From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-152474-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 65B1513827E
	for <garchives@archives.gentoo.org>; Fri, 13 Dec 2013 02:06:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 12CE8E0A5D;
	Fri, 13 Dec 2013 02:06:42 +0000 (UTC)
Received: from mail-qe0-f42.google.com (mail-qe0-f42.google.com [209.85.128.42])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 11FEAE09FF
	for <gentoo-user@lists.gentoo.org>; Fri, 13 Dec 2013 02:06:40 +0000 (UTC)
Received: by mail-qe0-f42.google.com with SMTP id b4so1122522qen.29
        for <gentoo-user@lists.gentoo.org>; Thu, 12 Dec 2013 18:06:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=TJz80rPOn4qya7vWf5xYFvIUgLDf2e6Wfk0mfgAsjNc=;
        b=ZqNAoUblMTwoX8KNNsigvV2OVR3yK6TaGMT+aVFKktXsgvUcn6xNMfFH1G5KwxZDO2
         wNoZDZ9D5VuR296v4KuBVsVqvAICUm3NkzUUG+DY67AxT8c46bmU0HxD8qAPDVmrrDig
         o95g/bFJoS/KnXM7L3hwGGE3xnB1bIBaqCKmF3bbPAl+gcDctKOFEbwCNkzsdABKq6qq
         q2JPhuNq6z2WmVNHo09lU4otpPDHK9p7RnmnOXtDRwXFDVShnvQbtKMurXdDu6Xmn5HT
         IKZ79LhQoBhyoB4UwMgCJlhdkCHQY7M+JWL+2pzJ8N46JZElwG1ojvLbriPQIGc37Pub
         7+rg==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.224.28.72 with SMTP id l8mr11794229qac.35.1386900400415;
 Thu, 12 Dec 2013 18:06:40 -0800 (PST)
Received: by 10.140.100.162 with HTTP; Thu, 12 Dec 2013 18:06:40 -0800 (PST)
In-Reply-To: <52AA561D.10807@privatdemail.net>
References: <CAN0CFw0w73Np4Xn83xCm1eFghQBmu2cWoTkekL33Uihzyxiy8g@mail.gmail.com>
	<524358B0.1060000@gmail.com>
	<CAN0CFw2gC__sR9Mg1Y8kue4qZxKUZTjccOVrcE0Tqd6XBjwQRw@mail.gmail.com>
	<52449C1A.5000306@gmail.com>
	<CAN0CFw1JTGPt7B5DEHsX=20jbEU9E0urL2VaveGon9jA0q1G-g@mail.gmail.com>
	<5245E03A.2020605@gmail.com>
	<CAN0CFw1O-emn6qg3fdC7iDLsfM5oTn9p_ny95HEyUO-qtFHDaQ@mail.gmail.com>
	<52489438.3090405@gmail.com>
	<CAN0CFw0hw6jNZL0S+PBLN3D9EJdz0dFmSW_Xq2Kgr_FwyEA=aQ@mail.gmail.com>
	<5249D186.8050808@gmail.com>
	<CAN0CFw0r8-4KgH0SxJwqE4gpuAm-Knuk-Tjtm3yb8H6Y6BD7tg@mail.gmail.com>
	<524A699E.6080006@gmail.com>
	<CAN0CFw1OkaN2rdigQMDi65Hsvpc1HyS5oWpQa5VZaHFnGjwcgg@mail.gmail.com>
	<CAN0CFw36hP1TW8toZV-81f=8bRO7LTLyW-gbNddjUaQkJ8S=MA@mail.gmail.com>
	<CAOTuDKoMJ1Gd4NsVi3AsgRmOTpsTPxadGHdaFtTJ1s0Ee_Yf0g@mail.gmail.com>
	<52AA561D.10807@privatdemail.net>
Date: Thu, 12 Dec 2013 18:06:40 -0800
Message-ID: <CAN0CFw3RNOda538t=6VK42+WB=jwqvc7rJZwtL-hLtEE5M4xzw@mail.gmail.com>
Subject: Re: [gentoo-user] Managing multiple systems with identical hardware
From: Grant <emailgrant@gmail.com>
To: Gentoo mailing list <gentoo-user@lists.gentoo.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Archives-Salt: 0b9af36a-1317-4a0f-9af0-be41bd9c1104
X-Archives-Hash: a1a32d53c6bf9acc37e7f34b89519eda

