On 13 January 2012 01:57, Paul Graydon <p...@paulgraydon.co.uk> wrote:
> On 01/12/2012 03:51 PM, chaim.rie...@gmail.com wrote:
>>
>> On 1/12/2012 4:43 PM, Jimmy Hess wrote:
>>> Something to think about before attempting to centrally manage, your
>>> systems actually have to be centrally manageable -- that doesn't happen
>>> automatically and requires extra work.
>>>
>>>
>> this is why i never update. i would rather build a new image and deploy it
>> to the thousands of servers than worry about updates. be it an openssh
>> security notice, or new ntp configuration, for me it is easier to rebuild
>> servers than update config files.
>>
> For that matter, imaging is a bad way to go about handling this, you'd be
> better served by setting up something like Puppet or Chef and have them
> handle configuration management for you centrally, along with necessary
> software packages.
>
> Paul
I looked into Puppet and though I've got it managing parts of our
infrastructure it seems quite difficult to bolt on to an existing
setup. There are also some things that I can't see how to do easily
with Puppet ("Don't upgrade packages on the live environment until
we've tested them in staging" being a big one.)
I'm starting to look at Blueprint (http://devstructure.com) to help
build the Puppet manifests so that we can deploy Puppet without
breaking any existing machines, Puppet for configuration management
and Spacewalk to audit what is up-to-date and help schedule security
updates.
Dan
