From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QOrJb-0005Da-7D for garchives@archives.gentoo.org; Tue, 24 May 2011 13:06:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C04CB1C547 for ; Tue, 24 May 2011 13:06:26 +0000 (UTC) Received: from mail.hacking.co.uk (unknown [62.149.40.78]) by pigeon.gentoo.org (Postfix) with ESMTP id 98D5B1C405 for ; Tue, 24 May 2011 12:35:45 +0000 (UTC) Received: from [10.0.0.73] (195.Red-88-4-65.dynamicIP.rima-tde.net [88.4.65.195]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.hacking.co.uk (Postfix) with ESMTPSA id C9C3710127 for ; Tue, 24 May 2011 12:24:18 +0000 (GMT) Subject: Re: [gentoo-server] Managing multiple servers. From: Hacking Network Solutions - Gentoo List Subscriptions To: gentoo-server@lists.gentoo.org In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Date: Tue, 24 May 2011 14:40:14 +0200 Message-ID: <1306240814.20197.12.camel@max2.auckland.local> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 63af867f0e16f22d24348be3b6c71c2c On Tue, 2011-05-24 at 09:37 +0200, Ramon van Alteren wrote: > Hey, > > This list seems to have woken up suddenly again, good news :) > I would agree, it's always nice to have a useful Gentoo oriented discussion, especially about something which isn't desktop related. > On Tue, May 24, 2011 at 00:12, la Bigmac wrote: > > Seems to be a few people recently wanting to discuss Gentoo as a server :-) > > so thought I would pose a question that has been bugging me. > > > > What would you guys recommend to manage multiple servers and the package > > versions? > > We manage 3000+ servers and use puppet for that, but it is still > painful with gentoo at times. > Especially the moving portage tree forces us to keep a local frozen > version that retains both the ebuilds and the distfiles. That is not > so much of a problem, it is the unfreezing that is causing us grief. > > In addition to puppet and our own frozen portage snapshot+overlay, we > use agaffneys install scripting to install servers over the net + a > standard tftp + dhcp netbooting setup. > > > While I have a central emerge server (rsync) and sync all of my servers to > > it I still manually update the packages. > > I hope this shameless plug for my company's website doesn't offend but we provide a set of packages and some documentation for those wishing to automate the process of building and testing binary packages on a central server. More information can be found at.... http://www.mad-hacking.net/documentation/linux/deployment/buildserver/ > > Example, openssh how should I be updating openssh on all of my servers other > > than logging onto each one in turn and running emerge openssh. > > Puppet takes care of that for us and this is a major relief, having > useflag support in the puppet gentoo package provider would be nice, > but not really necessary. I'd prefer having useflag awareness in > binpkgs and the ability to produce different binpkgs for different > useflag sets in portage. > > > Should I cron schedule an emerge --update world and control the repository > > of packages or is there a more elegant solution? > > I've never dared to schedule an emerge --update world on my servers > even though I control the repository, I'm just not that confident of > my own abilities :) This is usually a bad idea. Quite often an "emerge --update world" will leave a system in an unstable state until configuration files are updated and reverse dependencies checked. This can be ameliorated by using a system as described in the link above as all packages which have been rebuilt on the "build server" will be updated by an "emerge --update world". Configuration files will still be a problem however. > I'm / we are currently working on a new setup for our frozen snapshot > + overlay + distfiles mirror. > Ideally we're shooting for a setup were we continuously test the > system set of packages for compilation and maybe a few functional > test-cases (can I ssh into the server comes to mind :) > > This would allow us to stay closer to $UPSTREAM, in this case gentoo > and avoid the large maintenance nightmare we have now. If possible we > would possibly be looking to open up the infrastructure as open source > and allow others to use it. However that is a future hope, not a > promise :) > > Regards, > > Ramon van Alteren > Senior System Engineer Hyves.nl >