1 |
On 08.01.2015 00:02, Alan McKinnon wrote: |
2 |
> On 07/01/2015 22:30, Stefan G. Weichinger wrote: |
3 |
>> Am 07.01.2015 um 20:06 schrieb Tomas Mozes: |
4 |
>> |
5 |
>>> Strange, I only have successful stories with upgrading old gentoo |
6 |
>>> machines. If you have a machine which you update regularly then you know |
7 |
>>> all the issues during the time and so upgrading "per partes" leads to no |
8 |
>>> surprises but the same challenges you've handled before. But yes, it |
9 |
>>> takes time. |
10 |
>>> |
11 |
>>> Moreover, if you use configuration management like Ansible, you can even |
12 |
>>> automatically merge changes when applications ship new configuration. |
13 |
>> |
14 |
>> Thanks for that posting, it reminds me of some bigger issue I wanted to |
15 |
>> discuss here for quite a while now. |
16 |
>> |
17 |
>> Over the years I am now responsible for dozens of servers and VMs |
18 |
>> running gentoo linux ... and I wonder how to efficiently keep track of them. |
19 |
>> |
20 |
>> I learned my first steps with puppet and use it in a basic setup for my |
21 |
>> own machines in my LAN. It seems to work better for many identical |
22 |
>> servers, let's say in a hosting environment. |
23 |
>> |
24 |
>> The servers at my customers are somehow similar but not identical: |
25 |
>> |
26 |
>> different setups for services ... different update-cycles (which have to |
27 |
>> be synchronized and shortened as we have seen in this thread!) ... |
28 |
>> |
29 |
>> I look for a way of tracking all these systems: |
30 |
>> |
31 |
>> a) central database/repo with all the systems and how to access them: |
32 |
>> |
33 |
>> * unique system id |
34 |
>> * what IP, port, ssh-key, etc etc |
35 |
>> |
36 |
>> I use git for local tracking of /etc on most of my systems in the last |
37 |
>> years, but I did never really come up with a clever way how to |
38 |
>> centralize dozens of separate git-repos ... one repo per server pushed |
39 |
>> to one central git-home on of my inhouse servers? |
40 |
>> |
41 |
>> b) in addition tracking of let's say "rules" or "services": |
42 |
>> |
43 |
>> * which server runs e.g. apache? So if there is a new security warning |
44 |
>> out there for apache ... ask system "which servers/customers would need |
45 |
>> that update?" |
46 |
>> |
47 |
>> etc etc |
48 |
>> |
49 |
>> c) when was my last access to that server? Have I looked into it lately? |
50 |
>> |
51 |
>> (or more business-oriented:) |
52 |
>> Do I even have to / does the customer pay for that?) |
53 |
>> This should lead to some SLA-kind-of-thing, yes ... a bit off-topic for now. |
54 |
>> |
55 |
>> - |
56 |
>> |
57 |
>> Puppet is more oriented to push configs out to systems. |
58 |
>> |
59 |
>> Maybe a combination would apply ... puppet for building the basement, |
60 |
>> having stuff generalized (this path, that password/ssh-key ....) |
61 |
>> |
62 |
>> and some other components to track what has been done over time. |
63 |
>> |
64 |
>> I run OTRS ( http://en.wikipedia.org/wiki/OTRS ) for my daily work and |
65 |
>> looked into their module "ITSM" ( |
66 |
>> https://www.otrs.com/homepage/software/otrsitsm-features/ ) lately ... |
67 |
>> it allows to create "configuration items" (think: ITIL) etc, so far I |
68 |
>> think this is a bit of overkill and not really fitting the size of my |
69 |
>> business. |
70 |
>> |
71 |
>> I'd love to keep it simple and CLI-oriented: |
72 |
>> |
73 |
>> Gentoo allows to define (nearly?) everything via text-files, combined |
74 |
>> with the cleverness of git (and maybe puppet) this should give me a way of |
75 |
>> |
76 |
>> a) easily deploy new systems with configs according to some standards: |
77 |
>> I want these packages/users/paths/files ... |
78 |
>> |
79 |
>> b) track these systems: what boxes am I responsible for, what is out |
80 |
>> there and failing? ;-) (not talking monitoring here ... just what are my |
81 |
>> active systems out there) |
82 |
>> |
83 |
>> from there I should slowly get into defining new contracts with my |
84 |
>> clients including regular checks each 3 or 6 months ... what has to be |
85 |
>> done, are there any bigger updates to do (think udev, baselayout ...) |
86 |
>> and tell them if is possible to update the box within a few hours in |
87 |
>> parallel to normal work or if we need a bigger maintenance window. |
88 |
>> |
89 |
>> --- |
90 |
>> |
91 |
>> I am sure there are many other gentoo-users out there with similar |
92 |
>> challenges to face. And I am looking forward to your thoughts, |
93 |
>> experiences and recommendations! |
94 |
> |
95 |
> |
96 |
> In my opinion, ansible almost always beats puppet. |
97 |
> |
98 |
> Puppet is a) complex b) built to be able to deal with vast enterprise |
99 |
> setups and c) has a definition language I never could wrap my brains |
100 |
> around. It always felt to me like puppet was never a good fit for my needs. |
101 |
> |
102 |
> Then ansible hit the scene. Now ansible is designed to do what sysadmins |
103 |
> do anyway, to do it in mostly the same way, and to do it in an automated |
104 |
> fashion. It fits nicely into my brain and I can read a playbook at a |
105 |
> glance to know what it does. |
106 |
> |
107 |
> Ansible deploys stuff and makes it like how you want it to be. It is |
108 |
> equally good at managing 1000 identical machines as 100 mostly the same |
109 |
> ones, or 20 totally different ones. How it manages this miracle is not |
110 |
> easy to explain, so I urge you to give it a test drive. Fool around with |
111 |
> a bunch of VMs to get a feel of how it works. A tip: keep it simple, and |
112 |
> use roles everywhere. |
113 |
> |
114 |
> Ansible works nicely with other tools like vagrant and docker which |
115 |
> build and deploy your base images. Once you have a base machine with |
116 |
> sshd running and an administrative login account, ansible takes over an |
117 |
> manages the rest. It works really well. |
118 |
|
119 |
played around with ansible today and managed to get this working: |
120 |
|
121 |
http://blog.jameskyle.org/2014/08/automated-stage3-gentoo-install-using-ansible/ |
122 |
|
123 |
I even forked his repo and added a load of features to my newly built |
124 |
gentoo-systems (systemd, git, german locale, chrony ...). Nice. |
125 |
|
126 |
I still have to come up with a proper directory tree ... the docs at |
127 |
|
128 |
http://docs.ansible.com/playbooks_best_practices.html |
129 |
|
130 |
show a tree that seems a bit huge for my needs. |
131 |
|
132 |
One of my next goals: get all my local hosts into it and see how to |
133 |
manage them. |
134 |
|
135 |
|
136 |
---- |
137 |
|
138 |
aside from that back to the original topic of this thread: |
139 |
|
140 |
The "old box" booted instantly today ... cool. |
141 |
|
142 |
Stefan |