Greetings everyone.
Let me preface this with the following, I know this is not specific to CentOS but I do value the input given by *many* of the users on this list. I can not think of a more appropriate place to ask these questions.
Let me just break down my setup:
20 CentOS 4 servers, all running apache.
The only things that are unique on each server are the network settings and the apache virtual host config files, other then that, they are identical.
I'm not using any networked file systems, content is synchronized via rsync. NFS is not able to provide adequate performance in our environment.
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
Any feedback would be greatly appreciated!
Thanks in advance.
-- enoch
On 4/1/05 10:57 AM, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
For config files, I use cfengine. The learning curve is a bit steep, but imo well worth the time. I've got a .spec file online if you want to build it into a package:
* http://www.madboa.com/geek/specs/cfengine.spec
-- Paul
Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
I've tried Cfengine and I'm currently evaluating Radmind. http://rsug.itd.umich.edu/software/radmind/
It allows you to do everything you just mentioned and monitor filesystem changes as well, like tripwire. Their documentation and mailing lists seem to focus a lot on Mac OS X but it'll work on any UNIX or UNIX-like platform.
Here's one command line tutorial.. http://rsug.itd.umich.edu/software/radmind/files/radmind-tutorial-0.8.1.pdf
This paper might offer better insight.. http://rsug.itd.umich.edu/software/radmind/files/LISA-radmind.pdf
Here is my first post to their mailing list from a couple days ago inquiring about using Radmind on RPM based Linux distributions. Check out the thread, there seem to be a few people using it on Fedora and RHEL. https://mailman.rice.edu/pipermail/radmind/2005-March/009240.html
Hope this helps.
Avtar
On Fri, 2005-04-01 at 12:57, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
ssh server yum -y update works for me. Ideally you would mirror the repository to a local directory and add your own changes as rpm packages so the one step does it all.
Les Mikesell wrote:
On Fri, 2005-04-01 at 12:57, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
ssh server yum -y update works for me. Ideally you would mirror the repository to a local directory and add your own changes as rpm packages so the one step does it all.
I just ssh into my box and run yum -y update. its the easiest thing to do..
Chris Weisiger wrote:
Les Mikesell wrote:
On Fri, 2005-04-01 at 12:57, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
Funny this topic came up now. I recently been demoing Red Hat Desktop and RHN.
After a bit of playing around with RHN and looking at the code the the rhn_check client I've found it to be a bit of a mess (IMHO). There are many lines of TODO and I have even (just today) filed a bug as the more recent clients don't even seem to work with the "Remove Package" feature of RHN.
I cannot really see any great encouragement from buying a RHN subscription if this is the way the client/server has been coded. If both sides of the configuration we completely open-source I wouldn't have a problem with it as I know the changes / bug fixes even one files would be available to all, but as long as Redhat keeps control of RHN I don't think I will be paying for the subscription.
Back to the point has anyone found / thought of implementing a kind of Enterprise level YUM with the same sort of manageability of RHN. I looked at it myself but felt it would involve too much of a rewrite to the YUM clients to do.
Does YUM even support any kind of authentication HTTP or FTP?
I believe a companion Management Server type solution would be a great sister project to go along with Centos. At least that's my opinion
Lee ----- /"Why give to one when you can give to everyone"/
On Sat, 2005-04-02 at 21:41 +0100, Lee W wrote:
Chris Weisiger wrote:
Les Mikesell wrote:
On Fri, 2005-04-01 at 12:57, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
Funny this topic came up now. I recently been demoing Red Hat Desktop and RHN.
After a bit of playing around with RHN and looking at the code the the rhn_check client I've found it to be a bit of a mess (IMHO). There are many lines of TODO and I have even (just today) filed a bug as the more recent clients don't even seem to work with the "Remove Package" feature of RHN.
I cannot really see any great encouragement from buying a RHN subscription if this is the way the client/server has been coded. If both sides of the configuration we completely open-source I wouldn't have a problem with it as I know the changes / bug fixes even one files would be available to all, but as long as Redhat keeps control of RHN I don't think I will be paying for the subscription.
Back to the point has anyone found / thought of implementing a kind of Enterprise level YUM with the same sort of manageability of RHN. I looked at it myself but felt it would involve too much of a rewrite to the YUM clients to do.
Does YUM even support any kind of authentication HTTP or FTP?
I believe a companion Management Server type solution would be a great sister project to go along with Centos. At least that's my opinion
Lee, There is a project that was started back in the RH 7.3 days to reproduce an open source version of the server side of the RHN. This project made it to the point where it would allow clients to register and pull updates from it and that is pretty much where it stuck. A new maintainer has taken over the project and there is plans to implement client status tracking, and client management.
You can check it out at http://current.tigris.org/ and help out if you want.
I used to use it to maintain a hand full of servers and a couple desktops until RH dropped support for their Retail versions.
Regards, Paul Berger
On Apr 2, 2005 5:35 PM, Paul subsolar@subsolar.org wrote: -- snip snip -- tuck tuck -
On Fri, 2005-04-01 at 12:57, Enoch West wrote:
I wanted to get some feedback to see what other people here use to manage their CentOS systems, apply updates, roll out new software packages, update unique config files etc.
Lee, There is a project that was started back in the RH 7.3 days to reproduce an open source version of the server side of the RHN. This project made it to the point where it would allow clients to register and pull updates from it and that is pretty much where it stuck. A new maintainer has taken over the project and there is plans to implement client status tracking, and client management.
You can check it out at http://current.tigris.org/ and help out if you want.
I used to use it to maintain a hand full of servers and a couple desktops until RH dropped support for their Retail versions.
