nate wrote:
What good is a configuration tool if it can't handle a change in NIC setup? That's really about the only thing that is enough trouble to do manually that it is worth more automation than a shell loop of ssh commands.
Just wondering what kind of NIC setup? In the hundreds of systems I have managed I've never had to change the default NIC settings. If you mean interface (IP/etc) setup then that could be an issue, for me I have a script that grabs the MAC addresses and serial numbers and polls a web server with config files associated with them to configure interfaces upon system installation (I haven't had to change them post install, I prefer just to re-install if the system is being re-purposed).
Most of our machines have 5 or so NICs, each connected to special purpose subnets. And even the ones that only need 1 or 2 connections will have the same physical setup so the servers are reusable.
Exactly - and remote 'hands on' support generally won't know which NIC is which, making this fairly problematic. And you can't just clone setups because the copies won't work with different MAC addresses.
If your setup is simple, e.g. 1 network, what I do is I bond all of the interfaces into a single bond in active/passive mode, that makes all of the NICs available for the same purpose, no need to know what is where. If the system needs to access another part of the network that is handled via routing not via physical connection.
It's not simple. Some of the networks will have multicast data feeds, others have backend data, admin access, or are public facing. So, I need to configure the correct addressing and routes for each.
If you have an issue where you need to change a NIC's duplex setting because of a flawed switch I'd suggest you look at replacing your switches(at least going forward).
Of course, but that's the point. If you've had old Cisco switches that didn't auto negotiate well, you'll have all of the connected equipment set to force full duplex. Then when you replace the switch you have to undo that - probably one subnet at a time. How do you manage real-world things like that with a configuration tool?
I've only had to screw with the duplex setting on a couple of occasions about 5-6 years ago with really old HP big iron. Hundreds of x86 boxes and different switch types/models/vendors later never had a problem.
OK, but it's configuration, and it affects every piece of equipment once if you start with older infrastructure.
small sets. Do any of the tools make this easy? That's the main reason I haven't used OCSinventory's deployment mechanism even though its cross-platform capabilities are appealing in a mixed environment.
Define easy, in cfengine and puppet(I'm sure, never used it though) you can define a class of systems and roll the change out to that class.
Easier than an ssh loop that does a 'yum update xxx' or similar command across a set of machines.
OCS really is a poor management system IMO, it's ok for inventory but the rest is crap.
Yes, but what else works cross-platform? I'm toying with the idea of using its agent to run a command, but running the agent via ssh or winexec/psexec (windows) to control the timing.
Can't speak for spacewalk, it sounds like a decent inventory/installation system for redhat-based systems but myself wouldn't use it beyond that role.
I can't quite deal with the idea of needing to abstract OS commands and doing it in a way that still only works with one OS. Why not either just automate the actual commands you need to run, or fix the commands in the first place if they are so bad that you have to abstract them into some new language. And RHEL/Centos boxes are a small part of the operation at the moment.
My own cfengine configuration consists of roughly 17,000 lines and a couple thousand files that are pushed out to various systems(in many cases I push out entire config files rather than having cfengine edit them inline).
And that's supposed to be the easy way?
It takes some time to get ramped up(I've been working with cfengine for many years) but once your there life is a lot easier. Probably took me a good 2 years of learning. A lot of it revolving around changing the way you think, how can X concept be applied in a more generic fashion to dynamically adapt to more systems automatically for example. Such as defining a dynamic class so when you build a new server it automatically gets everything it needs without having to go touch your policy files.
Could you switch arbitrary boxes to windows or some other OS without changing what the operators see? If you are still tied to the arcana of the underlying system - and vulnerable to its changes, what does this get you?