Re: [lopsa-tech] patch management for MacOSX
On Jun 23, 2009, at 17:16 , unix_fan wrote: Two generic scenarios come to my MacOSX rookie mind: 1. Write ssh queries that look for OS versions and patch status, or 2. Utilize a CM tool like puppet/bcfg2/lfcg/. Apple's blessed solution seems to be radmind. sw_vers gives you the OS revision and kernel build level, but no patch information. softwareupdate lets you see what updates are available. Anything else I think ends up with you poking around under /Library/ Receipts/boms. The good news is that security updates are easy to track there: mress:4819 Z$ ls /Library/Receipts/boms/*update* /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.4.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.5.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.6.combo.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.7.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.002.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.005.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.007.bom /Library/Receipts/boms/com.apple.pkg.update.security.2009.001.bom (The bad news, as shown above, is that you have to intuit that 2008.005 also includes 2008.003 and 2008.004.) What do people who manage groups of MacOSX desktop machines actually use? To bound the exercise, let's just call patch management the following task. At present we're doing them all manually. I'd love to change this, but a not-insignificant number of them are laptops that might or might not be on our network at any given time. (Windows laptops have always given us problems as well.) -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu electrical and computer engineering, carnegie mellon universityKF8NH PGP.sig Description: This is a digitally signed message part ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
On Tue, 23 Jun 2009, A. Rich wrote: > dredd> What sorts of "VM-specific" things are you thinking of? ie., from the > dredd> perspective of something "running inside the VM", what is there that > dredd> the configuration management software would even be able to see/detect/ > dredd> manage? > > dredd> What challenge are you trying to overcome? > > Specifically, something that is aware of what physical host that a vm resides > on so that it can tie into things like being able to track serial console > access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and > know when a machine relocates using vmotion or other similar technology. > > A tool that will do all of this would be optimal, but I have a feeling that > asset tracking + change control + config management isn't something that's out > there right now. this sounds like an inventory problem, not a software configuration problem. just like you can move a logical server (with all it's configs) to a different piece of hardware, and with some servers you can have multiple logical servers run in one serial numbered box (seperate motherboards, so logically multiple systems, but one serial number) you have your virtual machines moving from one physical box to another (sometimes manually, sometimes under automated controls) the inventory type software I have found all has problems with the concepts of multiple servers with one physical piece of hardware (most of them don't want to acknoledge that you may have more than a single NIC or IP address on a box), so I ended up writing my own database to track things. David Lang ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
[lopsa-tech] patch management for MacOSX
Folks, my google fu and lopsa.org searches are not narrowing it down for me. I've been handed a group that uses MacOSX and asked to craft a patch management approach for them. I use MacOSX at home, but have never managed a group of MacOSX machines (not server). We need to do some sort of patch management for these MacOSX machines. I could have sworn Ski or Leon had been in on a discussion about that long ago, but all I find is the bemoaning of a lack of Enterprise-ish tools and discussion of MacOSX vs. Linux. I'm trying to find what patch management approaches MacOSX sysadmins actually utilize, that they like. Two generic scenarios come to my MacOSX rookie mind: 1. Write ssh queries that look for OS versions and patch status, or 2. Utilize a CM tool like puppet/bcfg2/lfcg/. What do people who manage groups of MacOSX desktop machines actually use? To bound the exercise, let's just call patch management the following task. A vulnerability is announced, along with the patch. I want to generate a report that shows how many machines are affected in the denominator, and how many machines have actually been patched in the numerator. How do you manage MacOSX group patch deployment in this scenario? For this query, it doesn't matter whether your approach is home grown, open source, or commercial. ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
| From: "A. Rich" | | Specifically, something that is aware of what physical host that a vm resides | on so that it can tie into things like being able to track serial console | access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and | know when a machine relocates using vmotion or other similar technology. I recently built some scripts that run on vmware ESX hosts and gather bits of information, using "vmware-vim-cmd". You can get information about which VMs are on the host, resource usage, current configuration and so on. My idea was to gather up all the guest information from the ESX hosts to a central location, and then I could summarize or play with the guest information from there. e.g. know what's where, configured with how much memory and disk, using what resources, etc. But that's from the ESX host side of the equation, rather than from the guest. And the name (for example) of the guest on the ESX side might not match what the machine calls itself, but can cause some confusion. I don't know how to get information from the guest side, but I wonder if the open-vm-tools (open-vm-tools.sourceforge.net) package might provide some clues. Of course, that may not help you on Windows ... Hope these little nuggets help a bit .. John ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
dredd> My $0.02 worth, but I would say that any package which tried to tie a dredd> VM to it's "host components" (e.g., the physical components of the ESX dredd> server hosting it) would be very very complicated, especially if you dredd> added things like DRS into the equation, taking the human element out dredd> of vmotion, storage vmotion, etc., etc. Exactly why I was hoping that someone else had already solved this problem and/or had a suggestion about how best to go about it. :} ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
On Jun 23, 2009, at 12:14 PM, A. Rich wrote: > Specifically, something that is aware of what physical host that a > vm resides > on so that it can tie into things like being able to track serial > console > access, hardware contract numbers, PDU/network/fibre/rack allocation > etc, and > know when a machine relocates using vmotion or other similar > technology. > > A tool that will do all of this would be optimal, but I have a > feeling that > asset tracking + change control + config management isn't something > that's out > there right now. My $0.02 worth, but I would say that any package which tried to tie a VM to it's "host components" (e.g., the physical components of the ESX server hosting it) would be very very complicated, especially if you added things like DRS into the equation, taking the human element out of vmotion, storage vmotion, etc., etc. Especially considering how, difficult, it can be to get useful data out of VirtualCenter for third-party apps. :-) cheers, D ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
dredd> What sorts of "VM-specific" things are you thinking of? ie., from the dredd> perspective of something "running inside the VM", what is there that dredd> the configuration management software would even be able to see/detect/ dredd> manage? dredd> What challenge are you trying to overcome? Specifically, something that is aware of what physical host that a vm resides on so that it can tie into things like being able to track serial console access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and know when a machine relocates using vmotion or other similar technology. A tool that will do all of this would be optimal, but I have a feeling that asset tracking + change control + config management isn't something that's out there right now. ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
On Jun 23, 2009, at 10:43 AM, A. Rich wrote: > What are people using to do virtual host level configuration > management under > vmware? I'm not talking about managing the virtual machine > configuration > itself, but files, accounts, packages, patches, etc at a host-based > level on > each vm. Are folks cobbling something together with cfengine/puppet/ > etc, or > is there a better product out there (commercial or not) that will > handle all > of the same sorts of things, but designed for virtual machines? What sorts of "VM-specific" things are you thinking of? ie., from the perspective of something "running inside the VM", what is there that the configuration management software would even be able to see/detect/ manage? I mean, you could say "VMware-Tools", but, realistically, that's just another "package" installed on a given host, just like any other software package. What challenge are you trying to overcome? Cheers, D ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
[lopsa-tech] configuration management and vmware
What are people using to do virtual host level configuration management under vmware? I'm not talking about managing the virtual machine configuration itself, but files, accounts, packages, patches, etc at a host-based level on each vm. Are folks cobbling something together with cfengine/puppet/etc, or is there a better product out there (commercial or not) that will handle all of the same sorts of things, but designed for virtual machines? It would also be great if the config management stuff hooked into some ITIL-like change management software as well. I'm thinking of this specifically for RedHat/SUSE, Windows, and maybe Solaris 10. ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
