nanog mailing list archives

Re: Linux Centralized Administration


From: Daniel Ankers <md1clv () md1clv com>
Date: Fri, 13 Jan 2012 08:56:42 +0000

On 13 January 2012 01:57, Paul Graydon <paul () paulgraydon co uk> wrote:
On 01/12/2012 03:51 PM, chaim.rieger () gmail com wrote:

On 1/12/2012 4:43 PM, Jimmy Hess wrote:
Something to think about before attempting to centrally manage, your
systems actually have to be centrally manageable -- that doesn't happen
automatically and requires extra work.


this is why i never update. i would rather build a new image and deploy it
to the thousands of servers than worry about updates. be it an openssh
security notice, or new ntp configuration, for me it is easier to rebuild
servers than update config files.

For that matter, imaging is a bad way to go about handling this, you'd be
better served by setting up something like Puppet or Chef and have them
handle configuration management for you centrally, along with necessary
software packages.

Paul

I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup.  There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)

I'm starting to look at Blueprint (http://devstructure.com) to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security
updates.

Dan


Current thread: