[CentOS-virt] virtual sprawl - managing password changes

Fri May 16 19:22:31 UTC 2008
Mark Foster <mark at foster.cc>

Jeff Larsen wrote:
> We are using the free VMware Server on CentOS 4. Almost all of our VMs
> are CentOS 4 as well. We have 7 VMware hosts with about 40 total
> virtual machines. It's been a very successful architecture for us.
> I'm wondering how the rest of the community is managing updates of
> root (and other local account) passwords in a virtual sprawl
> environment (or a physical environment with lots of hosts).
> I have read about things like expect, puttycs, centralize with kerberos, etc.
> But I'm not looking for "options" here, I want to hear actual
> experiences! What has worked for you, what hasn't worked? Or do you
> feel that the chance for failure is to great and the results too
> catastrophic?
Puppet can control user attributes like passwords quite easily, provided 
you set it up right.

CFengine can as well but not so elegantly as puppet which implements a 
provider model (users, group, packages, cronjobs etc)

Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark at foster.cc>  http://mark.foster.cc/