| 1 |
Am 07.01.2015 um 20:06 schrieb Tomas Mozes: |
| 2 |
|
| 3 |
> Strange, I only have successful stories with upgrading old gentoo |
| 4 |
> machines. If you have a machine which you update regularly then you know |
| 5 |
> all the issues during the time and so upgrading "per partes" leads to no |
| 6 |
> surprises but the same challenges you've handled before. But yes, it |
| 7 |
> takes time. |
| 8 |
> |
| 9 |
> Moreover, if you use configuration management like Ansible, you can even |
| 10 |
> automatically merge changes when applications ship new configuration. |
| 11 |
|
| 12 |
Thanks for that posting, it reminds me of some bigger issue I wanted to |
| 13 |
discuss here for quite a while now. |
| 14 |
|
| 15 |
Over the years I am now responsible for dozens of servers and VMs |
| 16 |
running gentoo linux ... and I wonder how to efficiently keep track of them. |
| 17 |
|
| 18 |
I learned my first steps with puppet and use it in a basic setup for my |
| 19 |
own machines in my LAN. It seems to work better for many identical |
| 20 |
servers, let's say in a hosting environment. |
| 21 |
|
| 22 |
The servers at my customers are somehow similar but not identical: |
| 23 |
|
| 24 |
different setups for services ... different update-cycles (which have to |
| 25 |
be synchronized and shortened as we have seen in this thread!) ... |
| 26 |
|
| 27 |
I look for a way of tracking all these systems: |
| 28 |
|
| 29 |
a) central database/repo with all the systems and how to access them: |
| 30 |
|
| 31 |
* unique system id |
| 32 |
* what IP, port, ssh-key, etc etc |
| 33 |
|
| 34 |
I use git for local tracking of /etc on most of my systems in the last |
| 35 |
years, but I did never really come up with a clever way how to |
| 36 |
centralize dozens of separate git-repos ... one repo per server pushed |
| 37 |
to one central git-home on of my inhouse servers? |
| 38 |
|
| 39 |
b) in addition tracking of let's say "rules" or "services": |
| 40 |
|
| 41 |
* which server runs e.g. apache? So if there is a new security warning |
| 42 |
out there for apache ... ask system "which servers/customers would need |
| 43 |
that update?" |
| 44 |
|
| 45 |
etc etc |
| 46 |
|
| 47 |
c) when was my last access to that server? Have I looked into it lately? |
| 48 |
|
| 49 |
(or more business-oriented:) |
| 50 |
Do I even have to / does the customer pay for that?) |
| 51 |
This should lead to some SLA-kind-of-thing, yes ... a bit off-topic for now. |
| 52 |
|
| 53 |
- |
| 54 |
|
| 55 |
Puppet is more oriented to push configs out to systems. |
| 56 |
|
| 57 |
Maybe a combination would apply ... puppet for building the basement, |
| 58 |
having stuff generalized (this path, that password/ssh-key ....) |
| 59 |
|
| 60 |
and some other components to track what has been done over time. |
| 61 |
|
| 62 |
I run OTRS ( http://en.wikipedia.org/wiki/OTRS ) for my daily work and |
| 63 |
looked into their module "ITSM" ( |
| 64 |
https://www.otrs.com/homepage/software/otrsitsm-features/ ) lately ... |
| 65 |
it allows to create "configuration items" (think: ITIL) etc, so far I |
| 66 |
think this is a bit of overkill and not really fitting the size of my |
| 67 |
business. |
| 68 |
|
| 69 |
I'd love to keep it simple and CLI-oriented: |
| 70 |
|
| 71 |
Gentoo allows to define (nearly?) everything via text-files, combined |
| 72 |
with the cleverness of git (and maybe puppet) this should give me a way of |
| 73 |
|
| 74 |
a) easily deploy new systems with configs according to some standards: |
| 75 |
I want these packages/users/paths/files ... |
| 76 |
|
| 77 |
b) track these systems: what boxes am I responsible for, what is out |
| 78 |
there and failing? ;-) (not talking monitoring here ... just what are my |
| 79 |
active systems out there) |
| 80 |
|
| 81 |
from there I should slowly get into defining new contracts with my |
| 82 |
clients including regular checks each 3 or 6 months ... what has to be |
| 83 |
done, are there any bigger updates to do (think udev, baselayout ...) |
| 84 |
and tell them if is possible to update the box within a few hours in |
| 85 |
parallel to normal work or if we need a bigger maintenance window. |
| 86 |
|
| 87 |
--- |
| 88 |
|
| 89 |
I am sure there are many other gentoo-users out there with similar |
| 90 |
challenges to face. And I am looking forward to your thoughts, |
| 91 |
experiences and recommendations! |
| 92 |
|
| 93 |
Best regards, Stefan |
Archives