Regards, Paul Berger
Thanks to all who have replied so far.
I am currently utilizing yum for package management and updates from my own local repository, and.. so far it has worked quite well
What I'm really looking for is a way to keep all my apache v host configs and other unique files synchronized across all the machines.
As well as just managing them over all, rebooting, updating a specific file or permission, keeping the passwd files updated etc. Having one shared FS would be ideal, but nfs is not an option.
cfengine and radmind look very promising, should I have the time to fully read the documentation :)
This thread has been extremely helpful so far, so thanks again.
I ate too much chocolate tonight. -- enoch
Enoch West wrote:
On Apr 2, 2005 5:35 PM, Paul subsolar@subsolar.org wrote: -- snip snip -- tuck tuck -
Thanks to all who have replied so far.
I am currently utilizing yum for package management and updates from my own local repository, and.. so far it has worked quite well
What I'm really looking for is a way to keep all my apache v host configs and other unique files synchronized across all the machines.
Try Rsync
As well as just managing them over all, rebooting, updating a specific file or permission, keeping the passwd files updated etc. Having one shared FS would be ideal, but nfs is not an option.
Depending on the number of machines, have you thought of NIS for the passwd files. Also a series scripts along with SSH remote logins (maybe with Host authentication) could allow you to remotely reboot the machines to a certain schedule etc.
cfengine and radmind look very promising, should I have the time to fully read the documentation :)
This thread has been extremely helpful so far, so thanks again.
I ate too much chocolate tonight.
enoch _______________________________________________
Happy Hunting
Lee
On Apr 2, 2005 7:35 PM, Paul subsolar@subsolar.org wrote:
On Sat, 2005-04-02 at 21:41 +0100, Lee W wrote:
Chris Weisiger wrote:
Funny this topic came up now. I recently been demoing Red Hat Desktop and RHN.
After a bit of playing around with RHN and looking at the code the the rhn_check client I've found it to be a bit of a mess (IMHO). There are many lines of TODO and I have even (just today) filed a bug as the more recent clients don't even seem to work with the "Remove Package" feature of RHN.
I cannot really see any great encouragement from buying a RHN subscription if this is the way the client/server has been coded. If both sides of the configuration we completely open-source I wouldn't have a problem with it as I know the changes / bug fixes even one files would be available to all, but as long as Redhat keeps control of RHN I don't think I will be paying for the subscription.
Back to the point has anyone found / thought of implementing a kind of Enterprise level YUM with the same sort of manageability of RHN. I looked at it myself but felt it would involve too much of a rewrite to the YUM clients to do.
Does YUM even support any kind of authentication HTTP or FTP?
I believe a companion Management Server type solution would be a great sister project to go along with Centos. At least that's my opinion
Lee, There is a project that was started back in the RH 7.3 days to reproduce an open source version of the server side of the RHN. This project made it to the point where it would allow clients to register and pull updates from it and that is pretty much where it stuck. A new maintainer has taken over the project and there is plans to implement client status tracking, and client management.
You can check it out at http://current.tigris.org/ and help out if you want.
I used to use it to maintain a hand full of servers and a couple desktops until RH dropped support for their Retail versions.
Having never used RHN...what is the functionality you are looking for from a server based implementation of RHN? It sounds like quite a bit of work and I think that cron and some shell scripting could get a similar task done.
Something like: https://lists.dulug.duke.edu/pipermail/yum/2005-March/006188.html
What would this "RHN-like" functionality get you beyond the nag emails from that cron script? I tried reading about the functions of "current" but couldn't find them on the website.
Greg
Greg Knaddison wrote:
Having never used RHN...what is the functionality you are looking for from a server based implementation of RHN? It sounds like quite a bit of work and I think that cron and some shell scripting could get a similar task done.
Something like: https://lists.dulug.duke.edu/pipermail/yum/2005-March/006188.html
What would this "RHN-like" functionality get you beyond the nag emails from that cron script? I tried reading about the functions of "current" but couldn't find them on the website.
Greg _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
The biggest advantage is from a glance being able to:-
1) See what systems has what software installed 2) See which systems need critical updates applied. 3) The ability to automatically update software/rollout software onto a number of machines from a central location. 4) See which systems have not checked in for a given time and notify the user to connect them to the network to receive new updates (e.g. Laptop Users). 5) And probably the biggest reason, is that it links in with the errate database so you immediate visability of what systems are affected by what vunerability.
Whilst I would agree with the that much of this could be done though cron scripts, the RHN and (less central ways such as) YUM is that they both get though Firewalls quite easily.
The main thing I hate about RHN (despite up2date's GUI buggyness) is that it is red hat who control it. Even there highest level product (Satallite version) does not give the adaptabily the comes from most other open-source and freely available solutions.
Regards
Lee
On Sat, 2 Apr 2005, Lee W wrote:
Back to the point has anyone found / thought of implementing a kind of Enterprise level YUM with the same sort of manageability of RHN. I looked at it myself but felt it would involve too much of a rewrite to the YUM clients to do.
I published the necessary hooks to do so two years on the yum mailing list, and sell services based on this already. I know of another list member who does this as well.
The include functionality for remote yum.conf entries was a result of some needs I had in this area, which seth kindly added; I also use variants of that code at the anaconda/kickstart install time for new host sccessionsing, and rule based (database driven) config customization
Does YUM even support any kind of authentication HTTP or FTP?
yes
-- Russ Herrold
-
Avtar Gill -
Chris Weisiger -
Enoch West -
Greg Knaddison -
Lee W -
Les Mikesell -
Paul -
Paul Heinlein -
R P Herrold