Linux Centralized Administration

Daniel Ankers md1clv at md1clv.com
Fri Jan 13 02:56:42 CST 2012


On 13 January 2012 01:57, Paul Graydon <paul at paulgraydon.co.uk> wrote:
> On 01/12/2012 03:51 PM, chaim.rieger at gmail.com wrote:
>>
>> On 1/12/2012 4:43 PM, Jimmy Hess wrote:
>>> Something to think about before attempting to centrally manage, your
>>> systems actually have to be centrally manageable -- that doesn't happen
>>> automatically and requires extra work.
>>>
>>>
>> this is why i never update. i would rather build a new image and deploy it
>> to the thousands of servers than worry about updates. be it an openssh
>> security notice, or new ntp configuration, for me it is easier to rebuild
>> servers than update config files.
>>
> For that matter, imaging is a bad way to go about handling this, you'd be
> better served by setting up something like Puppet or Chef and have them
> handle configuration management for you centrally, along with necessary
> software packages.
>
> Paul

I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup.  There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)

I'm starting to look at Blueprint (http://devstructure.com) to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security
updates.

Dan



More information about the NANOG mailing list