From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QOg7o-0005XW-20 for garchives@archives.gentoo.org; Tue, 24 May 2011 01:09:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 92D4C1C2E8 for ; Tue, 24 May 2011 01:09:31 +0000 (UTC) Received: from www01.badapple.net (www01.badapple.net [64.79.219.163]) by pigeon.gentoo.org (Postfix) with ESMTP id A48E71C247 for ; Tue, 24 May 2011 00:40:30 +0000 (UTC) Received: from [127.0.0.1] (unknown [76.14.87.66]) (Authenticated sender: ramin@badapple.net) by www01.badapple.net (Postfix) with ESMTPSA id CCFA09FAFC74 for ; Mon, 23 May 2011 17:40:29 -0700 (PDT) Message-ID: <4DDAFE82.9070308@badapple.net> Date: Mon, 23 May 2011 17:40:34 -0700 From: kashani User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Managing multiple servers. References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 51c1b2da5e3bbb5bc38779ffb26448df On 5/23/2011 3:12 PM, la Bigmac wrote: > Hello list, > > Seems to be a few people recently wanting to discuss Gentoo as a server > :-) so thought I would pose a question that has been bugging me. > > What would you guys recommend to manage multiple servers and the package > versions? > > While I have a central emerge server (*rsync)* and sync all of my > servers to it I still manually update the packages. > > Example, openssh how should I be updating openssh on all of my servers > other than logging onto each one in turn and running emerge openssh. > > Should I cron schedule an /emerge/ --/update world /and control the > repository of packages or is there a more elegant solution? I've become a huge Puppet nerd over the last year. I'm not managing Gentoo on it, but it's supported and Puppet Labs does seem to fix Gentoo bugs in a reasonable time. First you'll need Ruby 1.8.7 as 1.9.2 support in Ruby isn't quite there yet. I'd also run unstable for Puppet and Facter. You're better off jumping in at 2.6.x than 0.25.x. Puppet requires facter which is very cool in it's own right. It's local discovery of the OS and those facts about your system can be used in templates to make decisions. Here's an example for setting higher thresholds on my large machines. <% if processorcount.to_i >= 12 then -%> and here's an example of a module to make sure sudo is the latest version and add a config file for my local sudoers additions. class sudo { package { "sudo": ensure => latest, } file { "/etc/sudoers.d/my_additions": ensure => present, owner => root, group => root, mode => 440, require => Package["sudo"], source => "puppet:///modules/sudo/my_additions", } } In order to make this work you'd really need to have modules for each package in your world file and set ensure => latest rather than just present. However it does make it easy to keep configs, users, settings, which packages in sync across machines. That's Puppet in a very very tiny nutshell. They are some unique challenges with using it well with Gentoo, but it would ultimately make your system easier to reproduce. kashani