1 |
Reader note -- Direct all respones to gentoo-server ML to avoid flooding |
2 |
gentoo-dev. |
3 |
|
4 |
For those on server-ml who missed dev-ml: |
5 |
|
6 |
I'm starting to put together a portage/stable server configuration for a large |
7 |
number of gentoo VM's that will eventually be hosted on a VMware ESX 4.1U1 |
8 |
cluster - with the goal of limiting major changes to once/year and otherwise |
9 |
only applying security/minimum necessary updates. I doubt it will be easy but |
10 |
I'm doing my best at it :) |
11 |
|
12 |
As part of that I'm maintaining on github several related repositories, |
13 |
including portage mask/use/config files, cluster management utilities, etc. |
14 |
|
15 |
https://github.com/deploylinux |
16 |
|
17 |
I've also started to document work on my blog: |
18 |
|
19 |
http://www.deploylinux.net/matt |
20 |
|
21 |
I'm not currently planning to utilize a separate overlay for packages/ebuilds, |
22 |
but it's not out of the question. |
23 |
|
24 |
I'd be happy to work with any other devs or users w/ similiar interests or |
25 |
production networks to manage.....github makes group development relatively |
26 |
easy. |
27 |
|
28 |
On Friday, February 25, 2011 03:37:36 am Ed W wrote: |
29 |
> I maintain a, likely much smaller, number of VMs using linux vservers. |
30 |
> The approach here is to almost cut each machine down to a chroot that |
31 |
> runs only one (or thereabouts) interesting service. To do this I have |
32 |
> found customised portage profiles to be the under-plugged secret since |
33 |
> they allow you to basically push a set of packages which should be |
34 |
> installed and control "per type of vm" use flags and package keywords |
35 |
> (eg I have www-nginx, www-apache, mail, proxy, mysql, ftp, etc |
36 |
> profiles). Additionally I have a small overlay of local ebuilds that |
37 |
> sit in the same tree |
38 |
> |
39 |
|
40 |
I'd rather not maintain a separate profile for each server/node type. |
41 |
Instead it would seem to be easier to use to a buildhost to create a combined |
42 |
repository of packages, and then use puppet to define nodetypes and tell each |
43 |
individual node which packages to install, which users to create, and which |
44 |
services to enable. |
45 |
|
46 |
> Up until now I haven't really made any effort to sync this whole tree |
47 |
> across multiple physical machines and it's a bit of an ad-hoc process. |
48 |
> Using something like git would probably be perfect |
49 |
> |
50 |
|
51 |
Agreed -- git *is* perfect and widely used in enterprise configuration |
52 |
management repositories. The main advantage is that it allows individual |
53 |
users to maintain their own forks, and yet merge contributions from other |
54 |
trees or to request that other repositories merge their changes w/o much |
55 |
effort. Github makes this even easier w/ a web interface, tools to visual |
56 |
changes and track contributions, and discussions/wiki's for each repository. |
57 |
|
58 |
> The still missing step is configuration management across the machine |
59 |
> types, eg I want to upgrade all my "Apache-WWW" class machines and merge |
60 |
> in all changes in /etc in a certain way... At the moment I just run |
61 |
> dispatch-conf across all machines, but it can be quite boring merging 20 |
62 |
> instances of sshd.conf... Seems like Puppet/Chef could be a solution |
63 |
> here, but the step up and investment to make it work seems pretty large? |
64 |
> |
65 |
|
66 |
Yes, I'm currently planning that puppet will control installation of new |
67 |
packages and pushing all configuration files. This works very well w/ RedHat |
68 |
Enterprise Linux/etc and if we are careful should also work for gentoo-- For |
69 |
updates, we may have to either extend puppet to be aware of revdep-rebuild and |
70 |
gentoo package versioning better, or have an external script for updating the |
71 |
relevant nodes after the buildhost has finished compiling them. |
72 |
|
73 |
> |
74 |
> |
75 |
> It does appear like managing large numbers of virtual machines is one |
76 |
> are that gentoo could score very well? Interested to see any chatter on |
77 |
> how others solve this problem, or any general advocacy? Probably we |
78 |
> should start a new thread though... |
79 |
> |
80 |
|
81 |
Agreed - With careful management, the time investment in QA and package |
82 |
management/maintenance should be more than outweighed by the benefits for |
83 |
reasonably sized server clusters. It would be even easier if we can have |
84 |
gentoo server admins work together to help build puppet modules and general |
85 |
mgmt utilities using a service like github. |
86 |
|
87 |
> Regards |
88 |
> |
89 |
> Ed W |
90 |
|
91 |
Matt |
92 |
-- |
93 |
Matthew Marlowe / 858-400-7430 / DeployLinux Consulting, Inc |
94 |
Professional Linux Hosting and Systems Administration Services |
95 |
www.deploylinux.net * matt@×××××××××××.net |
96 |
'MattM' @ irc.freenode.net |