On Mon, Nov 15, 2004 at 12:28:47PM +1100, Jamie Wilkinson wrote:
> This one time, at band camp, O Plameras wrote:
> >1. Given a specific server in the network, can remember exactly previous 
> >configurations
> >for 3 generations (parent, grand parent, and great grand parent) along 
> >with each file in
> >each of those generations.
> >2. Given a specific server in the network, SysAdmin must be able to 
> >revert back to that
> >generation along with each file in that generation through an operation 
> >or a set of
> >operations availble in the systems.
> 
> those last three are tough problems, but should be theoretically possible
> with either full dumps of the system before and after changes, or using some
> sort of delta algorithm. I think isconf does somethign close to this though
> -- at least in the forward direction.
> 
> I don't have that requirement for rollbacks though, I test on a small set of
> machines before rolling out new changes, changes are always small and
> manageable.  It's not a perfect method but it works.

Current versions of RPM allow you to rollback to previous versions of
software. I've never had a need to do it though, so I can't say if it
works as advertised or not. Your cross-platform requirement makes this
moot of course, but it gets you a little closer to a solution... It does
mean that you need to trust RPM for all your software management, which
is a decision you need to make.

> 
> >3. Must be able to effect change of Operating Systems from older version 
> >to a newer one.
> >Because of item 2. above the reverse will be possible.
> 
> cfengine and isconf are two tools that spring to mind for this task.  I'm
> using cfengine on a production network of 30ish machines with good results.

I've also heard of people storing all of /etc in version control for
this purpose. In my opinion it would be unnecessary if you kept your
cfengine stuff in a source control system, but it would give you that
absolute confidence that you could roll back and forward, even if
cfengine failed.

> >5. Must be able to effect change of Applications (delete, add, or a 
> >combination) for a given
> >server in the network.
> 
> cfengine again; servers on our network that are part of the, say, ftp server
> class, have their installed packages list checked, and packages installed.
> I don't do the reverse, because whilst I can guarantee that I need to
> install and configure a service on a machine, I can't guarantee that a
> machine that isn't part of a class isn't supposed to have that service
> configured.  At least, not yet (lots of auditing involved)

RHEL also lets you do centralised upgrades. Of course, I'm a total
amateur at this stuff, so I couldn't tell you if it lets you do the
reverse operation or lets you remove stuff. Jamie?

Actually, I know Mandrake has a 'parallel installer' application that
ships with it; it uses SSH to install upgrades on a small army of
Mandrake machines. Now, I'm not recommending Mandrake for production
server use here, but I'd be surprised if other distros didn't have
equivalent functionality. Does anyone know if this is the case?

> >6. Etc. that is to do with any management of changes in the server of 
> >the network.
> 
> Um.

Probably "ssh" is the tool you're looking for there :)

HTH,

James.

-- 
"Now, there are no problems  only opportunities. However, this seemed to be an
insurmountable opportunity."
 - http://www.surfare.net/~toolman/temp/diagram.html
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to