| 1 |
On 08.01.2015 00:02, Alan McKinnon wrote: |
| 2 |
> On 07/01/2015 22:30, Stefan G. Weichinger wrote: |
| 3 |
>> Am 07.01.2015 um 20:06 schrieb Tomas Mozes: |
| 4 |
>> |
| 5 |
>>> Strange, I only have successful stories with upgrading old gentoo |
| 6 |
>>> machines. If you have a machine which you update regularly then you know |
| 7 |
>>> all the issues during the time and so upgrading "per partes" leads to no |
| 8 |
>>> surprises but the same challenges you've handled before. But yes, it |
| 9 |
>>> takes time. |
| 10 |
>>> |
| 11 |
>>> Moreover, if you use configuration management like Ansible, you can even |
| 12 |
>>> automatically merge changes when applications ship new configuration. |
| 13 |
>> |
| 14 |
>> Thanks for that posting, it reminds me of some bigger issue I wanted to |
| 15 |
>> discuss here for quite a while now. |
| 16 |
>> |
| 17 |
>> Over the years I am now responsible for dozens of servers and VMs |
| 18 |
>> running gentoo linux ... and I wonder how to efficiently keep track of them. |
| 19 |
>> |
| 20 |
>> I learned my first steps with puppet and use it in a basic setup for my |
| 21 |
>> own machines in my LAN. It seems to work better for many identical |
| 22 |
>> servers, let's say in a hosting environment. |
| 23 |
>> |
| 24 |
>> The servers at my customers are somehow similar but not identical: |
| 25 |
>> |
| 26 |
>> different setups for services ... different update-cycles (which have to |
| 27 |
>> be synchronized and shortened as we have seen in this thread!) ... |
| 28 |
>> |
| 29 |
>> I look for a way of tracking all these systems: |
| 30 |
>> |
| 31 |
>> a) central database/repo with all the systems and how to access them: |
| 32 |
>> |
| 33 |
>> * unique system id |
| 34 |
>> * what IP, port, ssh-key, etc etc |
| 35 |
>> |
| 36 |
>> I use git for local tracking of /etc on most of my systems in the last |
| 37 |
>> years, but I did never really come up with a clever way how to |
| 38 |
>> centralize dozens of separate git-repos ... one repo per server pushed |
| 39 |
>> to one central git-home on of my inhouse servers? |
| 40 |
>> |
| 41 |
>> b) in addition tracking of let's say "rules" or "services": |
| 42 |
>> |
| 43 |
>> * which server runs e.g. apache? So if there is a new security warning |
| 44 |
>> out there for apache ... ask system "which servers/customers would need |
| 45 |
>> that update?" |
| 46 |
>> |
| 47 |
>> etc etc |
| 48 |
>> |
| 49 |
>> c) when was my last access to that server? Have I looked into it lately? |
| 50 |
>> |
| 51 |
>> (or more business-oriented:) |
| 52 |
>> Do I even have to / does the customer pay for that?) |
| 53 |
>> This should lead to some SLA-kind-of-thing, yes ... a bit off-topic for now. |
| 54 |
>> |
| 55 |
>> - |
| 56 |
>> |
| 57 |
>> Puppet is more oriented to push configs out to systems. |
| 58 |
>> |
| 59 |
>> Maybe a combination would apply ... puppet for building the basement, |
| 60 |
>> having stuff generalized (this path, that password/ssh-key ....) |
| 61 |
>> |
| 62 |
>> and some other components to track what has been done over time. |
| 63 |
>> |
| 64 |
>> I run OTRS ( http://en.wikipedia.org/wiki/OTRS ) for my daily work and |
| 65 |
>> looked into their module "ITSM" ( |
| 66 |
>> https://www.otrs.com/homepage/software/otrsitsm-features/ ) lately ... |
| 67 |
>> it allows to create "configuration items" (think: ITIL) etc, so far I |
| 68 |
>> think this is a bit of overkill and not really fitting the size of my |
| 69 |
>> business. |
| 70 |
>> |
| 71 |
>> I'd love to keep it simple and CLI-oriented: |
