Linux Centralized Administration

Daniel Ankers md1clv at
Fri Jan 13 08:56:42 UTC 2012

On 13 January 2012 01:57, Paul Graydon <paul at> wrote:
> On 01/12/2012 03:51 PM, chaim.rieger at wrote:
>> On 1/12/2012 4:43 PM, Jimmy Hess wrote:
>>> Something to think about before attempting to centrally manage, your
>>> systems actually have to be centrally manageable -- that doesn't happen
>>> automatically and requires extra work.
>> this is why i never update. i would rather build a new image and deploy it
>> to the thousands of servers than worry about updates. be it an openssh
>> security notice, or new ntp configuration, for me it is easier to rebuild
>> servers than update config files.
> For that matter, imaging is a bad way to go about handling this, you'd be
> better served by setting up something like Puppet or Chef and have them
> handle configuration management for you centrally, along with necessary
> software packages.
> Paul

I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup.  There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)

I'm starting to look at Blueprint ( to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security


More information about the NANOG mailing list