[gentoo-server] Community Development of Gentoo Server Mgmt Tools for VMware Clusters/etc - Puppet modules, github collaboration, etc - Fork of Dev Topic: Avoiding Urgent Stabilizations - gentoo-server

From:	Matthew Marlowe <matt@×××××××××××.net>
To:	Ed W <lists@××××××××××.com>
Cc:	gentoo-dev@l.g.o, gentoo-server@l.g.o
Subject:	[gentoo-server] Community Development of Gentoo Server Mgmt Tools for VMware Clusters/etc - Puppet modules, github collaboration, etc - Fork of Dev Topic: Avoiding Urgent Stabilizations
Date:	Fri, 25 Feb 2011 13:17:34
Message-Id:	`201102250431.22020.matt@deploylinux.net`

1

Reader note -- Direct all respones to gentoo-server ML to avoid flooding 

2

gentoo-dev.

3

4

For those on server-ml who missed dev-ml:

5

6

I'm starting to put together a portage/stable server configuration for a large 

7

number of gentoo VM's that will eventually be hosted on a VMware ESX 4.1U1 

8

cluster - with the goal of limiting major changes to once/year and otherwise 

9

only applying security/minimum necessary updates.  I doubt it will be easy but 

10

I'm doing my best at it :)

11

12

As part of that I'm maintaining on github several related repositories, 

13

including portage mask/use/config files, cluster management utilities, etc.

14

15

     https://github.com/deploylinux

16

17

I've also started to document work on my blog:

18

19

     http://www.deploylinux.net/matt

20

21

I'm not currently planning to utilize a separate overlay for packages/ebuilds, 

22

but it's not out of the question.

23

24

I'd be happy to work with any other devs or users w/ similiar interests or 

25

production networks to manage.....github makes group development relatively 

26

easy.

27

28

On Friday, February 25, 2011 03:37:36 am Ed W wrote:

29

> I maintain a, likely much smaller, number of VMs using linux vservers.

30

> The approach here is to almost cut each machine down to a chroot that

31

> runs only one (or thereabouts) interesting service.  To do this I have

32

> found customised portage profiles to be the under-plugged secret since

33

> they allow you to basically push a set of packages which should be

34

> installed and control "per type of vm" use flags and package keywords

35

> (eg I have www-nginx, www-apache, mail, proxy, mysql, ftp, etc

36

> profiles).  Additionally I have a small overlay of local ebuilds that

37

> sit in the same tree

38

>

39

40

I'd rather not maintain a separate profile for each server/node type.

41

Instead it would seem to be easier to use to a buildhost to create a combined 

42

repository of packages, and then use puppet to define nodetypes and tell each 

43

individual node which packages to install, which users to create, and which 

44

services to enable.

45

46

> Up until now I haven't really made any effort to sync this whole tree

47

> across multiple physical machines and it's a bit of an ad-hoc process.

48

> Using something like git would probably be perfect

49

>

50

51

Agreed -- git *is* perfect and widely used in enterprise configuration 

52

management repositories.  The main advantage is that it allows individual 

53

users to maintain their own forks, and yet merge contributions from other 

54

trees or to request that other repositories merge their changes w/o much 

55

effort.  Github makes this even easier w/ a web interface, tools to visual 

56

changes and track contributions, and discussions/wiki's for each repository.

57

58

> The still missing step is configuration management across the machine

59

> types, eg I want to upgrade all my "Apache-WWW" class machines and merge

60

> in all changes in /etc in a certain way... At the moment I just run

61

> dispatch-conf across all machines, but it can be quite boring merging 20

62

> instances of sshd.conf...  Seems like Puppet/Chef could be a solution

63

> here, but the step up and investment to make it work seems pretty large?

64

>

65

66

Yes, I'm currently planning that puppet will control installation of new 

67

packages and pushing all configuration files.  This works very well w/ RedHat 

68

Enterprise Linux/etc and if we are careful should also work for gentoo-- For 

69

updates, we may have to either extend puppet to be aware of revdep-rebuild and 

70

gentoo package versioning better, or have an external script for updating the 

71

relevant nodes after the buildhost has finished compiling them.

72

73

>

74

>

75

> It does appear like managing large numbers of virtual machines is one

76

> are that gentoo could score very well?  Interested to see any chatter on

77

> how others solve this problem, or any general advocacy?  Probably we

78

> should start a new thread though...

79

>

80

81

Agreed - With careful management, the time investment in QA and package 

82

management/maintenance should be more than outweighed by the benefits for 

83

reasonably sized server clusters.  It would be even easier if we can have 

84

gentoo server admins work together to help build puppet modules and general 

85

mgmt utilities using a service like github.

