George rambling on . . .
Making Sure Servers Are Identical
=================================
I have a file called /root/changes that is actually a shell script of
every command I issue to make a change on a box. If I need to make a
change to httpd.conf, for example, I script it with sed or vi.
Here's an example of how it worked: I built a web server in development,
and tested it. Once we were happy with it, we deployed the production
server and executed the commands in /root/changes by scraping and
pasting the commands. It took 15 minutes to configure the prod server
and 30 minutes to upload content. I could have executed the file, but
chose to carefully view the results of each command instead.
When we had to add mail functionality, I built qmail in development,
added the instructions to /root/changes, and paste/scrape in prod.
Easy-peasy. Then I updated /root/changes on the prod server :)
Needless to say, I absolutely backup /root as my DR plan for that server
is stored there :)
Managing Multiple Servers Simultaneously
========================================
If you need to make small changes to many machines, consider using an
expect script called multixterm that allows you to spawn multiple xterms
with one command window. This way, all you need to do is enter the
command once in the command window, and it goes to every box you have an
xterm on.
DANGER *** DANGER *** DANGER *** DANGER *** DANGER *** DANGER
You better type the command perfectly. If you make a mistake, you are
magnifying your mistake exponentially.
I used this method at IBM for the 100+ servers I admin'd. It drove
management nuts, but I was 4x as efficient as most other SA's (by their
metrics). Since the script was standard and well tested by the OS
Engineers, I could update the servers as fast as I could log in and
paste the commands.
Ever try to manage 100+ xterms? I used icewm with 12 desktops on two
monitors to logically group the xterms and position them so I could see
the results of the commands. (It was actually icewm under cygwin on
Windows XP.)
Different Method
================
When I was at a web hosting company in L.A., I developed a system where
I could push out updates in the form of a script. Every hour, the
recipient boxes would check for the update script and execute it. Yes,
I made a mistake on one push and had to engineer a fix and push it out
in under an hour. There is much to be said for *thoroughly* testing
your changes as well as scrape and paste :)
Cheers!
George Toft, CISSP, MSIS
623-203-1760
Dazed_75 wrote:
> I find myself making the same alterations to a small number of systems
> but some of them repeatedly as I try different distros. I try to keep
> some notes but find they are inadequate and inconsistent. It is also
> painful to always make the changes manually. I know that in large
> environments there are tools such as source management systems, network
> installers, etc. but they are serious overkill to the small network or
> individual user such as I.
>
> It occurs to me that this is a situation many of you have faced and
> perhaps conquered. My hope is that there are some best practices people
> might be willing to discuss here and that the discussion might be useful
> to others besides me. So if you have favored techniques or tools, lets
> hear about them. For example, a tool/script/etc to scan for and
> document changes from a base install, a format/method for noting changes
> made (and when/how?), or a reasonable means for re-asserting those
> changes after a system re-install or upgrade. Yes, it is a lot to ask
> but not asking helps no one.
>
> --
> Be who you are and say what you feel, because those who mind don't
> matter and those who matter don't mind. - Dr. Seuss
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)