I don't qualify for the > 30 machines (as requested in the initial
post), but I'm running some root servers at the Hetzner datacenter -
enough to have at least some things automated.
For installation, I use the image and install script provided by Hetzner
(this script does automatic network configuration, partitioning etc.)
This script is the fastest way I know to get a running base system, but
that's not too hard because it has a very specific usecase.
Afterwards, I copy a set of scripts on the fresh server and run them.
Those scripts install packages I usually need, patch config files,
create mysql users with random passwords, write those passwords to
config files etc. Some manual work is left, but most things are covered
by my scripts.
Am Mittwoch, 11. Juli 2012 schrieb vetter(a)physik.uni-wuerzburg.de:
To change the configuration on all machines, we
usually copy the
configuration file(s) to all machines and restart the service. We have
scripts using SSH with authorized_keys for that. Problem is, if a
machine is not online, it does not get the change and one must
remember to change it, when the machine comes back. If there is a
better solution, please let me know.
I'm using pull instead of push ;-)
This means: I have a repo (good old CVS, git will also work) with one
directory per "job". Each directory contains a Makefile - and this
Makefile contains the commands to execute. Needless to say this is very
flexible - you can do anything in a Makefile, and you can include
additional files (for example config files) in the directory that the
Makefile can copy somewhere.
The advantage of a Makefile over a plain script is that make will abort
if one command failed - usually that's better than producing lots of
follow-up failures ;-)
All files in each directory are md5sum'ed and the md5sum file is GPG-
signed with my private key to ensure nobody can inject random stuff.
I commit all this (Makefile, additional files, md5sum and GPG signature
of md5sum) to CVS.
All servers run a cronjob that updates from the CVS, chechs for new jobs
and run make in every new or updated directory (jobs successfully done
get a "done" file touch'ed in the directory. If this file does not exist
or is older than the Makefile, a job directory is considered "new".
And finally, I receive a mail whenever a job was run - successfully or
If someone is interested in the scripts I use for this CVS-based
automation, I can publish them. Be warned that the only documentation is
in my /dev/brain ;-)
BTW: Even with this automation in place, I do more critical things like
kernel updates manually. There are too many things that could go wrong
(I had a broken menu.lst more than once ;-) and I prefer to see such
issues before calling "init 6" ;-)
And not only I but many others owe Larry "a few
beers" - but you'll be
lucky to get a glass of water :-) .
Good. If everyone who owed Greg a few beers
for his contributions paid
up, he'd be a perma-blittered wreck.
[> Basil Chupin and Mike Galbraith in opensuse-factory]
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org