From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QOh0x-0002m9-1Y for garchives@archives.gentoo.org; Tue, 24 May 2011 02:06:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8C2D71C2ED for ; Tue, 24 May 2011 02:06:30 +0000 (UTC) Received: from www01.badapple.net (www01.badapple.net [64.79.219.163]) by pigeon.gentoo.org (Postfix) with ESMTP id 93D2B1C2F0 for ; Tue, 24 May 2011 01:12:05 +0000 (UTC) Received: from [127.0.0.1] (unknown [76.14.87.66]) (Authenticated sender: ramin@badapple.net) by www01.badapple.net (Postfix) with ESMTPSA id 0DA889FAFC74 for ; Mon, 23 May 2011 18:12:04 -0700 (PDT) Message-ID: <4DDB05E9.7050104@badapple.net> Date: Mon, 23 May 2011 18:12:09 -0700 From: kashani User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Managing multiple servers. References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 0233550dd194ae899a265c76a1bf4eff On 5/23/2011 3:12 PM, la Bigmac wrote: > Hello list, > > Seems to be a few people recently wanting to discuss Gentoo as a server > :-) so thought I would pose a question that has been bugging me. > > What would you guys recommend to manage multiple servers and the package > versions? > > While I have a central emerge server (*rsync)* and sync all of my > servers to it I still manually update the packages. > > Example, openssh how should I be updating openssh on all of my servers > other than logging onto each one in turn and running emerge openssh. > > Should I cron schedule an /emerge/ --/update world /and control the > repository of packages or is there a more elegant solution? I've become a huge Puppet nerd over the last year. I'm not managing Gentoo on it, but it's supported and Puppet Labs does seem to fix Gentoo bugs in a reasonable time. First you'll need Ruby 1.8.7 as 1.9.2 support in Ruby isn't quite there yet. I'd also run unstable for Puppet and Facter. You're better off jumping in at 2.6.x than 0.25.x. Puppet requires Facter which is very cool in it's own right. It's local discovery of the OS and those facts about your system can be used in templates to make decisions. Just run facter from the command line to see what's available. Here's an example for setting higher thresholds on my large machines where processorcount is a fact. <% if processorcount.to_i >= 12 then -%> and here's an example of a module to make sure sudo is the latest version and add a config file for my local sudoers additions. class sudo { package { "sudo": ensure => latest, } file { "/etc/sudoers.d/my_additions": ensure => present, owner => root, group => root, mode => 440, require => Package["sudo"], source => "puppet:///modules/sudo/my_additions", } } In order to make this work you'd really need to have modules for each package in your world file and set ensure => latest rather than just present. However it does make it easy to keep configs, users, settings, which packages in sync across machines. You can also specify ensure => "2.1.2-r12" as a version instead of present or latest. That's Puppet in a very very tiny nutshell. They are some unique challenges with using it well with Gentoo, but it would ultimately make your system easier to reproduce. You would still need to decide how and when to run Puppet on each node. kashani