From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3357A13827E for ; Thu, 12 Dec 2013 23:54:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2501AE099B; Thu, 12 Dec 2013 23:54:05 +0000 (UTC) Received: from mail-qc0-f171.google.com (mail-qc0-f171.google.com [209.85.216.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1E1BFE086D for ; Thu, 12 Dec 2013 23:54:04 +0000 (UTC) Received: by mail-qc0-f171.google.com with SMTP id c9so937736qcz.16 for ; Thu, 12 Dec 2013 15:54:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=da2OMblyV+ivt8myjz5r+C6bOORxUirqG8cKSbBftQ4=; b=FxqNhri76D8XOvun9l/7jEoIiG8MiZOKeeqpOP0QN3rTBG0Y+JZX7dlwKrLAZYU4DR TJVlSaarzSpD414gXzdxqBdMA/ZTJUoMPq3ye2ZtuXKOLNTj/NfYSRXxjeXqcLVyGgKD Bf88ubTiuDsaQZ9JVbj2n2hGm0RxeRHXALVc9Ewr6YYfl9GyBcYsEkChPq1jXYdDQdwP HNUAf/zPb7xyJcR1pBFNzLL/LNVdTqexqARb7bfJq36N8MkZKencCWZdw4Wo4u2Gij8m upQMjq61nEWUkIqs9HQflJ904ScKtFAfk6vImAv8e3nPUztRJXmtO2/UTe8yPlg8Dvao kYcg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.224.8.132 with SMTP id h4mr10928980qah.103.1386892443425; Thu, 12 Dec 2013 15:54:03 -0800 (PST) Received: by 10.140.100.162 with HTTP; Thu, 12 Dec 2013 15:54:03 -0800 (PST) In-Reply-To: References: <524358B0.1060000@gmail.com> <52449C1A.5000306@gmail.com> <5245E03A.2020605@gmail.com> <52489438.3090405@gmail.com> <5249D186.8050808@gmail.com> <524A699E.6080006@gmail.com> Date: Thu, 12 Dec 2013 15:54:03 -0800 Message-ID: Subject: Re: [gentoo-user] Managing multiple systems with identical hardware From: Grant To: Gentoo mailing list Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 4a86b98a-682c-4020-a449-02c0e52ef81e X-Archives-Hash: 8ca88c07681d2fecd06268e36f5c6e24 I'm about to embark on this (perilous?) journey and I'm wondering if anyone would make a comment on any of the questions in the last paragraph below. This is basically my plan for setting up a bunch of systems (laptops) in an office which are hardware-identical to my own laptop and creating a framework to manage them all with a bare minimum of time and effort. Thanks, Grant >>>>>> I see what you desire now - essentially you want to clone your laptop >>>>>> (or big chunks of it) over to your other workstations. > > I've been working on this and I think I have a good and simple plan. > > My laptop roams around with me and is the "master" system. The office > router is the "submaster" system. All of the other office systems are > "minion" systems. All of the systems are 100% hardware-identical > laptops. All of the minions are 100% software-identical. > > I install every package that any system needs on the master and create > an SSH keypair. The only config files that change from their state on > the master are: /etc/conf.d/hostname, /etc/conf.d/net, > /etc/ssh/sshd_config, /etc/shorewall/*. I write comments in those > files which serve as flags for scripted changes. > > I write a script that is run from the master to the submaster, or from > the submaster to a minion. If it's the former, rsync / is run with > exceptions (/usr/portage, /usr/local/portage, /var/log, /tmp, /home, > /root but /root/.ssh/id_rsa_script* is included), my personal user is > removed, a series of workstation users are created with useradd -m, > services are added or removed from /etc/runlevels/default, and config > files are changed according to comment flags. If it's the latter, > rsync / is run without exceptions, services are added or removed from > /etc/runlevels/default, and config files are changed according to > comment flags. > > All user info on the submaster and minions would be effectively reset > whenever the script is run and that's fine. Root logins would have to > be allowed on the submaster and minions but only with the SSH key. > There are probably more paths to exclude when rsyncing master to > submaster. > > That's it. No matter how numerous the minions become, this should > allow me to keep everything running by administrating only my own > system, pushing that to the submaster, and having the submaster push > to the minions. I've been going over the nitty-gritty and everything > looks good. > > What do you think? Is there anything inherently wrong with rsyncing / > onto a running system? If there are little or no changes to make, > about how much data would actually be transferred? Is there a better > tool for this than rsync? I know Funtoo uses git for syncing with > their portage tree. > > - Grant