Fw: [opensuse-project] larger openSUSE deployments?
Hi, we are running a computer pool for students with 48 machines on openSUSE 12.1. Ususally we try to install "almost everything" except software that is really annoying when $HOME is on NFS (e.g. beagle in former times). In older times we used autoyast to install a new version of openSUSE. But autoyast is just taking too long to install such a long list of software, and when you forget about a small thing, the turnaround time with such a big number of packages to install is too long. So we switched to autoyast and images (tar.gz method) for new machines (or new harddisks) and zypper dup for upgrading on working machines to new releases. These upgrades take place in the break between semesters. zypper dup usually works great. But somehow from 11.4 to 12.1 the update-alternative files for java were messed up resulting in a non-working java plugin for browsers. Found out by accident last week. Since our university uses Novell iprint for charging the students for printouts, we had to find out, that cups 1.5 does not work with iprint client. And so we had to build cups 1.4 for openSUSE 12.1. Printing seems to be one of the most complicated problems in universe ;) Students love n-up printing to save money. But somehow this seems to confuse printers from all kinds of different manufacturers (HP, Lexmark, Sharp). There is also no clear statement how to do it right, because for some PDFs you better use n-up printing from acroread and for others you can only use okular and cups n-up printing. Failure of printing "the right way" (TM) will result in hanging or resetting the printer. Since the machines are administered by central root, we disable NetworkManager, Update Notifications, and so on. Bad thing is, this changes from release to release, and we have to consider all desktop flavours (KDE, Gnome, LXDE, ...). For updates we use the automatic online update. Problem here was: SuSEconfig is not run. But this problem decreases, since SuSEconfig does less from release to release. Another thing I'm not quite sure about is: when e.g. openssl library is updated, a lot of services are affected (zypper ps can tell you), but the services are not restarted automatically. Since our machine run rather long (until next kernel update or crash or power plug pulled) they only get restarted when we do a zypper ps manually and either restart services manually or reboot. Well this should not be necessary, but I'd feel better if zypper ps shows nothing. To change the configuration on all machines, we usually copy the configuration file(s) to all machines and restart the service. We have scripts using SSH with authorized_keys for that. Problem is, if a machine is not online, it does not get the change and one must remember to change it, when the machine comes back. If there is a better solution, please let me know. Wow, that was log. I didn't intend a such long post ;-) -- Mit freundlichen Gruessen, Andreas Vetter Informations- und Kommunikationstechnik Fakultaet fuer Physik und Astronomie Universitaet Wuerzburg -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Hello, I don't qualify for the > 30 machines (as requested in the initial post), but I'm running some root servers at the Hetzner datacenter - enough to have at least some things automated. For installation, I use the image and install script provided by Hetzner (this script does automatic network configuration, partitioning etc.) This script is the fastest way I know to get a running base system, but that's not too hard because it has a very specific usecase. Afterwards, I copy a set of scripts on the fresh server and run them. Those scripts install packages I usually need, patch config files, create mysql users with random passwords, write those passwords to config files etc. Some manual work is left, but most things are covered by my scripts. Am Mittwoch, 11. Juli 2012 schrieb vetter@physik.uni-wuerzburg.de:
To change the configuration on all machines, we usually copy the configuration file(s) to all machines and restart the service. We have scripts using SSH with authorized_keys for that. Problem is, if a machine is not online, it does not get the change and one must remember to change it, when the machine comes back. If there is a better solution, please let me know.
I'm using pull instead of push ;-) This means: I have a repo (good old CVS, git will also work) with one directory per "job". Each directory contains a Makefile - and this Makefile contains the commands to execute. Needless to say this is very flexible - you can do anything in a Makefile, and you can include additional files (for example config files) in the directory that the Makefile can copy somewhere. The advantage of a Makefile over a plain script is that make will abort if one command failed - usually that's better than producing lots of follow-up failures ;-) All files in each directory are md5sum'ed and the md5sum file is GPG- signed with my private key to ensure nobody can inject random stuff. I commit all this (Makefile, additional files, md5sum and GPG signature of md5sum) to CVS. All servers run a cronjob that updates from the CVS, chechs for new jobs and run make in every new or updated directory (jobs successfully done get a "done" file touch'ed in the directory. If this file does not exist or is older than the Makefile, a job directory is considered "new". And finally, I receive a mail whenever a job was run - successfully or not. If someone is interested in the scripts I use for this CVS-based automation, I can publish them. Be warned that the only documentation is in my /dev/brain ;-) BTW: Even with this automation in place, I do more critical things like kernel updates manually. There are too many things that could go wrong (I had a broken menu.lst more than once ;-) and I prefer to see such issues before calling "init 6" ;-) Regards, Christian Boltz --
And not only I but many others owe Larry "a few beers" - but you'll be lucky to get a glass of water :-) . Good. If everyone who owed Greg a few beers for his contributions paid up, he'd be a perma-blittered wreck. [> Basil Chupin and Mike Galbraith in opensuse-factory]
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
participants (2)
-
Christian Boltz
-
vetter@physik.uni-wuerzburg.de