[clug] Automated install and maintenance

Andrew Janke a.janke at gmail.com
Fri Jun 1 04:49:30 GMT 2007 

Just wanting to pick a few brains.

I have used FAI and cfengine to install and maintain clusters and
distributed groups of workstations for some time and given that I am
doing it all over again, I am interested to hear others thoughts on
the matter.

I typically use a combination of debian and Ubuntu but in times gone
past have also added SGI and Sun machines into the mix.

What I ideally want is a simple method whereby I can install a machine
using some CD or PXE netboot boot install (think FAI or seeded Ubuntu
install CD) and then maintain the following things:

   1) config files
   2) users and passwords
   3) packages
   4) Applications (Sun grid engine, etc)

In the past I have handled #1 and #3 at install time via FAI and then
used things like dpkg --get-selections and the likes to keep things in
synch. #2 I have almost exclusively done via NIS given the pain of
integrating LDAP in a mixed SGI + Linux environment. LDAP I have
fiddled with but it just seems "too hard" when you have a private
subnet.

I have been doing some fiddling with puppet (touted as a cfengine
replacement) as of late and it claims to have package support. Which
In all fairness it does have but it is managed via dpkg! thus no nice
conflict/pre-req handling. blah!

cfengine on the other hand doesn't have any package support unless you
roll your own via some scripts.  As for #2, well puppet will handle
usernames but it seems very much targeted towards system and deamon
users as there is no nice password mechanism that I can see.  But then
we wouldn't want to have user passwords in config files here there and
everywhere anyhow as then they would not change them.

cfengine tries to handle #2 via some extra scripts that others have
written such as cfpasswd but it is not all that elegant. What would be
ideal would be to just say: "get all the user names and passwords from
<this> machine and put them on the others". I am also adverse to
things such as NIS and the likes if only because I like the idea of
local caching of such information in case the master goes down.

I am also keen to not put everything into LDAP (such as autofs maps)
if only because I have tried this approach and it all works nice until
the network starts to bog down at which stage LDAP bogs and suddenly
everything starts going slow. (been there done that).

And then you add into the mix things bfcg2 and csync and it all just
gets more and more evil.

So now that I have all that of my chest, I am interested as to what
others do. hand cobbled scripts? cfengine? puppet?


ta


-- 
Andrew Janke   (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883

More information about the linux mailing list