>>> I'm about to embark on this (perilous?) journey and I'm wondering if
>>> anyone would make a comment on any of the questions in the last paragraph
>>> below.  This is basically my plan for setting up a bunch of systems
>>> (laptops) in an office which are hardware-identical to my own laptop and
>>> creating a framework to manage them all with a bare minimum of time and
>>> effort.
>>>
>>> Thanks, Grant
>>>
>>>
>>>>>>>>> I see what you desire now - essentially you want to clone
>>>>>>>>> your laptop (or big chunks of it) over to your other
>>>>>>>>> workstations.
>>>>
>>>> I've been working on this and I think I have a good and simple plan.
>>>>
>>>> My laptop roams around with me and is the "master" system.  The office
>>>> router is the "submaster" system.  All of the other office systems are
>>>> "minion" systems.  All of the systems are 100% hardware-identical
>>>> laptops.  All of the minions are 100% software-identical.
>>>>
>>>> I install every package that any system needs on the master and create
>>>> an SSH keypair.  The only config files that change from their state on
>>>> the master are: /etc/conf.d/hostname, /etc/conf.d/net,
>>>> /etc/ssh/sshd_config, /etc/shorewall/*.  I write comments in those
>>>> files which serve as flags for scripted changes.
>>>>
>>>> I write a script that is run from the master to the submaster, or from
>>>> the submaster to a minion.  If it's the former, rsync / is run with
>>>> exceptions (/usr/portage, /usr/local/portage, /var/log, /tmp, /home,
>>>> /root but /root/.ssh/id_rsa_script* is included), my personal user is
>>>> removed, a series of workstation users are created with useradd -m,
>>>> services are added or removed from /etc/runlevels/default, and config
>>>> files are changed according to comment flags.  If it's the latter,
>>>> rsync / is run without exceptions, services are added or removed from
>>>> /etc/runlevels/default, and config files are changed according to
>>>> comment flags.
>>>>
>>>> All user info on the submaster and minions would be effectively reset
>>>> whenever the script is run and that's fine.  Root logins would have to
>>>> be allowed on the submaster and minions but only with the SSH key.
>>>> There are probably more paths to exclude when rsyncing master to
>>>> submaster.
>>>>
>>>> That's it.  No matter how numerous the minions become, this should
>>>> allow me to keep everything running by administrating only my own
>>>> system, pushing that to the submaster, and having the submaster push to
>>>> the minions.  I've been going over the nitty-gritty and everything
>>>> looks good.
>>>>
>>>> What do you think?  Is there anything inherently wrong with rsyncing /
>>>> onto a running system?  If there are little or no changes to make,
>>>> about how much data would actually be transferred?  Is there a better
>>>> tool for this than rsync?  I know Funtoo uses git for syncing with
>>>> their portage tree.
>>>>
>>>> - Grant
>>>
> I'm also somewhat skeptical of rsyncing binaries and libraries on a running
> system - it seems needlessly dangerous, particularly for things that have
> complex deps.
>
> A mixed alternative to this would be:
>
> use rsync to manage distributing the system-wide configuration files for all
> relevant packages (similar to what you're doing at the moment).  This could
> include just the /etc directory (and/or other system-wide config directories)
> leaving the user files untouched
>
> instead of trying to rsync any binaries or libraries, use the master to build
> a binary package ("--buildpkg") of whatever software is to be installed, with
> the package directory shared over NFS or similar.  Then, on the slaves, set
> emerge default opts to "--usepkg" or "--usepkgonly" with a cron job, leaving
> the actual updating of applications on the slave systems to portage.

I may end up using portage instead of rsync but I think I'd like to
try rsync first.  Am I setting myself up for failure?

- Grant