On Thu, Nov 02, 2006 at 08:10:50PM -0500, Michael Lockhart wrote: > All, > > Here's a question that I wanted to pose to the OpenBSD community about > managing and maintaining a large number of OpenBSD systems in the > field. To provide some background, we currently have 650+ OpenBSD 3.2 > systems in the field, and I've been dealing with a fair share of > headaches bringing our software to a baseline across the board on all > these systems. Keep in mind most of what I'm working on is > independent from the OS install itself. Here's the things that I've > got solutions in place for, but would like some input on projects > available, or good feedback from other's who have maintained a large > number of disparate systems: > > 1. Reliable package building system to auto-generate OpenBSD packages > that are compliant as much as possible with the standards enforced by > OpenBSD. I've got scripts to do this right now, but I'm not happy > with them.
How about just using the ports framework? > 2. Command and Control. What projects or capabilities are available > for performing remote command and control over services, packages, and > system health? Currently, all push/pull is done with perl/sh scripts > to bring files over, sanity check, install, update, etc. I've been > leaning towards creating a daemon that runs on each system and has a > secure connection back to a centralized location for determining if > updates are available. My proof of concept works, but thoughts on how > to do this right are GREATLY appreciated. cfengine and monit have already been mentioned; rdist is old, doesn't have as much features and is not terribly efficient, but it is in base. And it works, provided you use aforementioned shell/perl scripts to supply what it doesn't do natively. > 3. Remote upgrading. Going from 3.2 -> 3.8 or 4.0 is going to be very > difficult, and the approach that I am taking right now is creating a > bsd.rd based kernel/image that will boot fully into memory, and > contain the appropriate scripts to re-initialized the disks, > rsync/scp/ftp/get/whatever the new base image and kernel over, then > reboot, and go into the new image, and perform the rest of the upgrade > from there. Has anyone done something similar to this or know of any > projects along these lines? I believe Matt Sauve-Frankel <msf at kisoku dot net> has mentioned that he has a working version of a remote install system: http://marc.theaimsgroup.com/?l=openbsd-misc&m=116251490911475&w=2 Testing is likely to be appreciated. > Anyway, just wanted to get some feedback from the community and see > what everyone had to say on this stuff. Thanks in advance everyone. A repository of shared stuff (packages &c?) can be very useful. NFS has trouble with failover, but it well-supported; AFS trades the one for the other. A plain old FTP server might work, but is not nearly as convenient. In all cases, setting up IPsec first is probably a good idea, but since you're going to be upgrading to 4.0 anyway, that is not too difficult. IPsec also makes backups and syslog much easier. Joachim
