On 13 January 2012 01:57, Paul Graydon <paul@paulgraydon.co.uk> wrote:
On 01/12/2012 03:51 PM, chaim.rieger@gmail.com wrote:
On 1/12/2012 4:43 PM, Jimmy Hess wrote:
Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work.
this is why i never update. i would rather build a new image and deploy it to the thousands of servers than worry about updates. be it an openssh security notice, or new ntp configuration, for me it is easier to rebuild servers than update config files.
For that matter, imaging is a bad way to go about handling this, you'd be better served by setting up something like Puppet or Chef and have them handle configuration management for you centrally, along with necessary software packages.
Paul
I looked into Puppet and though I've got it managing parts of our infrastructure it seems quite difficult to bolt on to an existing setup. There are also some things that I can't see how to do easily with Puppet ("Don't upgrade packages on the live environment until we've tested them in staging" being a big one.) I'm starting to look at Blueprint (http://devstructure.com) to help build the Puppet manifests so that we can deploy Puppet without breaking any existing machines, Puppet for configuration management and Spacewalk to audit what is up-to-date and help schedule security updates. Dan