how the results of the import substitution program will be checked, including those who will check. There is no data on the ability to use software from the OS repositories. Can it be used? It is forbidden? Everyone uses - so you can? But it is not in the register of the Ministry of Telecom and Mass Communications - so it is impossible? There are no answers to these questions. But someone reported using the same LibreOffice, which is part of the OS. Ride. What about Zabbix? The one that is included in the repository - you can, but if you download the same version from the officials - you canβt? Etc. and so on. And where is the logic here?
As a result, it remains only to bring the share of software used to the established indicators, spend a lot of money on its purchase and support, and train employees to work with new software for them. There is an opinion that βthe severity of Russian laws is compensated by the optionality of their implementationβ, but to hope for this is such a thing ...
5.PS:
While I was writing these articles, I had to shovel through so much information that I wonder how I kept it all in my head. And I'm glad that the series of articles has come to an end. There was only an article about QP OC, which I promised to write to their representative in exchange for the opportunity to touch the distribution. Perhaps later there will be something else about iron as part of the same import substitution, but so far this is a pitchfork on the water.
I hope that the information collected and analyzed by me will help someone in the difficult task of switching to βdomesticβ software. Thank you all and see you again.
Source: habr.com