On Tue, Dec 19, 2006 at 03:00:04AM -0700, Clint Pachl wrote:
> I would use a dedicated, highly secure and always backed-up box to
> store/manage a central repository (CVS/SVN). This repos will hold
> all the necessary bytes (binaries, config files, ports, etc.) to
> "re-image" any machine from scratch. Each node on the network
> would then "pull" everything it needs from the central repos using
> method X. That's the part I'm trying to figure out. I want the
> whole automation system to be simple and would like to use only
> default tools.
I think I understand the reason why you want this ('only default
tools'). That said, there are good reasons that specialized tools
exist to solve this problem: it's complex. You want your install and
configuration management system to be robust; something hacked out
of whatever happens to be in base seems potentially quite fragile.
A pull-only system assumes that the clients actually pull. What if
they don't? How do you know when their last successful pull was? If
all they're doing is pulling, do you need eg one pf.conf file per
client? How many clients do you have? How many might you have in a
year? two years? Using a client imaging system as the sole
configuration management system is heavy-handed and inflexible --
you'll find lots of situations where you want more control over who
gets what file (or what action occurs where).
cfengine was mentioned elsewhere in this thread, and it's the most
prominent FOSS configuration management thingy that I'm aware of.
It's got warts, but it's widely used and mostly solves the problems
you're looking to solve. I've worked at large sites that used
cfengine, and large sites that used hacked imaging systems based on
rsync or rdist. I quickly came to understand and appreciate _why_
cfengine exists, even if I also started a list of Things I Don't
Really Like About CFengine. It's a mixed bag, but in my experience,
the warts are worth it.
--
o--------------------------{ Will Maier }--------------------------o
| web:.......http://www.lfod.us/ | [EMAIL PROTECTED] |
*------------------[ BSD Unix: Live Free or Die ]------------------*
