Russell Miller wrote: > On Fri, May 1, 2009 at 9:32 AM, nate <centos at linuxpowered.net> wrote: > >> What kinds of things are on the checklist? Perhaps you can use something >> like cfengine or puppet to do this. cfengine essentially runs a checklist >> for me every hour on every system and enforces the rules I have set in >> it(roughly 15,000 lines of configuration). >> >> puppet seems to be the new hot thing though I've not had any time >> or interest to look into it myself cfengine does everything I need. >> > We do use puppet to configure the systems. Problem is that there's an > institutional reluctance to run it in that way - it's done right now > as a "push" configuration. So I would like to find something that can > validate in a read-only way and send alerts when things are a little > off. Not sure if puppet has something similar but in cfengine I could do this: [root at us-cfe002:~]# cfagent -v -q -n 2>&1 | grep -i need Need: Update of image /var/cfengine/inputs/common/openmq_base.conf from master /nfs/exnas/root/cfengine/configs/common/openmq_base.conf on localhost Need: Update of image /etc/sudoers from master /nfs/exnas/root/cfengine/files/common/redhat/etc/sudoers on localhost Need this: /usr/lib/nagios/plugins/check_openmq wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_openmq_sudo wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_derby wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_derby_sudo wasn't at destination (copying) Need this: /etc/nagios/nrpe.d/check_openmq.cfg wasn't at destination (copying) Need this: /etc/nagios/nrpe.d/check_derby.cfg wasn't at destination (copying) cfagent -v -q -n 2>&1 | grep -i need >/tmp/cfe.check && cat /tmp/cfe.check | mail -s "Alert on `hostname`" user at host Of course you could make a little bigger script to send something more descriptive in the email. > > While I'm at it, I'd also like something that can keep a database of > all of the packages installed on all of the servers and let me do > queries against it... don't want to write it if there's already > something out there. I think red hat satellite server can do this(I think, it uses an Oracle DB to store data so you could query that), I think they released an open source version of it - http://www.redhat.com/spacewalk/ I have not used either personally. nate