[148362] in North American Network Operators' Group
Re: Linux Centralized Administration
daemon@ATHENA.MIT.EDU (Daniel Ankers)
Fri Jan 13 03:57:35 2012
In-Reply-To: <4F0F8F7F.8090208@paulgraydon.co.uk>
Date: Fri, 13 Jan 2012 08:56:42 +0000
From: Daniel Ankers <md1clv@md1clv.com>
To: Paul Graydon <paul@paulgraydon.co.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 13 January 2012 01:57, Paul Graydon <paul@paulgraydon.co.uk> wrote:
> On 01/12/2012 03:51 PM, chaim.rieger@gmail.com wrote:
>>
>> On 1/12/2012 4:43 PM, Jimmy Hess wrote:
>>> Something to think about before attempting to centrally manage, your
>>> systems actually have to be centrally manageable -- that doesn't happen
>>> automatically and requires extra work.
>>>
>>>
>> this is why i never update. i would rather build a new image and deploy it
>> to the thousands of servers than worry about updates. be it an openssh
>> security notice, or new ntp configuration, for me it is easier to rebuild
>> servers than update config files.
>>
> For that matter, imaging is a bad way to go about handling this, you'd be
> better served by setting up something like Puppet or Chef and have them
> handle configuration management for you centrally, along with necessary
> software packages.
>
> Paul
I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup. There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)
I'm starting to look at Blueprint (http://devstructure.com) to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security
updates.
Dan
