1 |
Am 07.01.2015 um 20:06 schrieb Tomas Mozes: |
2 |
|
3 |
> Strange, I only have successful stories with upgrading old gentoo |
4 |
> machines. If you have a machine which you update regularly then you know |
5 |
> all the issues during the time and so upgrading "per partes" leads to no |
6 |
> surprises but the same challenges you've handled before. But yes, it |
7 |
> takes time. |
8 |
> |
9 |
> Moreover, if you use configuration management like Ansible, you can even |
10 |
> automatically merge changes when applications ship new configuration. |
11 |
|
12 |
Thanks for that posting, it reminds me of some bigger issue I wanted to |
13 |
discuss here for quite a while now. |
14 |
|
15 |
Over the years I am now responsible for dozens of servers and VMs |
16 |
running gentoo linux ... and I wonder how to efficiently keep track of them. |
17 |
|
18 |
I learned my first steps with puppet and use it in a basic setup for my |
19 |
own machines in my LAN. It seems to work better for many identical |
20 |
servers, let's say in a hosting environment. |
21 |
|
22 |
The servers at my customers are somehow similar but not identical: |
23 |
|
24 |
different setups for services ... different update-cycles (which have to |
25 |
be synchronized and shortened as we have seen in this thread!) ... |
26 |
|
27 |
I look for a way of tracking all these systems: |
28 |
|
29 |
a) central database/repo with all the systems and how to access them: |
30 |
|
31 |
* unique system id |
32 |
* what IP, port, ssh-key, etc etc |
33 |
|
34 |
I use git for local tracking of /etc on most of my systems in the last |
35 |
years, but I did never really come up with a clever way how to |
36 |
centralize dozens of separate git-repos ... one repo per server pushed |
37 |
to one central git-home on of my inhouse servers? |
38 |
|
39 |
b) in addition tracking of let's say "rules" or "services": |
40 |
|
41 |
* which server runs e.g. apache? So if there is a new security warning |
42 |
out there for apache ... ask system "which servers/customers would need |
43 |
that update?" |
44 |
|
45 |
etc etc |
46 |
|
47 |
c) when was my last access to that server? Have I looked into it lately? |
48 |
|
49 |
(or more business-oriented:) |
50 |
Do I even have to / does the customer pay for that?) |
51 |
This should lead to some SLA-kind-of-thing, yes ... a bit off-topic for now. |
52 |
|
53 |
- |
54 |
|
55 |
Puppet is more oriented to push configs out to systems. |
56 |
|
57 |
Maybe a combination would apply ... puppet for building the basement, |
58 |
having stuff generalized (this path, that password/ssh-key ....) |
59 |
|
60 |
and some other components to track what has been done over time. |
61 |
|
62 |
I run OTRS ( http://en.wikipedia.org/wiki/OTRS ) for my daily work and |
63 |
looked into their module "ITSM" ( |
64 |
https://www.otrs.com/homepage/software/otrsitsm-features/ ) lately ... |
65 |
it allows to create "configuration items" (think: ITIL) etc, so far I |
66 |
think this is a bit of overkill and not really fitting the size of my |
67 |
business. |
68 |
|
69 |
I'd love to keep it simple and CLI-oriented: |
70 |
|
71 |
Gentoo allows to define (nearly?) everything via text-files, combined |
72 |
with the cleverness of git (and maybe puppet) this should give me a way of |
73 |
|
74 |
a) easily deploy new systems with configs according to some standards: |
75 |
I want these packages/users/paths/files ... |
76 |
|
77 |
b) track these systems: what boxes am I responsible for, what is out |
78 |
there and failing? ;-) (not talking monitoring here ... just what are my |
79 |
active systems out there) |
80 |
|
81 |
from there I should slowly get into defining new contracts with my |
82 |
clients including regular checks each 3 or 6 months ... what has to be |
83 |
done, are there any bigger updates to do (think udev, baselayout ...) |
84 |
and tell them if is possible to update the box within a few hours in |
85 |
parallel to normal work or if we need a bigger maintenance window. |
86 |
|
87 |
--- |
88 |
|
89 |
I am sure there are many other gentoo-users out there with similar |
90 |
challenges to face. And I am looking forward to your thoughts, |
91 |
experiences and recommendations! |
92 |
|
93 |
Best regards, Stefan |