Best Practices-System Changes (Small environments)

Eric "Shubes" plug at shubes.net
Tue Nov 21 08:39:12 MST 2006 

Very nice, George.

Instead of scrape'n'paste though, I'd be inclined to put all the commands in
an array. Then you could write a little super-script routine that would
allow you navigate/search/index through them and select the one(s) you'd
like to execute, instead of s'n'p. Maybe that'd be overkill.

I'm not adept at s'n'p in terminal mode. I should probably learn. Can
someone go over this at a meeting?

George Toft wrote:
> George rambling on . . .
> 
> Making Sure Servers Are Identical
> =================================
> I have a file called /root/changes that is actually a shell script of 
> every command I issue to make a change on a box.  If I need to make a 
> change to httpd.conf, for example, I script it with sed or vi.
> 
> Here's an example of how it worked: I built a web server in development, 
> and tested it.  Once we were happy with it, we deployed the production 
> server and executed the commands in /root/changes by scraping and 
> pasting the commands.  It took 15 minutes to configure the prod server 
> and 30 minutes to upload content.  I could have executed the file, but 
> chose to carefully view the results of each command instead.
> 
> When we had to add mail functionality, I built qmail in development, 
> added the instructions to /root/changes, and paste/scrape in prod. 
> Easy-peasy.  Then I updated /root/changes on the prod server :)
> 
> Needless to say, I absolutely backup /root as my DR plan for that server 
> is stored there :)
> 
> 
> Managing Multiple Servers Simultaneously
> ========================================
> If you need to make small changes to many machines, consider using an 
> expect script called multixterm that allows you to spawn multiple xterms 
> with one command window.  This way, all you need to do is enter the 
> command once in the command window, and it goes to every box you have an 
> xterm on.
> 
> DANGER *** DANGER *** DANGER *** DANGER *** DANGER *** DANGER
> You better type the command perfectly.  If you make a mistake, you are 
> magnifying your mistake exponentially.
> 
> I used this method at IBM for the 100+ servers I admin'd.  It drove 
> management nuts, but I was 4x as efficient as most other SA's (by their 
> metrics).  Since the script was standard and well tested by the OS 
> Engineers, I could update the servers as fast as I could log in and 
> paste the commands.
> 
> Ever try to manage 100+ xterms?  I used icewm with 12 desktops on two 
> monitors to logically group the xterms and position them so I could see 
> the results of the commands.  (It was actually icewm under cygwin on 
> Windows XP.)
> 
> 
> Different Method
> ================
> When I was at a web hosting company in L.A., I developed a system where 
> I could push out updates in the form of a script.  Every hour, the 
> recipient boxes would check for the update script and execute it.  Yes, 
> I made a mistake on one push and had to engineer a fix and push it out 
> in under an hour.  There is much to be said for *thoroughly* testing 
> your changes as well as scrape and paste :)
> 
> 
> Cheers!
> 
> George Toft, CISSP, MSIS
> 623-203-1760
> 
> 
> 
> 
> Dazed_75 wrote:
>> I find myself making the same alterations to a small number of systems 
>> but some of them repeatedly as I try different distros.  I try to keep 
>> some notes but find they are inadequate and inconsistent.  It is also 
>> painful to always make the changes manually.  I know that in large 
>> environments there are tools such as source management systems, network 
>> installers, etc. but they are serious overkill to the small network or 
>> individual user such as I.
>>
>> It occurs to me that this is a situation many of you have faced and 
>> perhaps conquered.  My hope is that there are some best practices people 
>> might be willing to discuss here and that the discussion might be useful 
>> to others besides me.  So if you have favored techniques or tools, lets 
>> hear about them.  For example, a tool/script/etc to scan for and 
>> document changes from a base install, a format/method for noting changes 
>> made (and when/how?), or a reasonable means for re-asserting those 
>> changes after a system re-install or upgrade.  Yes, it is a lot to ask 
>> but not asking helps no one.
>>
>> -- 
>> Be who you are and say what you feel, because those who mind don't 
>> matter and those who matter don't mind.  - Dr. Seuss
>>
>>
>> ------------------------------------------------------------------------
>>


-- 
-Eric 'shubes'

More information about the PLUG-discuss mailing list