86

87

> Regards

88

>

89

> Ed W

90

91

Matt

92

--

93

Matthew Marlowe    /  858-400-7430  /    DeployLinux Consulting, Inc

94

  Professional Linux Hosting and Systems Administration Services

95

              www.deploylinux.net   *   matt@×××××××××××.net

96

                             'MattM' @ irc.freenode.net

1	Reader note -- Direct all respones to gentoo-server ML to avoid flooding
2	gentoo-dev.
3
4	For those on server-ml who missed dev-ml:
5
6	I'm starting to put together a portage/stable server configuration for a large
7	number of gentoo VM's that will eventually be hosted on a VMware ESX 4.1U1
8	cluster - with the goal of limiting major changes to once/year and otherwise
9	only applying security/minimum necessary updates. I doubt it will be easy but
10	I'm doing my best at it :)
11
12	As part of that I'm maintaining on github several related repositories,
13	including portage mask/use/config files, cluster management utilities, etc.
14
15	https://github.com/deploylinux
16
17	I've also started to document work on my blog:
18
19	http://www.deploylinux.net/matt
20
21	I'm not currently planning to utilize a separate overlay for packages/ebuilds,
22	but it's not out of the question.
23
24	I'd be happy to work with any other devs or users w/ similiar interests or
25	production networks to manage.....github makes group development relatively
26	easy.
27
28	On Friday, February 25, 2011 03:37:36 am Ed W wrote:
29	> I maintain a, likely much smaller, number of VMs using linux vservers.
30	> The approach here is to almost cut each machine down to a chroot that
31	> runs only one (or thereabouts) interesting service. To do this I have
32	> found customised portage profiles to be the under-plugged secret since
33	> they allow you to basically push a set of packages which should be
34	> installed and control "per type of vm" use flags and package keywords
35	> (eg I have www-nginx, www-apache, mail, proxy, mysql, ftp, etc
36	> profiles). Additionally I have a small overlay of local ebuilds that
37	> sit in the same tree
38	>
39
40	I'd rather not maintain a separate profile for each server/node type.
41	Instead it would seem to be easier to use to a buildhost to create a combined
42	repository of packages, and then use puppet to define nodetypes and tell each
43	individual node which packages to install, which users to create, and which
44	services to enable.
45
46	> Up until now I haven't really made any effort to sync this whole tree
47	> across multiple physical machines and it's a bit of an ad-hoc process.
48	> Using something like git would probably be perfect
49	>
50
51	Agreed -- git is perfect and widely used in enterprise configuration
52	management repositories. The main advantage is that it allows individual
53	users to maintain their own forks, and yet merge contributions from other
54	trees or to request that other repositories merge their changes w/o much
55	effort. Github makes this even easier w/ a web interface, tools to visual
56	changes and track contributions, and discussions/wiki's for each repository.
57
58	> The still missing step is configuration management across the machine
59	> types, eg I want to upgrade all my "Apache-WWW" class machines and merge
60	> in all changes in /etc in a certain way... At the moment I just run
61	> dispatch-conf across all machines, but it can be quite boring merging 20
62	> instances of sshd.conf... Seems like Puppet/Chef could be a solution
63	> here, but the step up and investment to make it work seems pretty large?
64	>
65
66	Yes, I'm currently planning that puppet will control installation of new
67	packages and pushing all configuration files. This works very well w/ RedHat
68	Enterprise Linux/etc and if we are careful should also work for gentoo-- For
69	updates, we may have to either extend puppet to be aware of revdep-rebuild and
70	gentoo package versioning better, or have an external script for updating the
71	relevant nodes after the buildhost has finished compiling them.
72
73	>
74	>
75	> It does appear like managing large numbers of virtual machines is one
76	> are that gentoo could score very well? Interested to see any chatter on
77	> how others solve this problem, or any general advocacy? Probably we
78	> should start a new thread though...
79	>
80
81	Agreed - With careful management, the time investment in QA and package
82	management/maintenance should be more than outweighed by the benefits for
83	reasonably sized server clusters. It would be even easier if we can have
84	gentoo server admins work together to help build puppet modules and general
85	mgmt utilities using a service like github.
86
87	> Regards
88	>
89	> Ed W
90
91	Matt
92	--
93	Matthew Marlowe / 858-400-7430 / DeployLinux Consulting, Inc
94	Professional Linux Hosting and Systems Administration Services
95	www.deploylinux.net * matt@×××××××××××.net
96	'MattM' @ irc.freenode.net

Gentoo Archives: gentoo-server