| 72 |
>> |
| 73 |
>> Gentoo allows to define (nearly?) everything via text-files, combined |
| 74 |
>> with the cleverness of git (and maybe puppet) this should give me a way of |
| 75 |
>> |
| 76 |
>> a) easily deploy new systems with configs according to some standards: |
| 77 |
>> I want these packages/users/paths/files ... |
| 78 |
>> |
| 79 |
>> b) track these systems: what boxes am I responsible for, what is out |
| 80 |
>> there and failing? ;-) (not talking monitoring here ... just what are my |
| 81 |
>> active systems out there) |
| 82 |
>> |
| 83 |
>> from there I should slowly get into defining new contracts with my |
| 84 |
>> clients including regular checks each 3 or 6 months ... what has to be |
| 85 |
>> done, are there any bigger updates to do (think udev, baselayout ...) |
| 86 |
>> and tell them if is possible to update the box within a few hours in |
| 87 |
>> parallel to normal work or if we need a bigger maintenance window. |
| 88 |
>> |
| 89 |
>> --- |
| 90 |
>> |
| 91 |
>> I am sure there are many other gentoo-users out there with similar |
| 92 |
>> challenges to face. And I am looking forward to your thoughts, |
| 93 |
>> experiences and recommendations! |
| 94 |
> |
| 95 |
> |
| 96 |
> In my opinion, ansible almost always beats puppet. |
| 97 |
> |
| 98 |
> Puppet is a) complex b) built to be able to deal with vast enterprise |
| 99 |
> setups and c) has a definition language I never could wrap my brains |
| 100 |
> around. It always felt to me like puppet was never a good fit for my needs. |
| 101 |
> |
| 102 |
> Then ansible hit the scene. Now ansible is designed to do what sysadmins |
| 103 |
> do anyway, to do it in mostly the same way, and to do it in an automated |
| 104 |
> fashion. It fits nicely into my brain and I can read a playbook at a |
| 105 |
> glance to know what it does. |
| 106 |
> |
| 107 |
> Ansible deploys stuff and makes it like how you want it to be. It is |
| 108 |
> equally good at managing 1000 identical machines as 100 mostly the same |
| 109 |
> ones, or 20 totally different ones. How it manages this miracle is not |
| 110 |
> easy to explain, so I urge you to give it a test drive. Fool around with |
| 111 |
> a bunch of VMs to get a feel of how it works. A tip: keep it simple, and |
| 112 |
> use roles everywhere. |
| 113 |
> |
| 114 |
> Ansible works nicely with other tools like vagrant and docker which |
| 115 |
> build and deploy your base images. Once you have a base machine with |
| 116 |
> sshd running and an administrative login account, ansible takes over an |
| 117 |
> manages the rest. It works really well. |
| 118 |
|
| 119 |
played around with ansible today and managed to get this working: |
| 120 |
|
| 121 |
http://blog.jameskyle.org/2014/08/automated-stage3-gentoo-install-using-ansible/ |
| 122 |
|
| 123 |
I even forked his repo and added a load of features to my newly built |
| 124 |
gentoo-systems (systemd, git, german locale, chrony ...). Nice. |
| 125 |
|
| 126 |
I still have to come up with a proper directory tree ... the docs at |
| 127 |
|
| 128 |
http://docs.ansible.com/playbooks_best_practices.html |
| 129 |
|
| 130 |
show a tree that seems a bit huge for my needs. |
| 131 |
|
| 132 |
One of my next goals: get all my local hosts into it and see how to |
| 133 |
manage them. |
| 134 |
|
| 135 |
|
| 136 |
---- |
| 137 |
|
| 138 |
aside from that back to the original topic of this thread: |
| 139 |
|
| 140 |
The "old box" booted instantly today ... cool. |
| 141 |
|
| 142 |
Stefan |
Archives