[RndTbl] squid caching of Windblows Updates

Mike Pfaiffer high.res.mike at gmail.com
Fri Apr 16 07:57:42 CDT 2010

On 2010-04-15, at 12:20 PM, Trevor Cordes wrote:

> On 2010-04-15 Mike Pfaiffer wrote:
>> 	In addition to the Windows updates we also have firewall,
>> anti-virus, and anti-spyware. We also install a ZIP package. It used
> To save yourself time, you should do as someone mentioned and
> slipstream at minimum SP3 into your XP install CD.  This sounds
> daunting, but I will give you my cheatsheet and you can do it in 1 page
> of commands without any thinking:

	I think we may have SP3 already slipstreamed. I seem to recall something on a CD. I'll check it out when I get in to the lab in an hour.

> (install packages first: wine, convmv, cabextract; and find the
> script on the net called geteltorito, or ask me for it)
> tcsh
> set workdir=/tmp/Slip
> set  spfile="/tmp/WinXP_SP3.exe"
> set   spdir=$workdir/sp
> set   indir=$workdir/new
> set   cdrom=/dev/sr0
> set   cdmnt=/media/cdrecorder
> mkdir $workdir
> cd $workdir
> cabextract -d $spdir "$spfile"
> mkdir $indir
> mount $cdrom $cdmnt
> cp -r $cdmnt/* $indir
> chmod -R 777 $indir
> wine $spdir/i386/update/update.exe -s:$indir
> convmv -r --upper --notest $indir/*
> geteltorito $cdrom > $indir/boot.bin
> find $indir | xargs touch -t 200804140000
> umount $cdmnt
> eject $cdrom
> cd $indir
> mkisofs -b boot.bin -hide boot.bin -hide boot.catalog -no-emul-boot \
> -boot-load-size 4 -iso-level 4 -relaxed-filenames -D -V GRTMPVOL_EN -o \
> $workdir/iso .
> cdrecord dev=$cdrom $workdir/iso
> eject $cdrom
> rm $workdir/iso
> ============
> Doing the above (on linux) never ceases to amaze me (I've never used
> wine before).

	I had wine configured properly ONCE. It never worked for me again. I'll follow your directions when things get organised. Who knows... Lightning may strike twice. ;-)

>> 	The thing is we are "lightweights" when it comes to how to
>> install this sort of thing. The reason I suggested Ubuntu server is
> Nothing wrong with Ubuntu at all, just use what you're fastest with
> configuring, that's what I say.  You get used to a distro's way of
> doing things (mostly file system layout and /etc arrangement), and for
> me that's RedHat 6 (c 1999) or so :-)

	I like the text interface of Ubuntu server. I'm not sure I'd go with a GUI at this point. No sense in wasting clock cycles unless we have to.

>> 	We don't control the AC Router. We can put in requests but
>> they are having problems with Barracuda at the moment so it will be
> If you don't control the router then probably best to do the
> router-behind-router idea you outlined, just make sure to pick a
> different local subnet IP range!

	Makes sense. We don't want to compete with the AC.

>> 	My thoughts are if we can make the whole process transparent
>> to the machines being installed/repaired it would save us a bunch of
>> time. To do this I figured we'd need a router between the incoming
>> connection and the hub. OTOH, if the machine were on the other side
>> of the hub we'd end up having to configure the machines and restore
>> them when we were done.
> For easiest transparency (no settings to be made on client), you want
> the wpad to work, which means you must control your DNS, web and squid
> server.  If you can live with a 60sec tweak on every client (setting
> proxy manually) then you can do away with DNS and web and just setup a
> squid server that can be in your existing subnet (no need for another
> router).

	I understood about 80% of this paragraph. I think I should be able to understand the rest when we actually start the process.

>> 	This is what *I* think we'll have to do...
>> AC Router <--> CLL Router/Squid <--> CLL Hub <--> Various machines
> As above, best/transparent solution but a fair bit harder to initially
> implement.

	The advantages also include not having to set it up every time.

>> 	I don't know enough about Squid to know if we can get rid of
>> the router part of the machine then have it sit between the AC Router
>> and our machines. Our machines are generally set up for DHCP so my
>> concern would be where we get the IPs from.
> If you did squid but no DNS/web then the squid server would just be
> another peer on the LAN, just another box off the main switch.  Ideally
> you'd want to assign it a static IP.

	I thought this may be the case.

>> out M$ machines the clients are mostly ignored. It would be very hard
>> to justify coming up with money to pay someone to install it for us
>> (I don't get paid and I'm the senior volunteer - I don't think the
>> supervisor gets paid either). I think I could persuade them to buy
>> you a lunch at Subway though... :-)
> I hear ya.  I'm a bit over-subscribed for work, but I could possibly
> squeeze in some moments here and there if you can arrange remote ssh
> access from my IP.  Going onsite would be a royal pain given my schedule
> though.  The roundtable (incl myself) is also here to help out with
> questions.

	I'll have to go through channels to ask. Given the AC has installed Barracuda my guess is they probably will say no.

	We could arrange to have the machine dropped off to you somewhere if that would be any better... 

	Worst case would be we work on it an hour per week and report the progress back here.

	Sounds like this has captured the imagination of the group. I wonder if it might be worth a future presentation... ;-)

> If you've never done any BIND config before, that will probably be the
> biggest challenge for you.  The apache stuff should be fairly easy and
> the squid stuff extremely easy with my conf file.

	As I mentioned I am a lightweight with this. The whole computer area is very broad and this isn't an area I had experience with until very recently.


More information about the Roundtable mailing list