Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Distro Remote Package Administration?

Posted by kdawson on from the i-patch dept.

tobiasly writes "I administer several Ubuntu desktops and numerous CentOS servers. One of the biggest headaches is keeping them up-to-date with each distro's latest bugfix and security patches. I currently have to log in to each system, run the appropriate apt-get or yum command to list available updates, determine which ones I need, then run the appropriate install commands. I'd love to have a distro-independent equivalent of the Red Hat Network where I could do all of this remotely using a web-based interface. PackageKit seems to have solved some of the issues regarding cross-distro package maintenance, but their FAQ explicitly states that remote administration is not a goal of their project. Has anyone put together such a system?"

8 of 209 comments (clear)

  1. Tools exist by PeterBrett · · Score: 5, Informative
    1. Create a local package repository for each distro.
    2. Set apt/yum to point at only the local repository.
    3. Create a cron job on each box to automatically update daily.
    4. When you want to push a package update out to all boxes, copy it from the public repository to the local one.
    5. Profit!
    --
    Pirate Party UK
    1. Re:Tools exist by Jurily · · Score: 4, Informative

      When you want to push a package update out to all boxes, copy it from the public repository to the local one.

      Assuming of course all boxes have the same version of the OS, the same packages installed, etc.

      I suggest tentakel, and that OP could have found it in 2 minutes with Google. I did.

      http://www.google.co.uk/search?q=multiple+linux+remote+administration The first hit mentions it.

  2. Puppet or CFEngine + Version Control by hax0r_this · · Score: 4, Informative

    Look into Puppet or CFEngine (we use CFEngine but am considering switching to Puppet eventually). They're both extremely flexible management tools that will trivially handle package management, but you can use them to accomplish almost any management task you can imagine, with the ability to manage or edit any file you want, running shell scripts, etc.

    The work flow goes something like this:
    1. Identify packages that need update (have a cron job run on every box to email you packages that need updating, or just security updates, however you want to do it)
    2. Update the desired versions in your local checkout of your cfengine/puppet files (the syntax isn't easily described here, but its very simple to learn).
    3. Commit/push (note that this is the easy way to have multiple administrators) your changes. Optionally have a post commit hook to update a "master files" location, or just do the version control directly in that location.
    4. Every box has an (hourly? Whatever you like) cron job to update against your master files location. At this time (with splay so you don't hammer your network) each cfengine/puppet client connects to the master server, updates any packages, configs, etc, runs any scripts you associated with those updates, then emails (or for extra credit build your own webapp) you the results.

  3. Re:Can You Script? by dns_server · · Score: 4, Informative

    The corporate product is http://www.canonical.com/projects/landscapeLandscape

  4. Re:You don't want it by galorin · · Score: 5, Informative

    Depending on how uniform your servers are, keep one version of CentOS and one version of Ubuntu running in a VM, and have these notify you when updates are available. When updates are available, test against these VMs, and do the local repository thing suggested by another person here. Do one system at a time to make sure something doesn't kill everything at once.

    Web based apps with admin privs are fine as long as they're only accessable via the intranet, strongly passworded, and no one else knows they're there. If you need to do remotely, VPN in to the site, and SSH into each box. You're an Administrtor, start administratorizing. Some things just shouldn't be automated.

  5. yum-updatesd is meant for that by MrMr · · Score: 5, Informative

    1) yum -e whateveryoudontneed
    2) chkconfig yum-updatesd on
    3) Make sure do_update = yes, download_deps = yes, etc are set in yum-updatesd.conf
    4) /etc/init.d/yum-updatesd start
    This makes your yum system self-updating.

  6. Re:Remote admin of a UNIX box? by supernova_hq · · Score: 4, Informative

    Sorry to reply to my own post, but circlingthesun actually posted the name of it below!

    clusterssh

  7. Re:Remote admin of a UNIX box? by walt-sjc · · Score: 4, Informative

    It's called "dssh". Google is your "search" friend (we will ignore the evil side of Google at the moment... :-)