Re: Linux Centralized Administration

[Daniel Ankers <md1clv () md1clv com>]

On 13 January 2012 01:57, Paul Graydon <paul () paulgraydon co uk> wrote:
> On 01/12/2012 03:51 PM, chaim.rieger () gmail com wrote:
> > On 1/12/2012 4:43 PM, Jimmy Hess wrote:
> > > Something to think about before attempting to centrally manage, your
> > > systems actually have to be centrally manageable -- that doesn't happen
> > > automatically and requires extra work.
> > this is why i never update. i would rather build a new image and deploy it
> > to the thousands of servers than worry about updates. be it an openssh
> > security notice, or new ntp configuration, for me it is easier to rebuild
> > servers than update config files.
> For that matter, imaging is a bad way to go about handling this, you'd be
> better served by setting up something like Puppet or Chef and have them
> handle configuration management for you centrally, along with necessary
> software packages.
>
> Paul

I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup.  There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)

I'm starting to look at Blueprint (http://devstructure.com) to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security
updates.

Dan