Re: [lopsa-tech] configuration management and vmware
On Jun 23, 2009, at 10:43 AM, A. Rich wrote: What are people using to do virtual host level configuration management under vmware? I'm not talking about managing the virtual machine configuration itself, but files, accounts, packages, patches, etc at a host-based level on each vm. Are folks cobbling something together with cfengine/puppet/ etc, or is there a better product out there (commercial or not) that will handle all of the same sorts of things, but designed for virtual machines? What sorts of VM-specific things are you thinking of? ie., from the perspective of something running inside the VM, what is there that the configuration management software would even be able to see/detect/ manage? I mean, you could say VMware-Tools, but, realistically, that's just another package installed on a given host, just like any other software package. What challenge are you trying to overcome? Cheers, D ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
dredd What sorts of VM-specific things are you thinking of? ie., from the dredd perspective of something running inside the VM, what is there that dredd the configuration management software would even be able to see/detect/ dredd manage? dredd What challenge are you trying to overcome? Specifically, something that is aware of what physical host that a vm resides on so that it can tie into things like being able to track serial console access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and know when a machine relocates using vmotion or other similar technology. A tool that will do all of this would be optimal, but I have a feeling that asset tracking + change control + config management isn't something that's out there right now. ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
On Jun 23, 2009, at 12:14 PM, A. Rich wrote: Specifically, something that is aware of what physical host that a vm resides on so that it can tie into things like being able to track serial console access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and know when a machine relocates using vmotion or other similar technology. A tool that will do all of this would be optimal, but I have a feeling that asset tracking + change control + config management isn't something that's out there right now. My $0.02 worth, but I would say that any package which tried to tie a VM to it's host components (e.g., the physical components of the ESX server hosting it) would be very very complicated, especially if you added things like DRS into the equation, taking the human element out of vmotion, storage vmotion, etc., etc. Especially considering how, difficult, it can be to get useful data out of VirtualCenter for third-party apps. :-) cheers, D ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
dredd My $0.02 worth, but I would say that any package which tried to tie a dredd VM to it's host components (e.g., the physical components of the ESX dredd server hosting it) would be very very complicated, especially if you dredd added things like DRS into the equation, taking the human element out dredd of vmotion, storage vmotion, etc., etc. Exactly why I was hoping that someone else had already solved this problem and/or had a suggestion about how best to go about it. :} ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
[lopsa-tech] patch management for MacOSX
Folks, my google fu and lopsa.org searches are not narrowing it down for me. I've been handed a group that uses MacOSX and asked to craft a patch management approach for them. I use MacOSX at home, but have never managed a group of MacOSX machines (not server). We need to do some sort of patch management for these MacOSX machines. I could have sworn Ski or Leon had been in on a discussion about that long ago, but all I find is the bemoaning of a lack of Enterprise-ish tools and discussion of MacOSX vs. Linux. I'm trying to find what patch management approaches MacOSX sysadmins actually utilize, that they like. Two generic scenarios come to my MacOSX rookie mind: 1. Write ssh queries that look for OS versions and patch status, or 2. Utilize a CM tool like puppet/bcfg2/lfcg/fill in your fave. What do people who manage groups of MacOSX desktop machines actually use? To bound the exercise, let's just call patch management the following task. A vulnerability is announced, along with the patch. I want to generate a report that shows how many machines are affected in the denominator, and how many machines have actually been patched in the numerator. How do you manage MacOSX group patch deployment in this scenario? For this query, it doesn't matter whether your approach is home grown, open source, or commercial. ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] configuration management and vmware
On Tue, 23 Jun 2009, A. Rich wrote: dredd What sorts of VM-specific things are you thinking of? ie., from the dredd perspective of something running inside the VM, what is there that dredd the configuration management software would even be able to see/detect/ dredd manage? dredd What challenge are you trying to overcome? Specifically, something that is aware of what physical host that a vm resides on so that it can tie into things like being able to track serial console access, hardware contract numbers, PDU/network/fibre/rack allocation etc, and know when a machine relocates using vmotion or other similar technology. A tool that will do all of this would be optimal, but I have a feeling that asset tracking + change control + config management isn't something that's out there right now. this sounds like an inventory problem, not a software configuration problem. just like you can move a logical server (with all it's configs) to a different piece of hardware, and with some servers you can have multiple logical servers run in one serial numbered box (seperate motherboards, so logically multiple systems, but one serial number) you have your virtual machines moving from one physical box to another (sometimes manually, sometimes under automated controls) the inventory type software I have found all has problems with the concepts of multiple servers with one physical piece of hardware (most of them don't want to acknoledge that you may have more than a single NIC or IP address on a box), so I ended up writing my own database to track things. David Lang ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
Re: [lopsa-tech] patch management for MacOSX
On Jun 23, 2009, at 17:16 , unix_fan wrote: Two generic scenarios come to my MacOSX rookie mind: 1. Write ssh queries that look for OS versions and patch status, or 2. Utilize a CM tool like puppet/bcfg2/lfcg/fill in your fave. Apple's blessed solution seems to be radmind. sw_vers gives you the OS revision and kernel build level, but no patch information. softwareupdate lets you see what updates are available. Anything else I think ends up with you poking around under /Library/ Receipts/boms. The good news is that security updates are easy to track there: mress:4819 Z$ ls /Library/Receipts/boms/*update* /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.4.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.5.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.6.combo.bom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.7.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.002.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.005.bom /Library/Receipts/boms/com.apple.pkg.update.security.2008.007.bom /Library/Receipts/boms/com.apple.pkg.update.security.2009.001.bom (The bad news, as shown above, is that you have to intuit that 2008.005 also includes 2008.003 and 2008.004.) What do people who manage groups of MacOSX desktop machines actually use? To bound the exercise, let's just call patch management the following task. At present we're doing them all manually. I'd love to change this, but a not-insignificant number of them are laptops that might or might not be on our network at any given time. (Windows laptops have always given us problems as well.) -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu electrical and computer engineering, carnegie mellon universityKF8NH PGP.sig Description: This is a digitally signed message part ___ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
