Systems Manageability Part 4: Systems Configuration

re: Systems Manageability Part 4: Systems Configuration

einhverfr — Fri, 08 Jun 2007 04:30:40 GMT

Just some notes about how OpenAFS can be used for this sort of thing. Essentially there are two methods: shared configurations and lockers. Note that OpenAFS can only be used in Kerberos environments. . In Linux, all configuration is done through a file interface. Most software allows for files to be stored in arbitrary locations, and even when that is not possible, symlinks can be used for this sort of thing. . One approach is to use a shared file layer to ensure standardized configuration between nodes on a cluster. This way, only a couple of redundant copies of a configuration need to be maintained for a large number of hosts, and all hosts forcibly use the same configuration. NFS has been used for this in the past, but NFS's security is not very robust, so frequently read-only configurations would be used. . OpenAFS is similar to Microsoft's DFS in function. It is fully Kerberized, and this allows for a greater degree of control over who may alter the permissions (i.e. permissions can be safely assigned to users on the network, and not restricted to hosts). . In this paradigm, every server on a server farm would likely be hitting a couple of replicated file servers forcibly sharing the same configuration files. Thus most system configuration could be forcibly shared across the server farm. . This method is preferred when you have many different OS and OS versions in the existing server farm because you can make fewer assumptions about what is on each machine (only the configuration files are shared). . The other paradigm is called "lockers" and was pioneered by the Athena project. Again, it leverages OpenAFS as a distributed filesystem to create self-contained storage units called lockers. Each locker contains a program or set of programs and all necessary libraries and configuration files for its operation that cannot be safely assumed to be available on the host platform. . A user then mounts the locker, and can run the programs from within it. This works well for both desktop and server environments where you have a fairly narrow supported configuration. Though it can be adapted to work with more heterogeneous environments, this adds a greater degree of complexity to this method. . These methods don't work well for Windows because most Windows software assumes that configuration data will be stored locally in the registry. Thus shared application configurations, or software installed on a network drive and accessible globally is not as practical. . THis gets back to my point about Windows and *nix being fundamentally different to administrate. Windows is internally more integrated and provides only more loose coupling between systems, while *nix is more loosely woven internally, and so the systems are best thought of as "IT Legos."

re: Systems Manageability Part 4: Systems Configuration

kishi — Fri, 08 Jun 2007 03:41:17 GMT

communist - I checked again and comments should be enabled. Please sign-on and let us know if you have any additional feedback for us.

re: Systems Manageability Part 4: Systems Configuration

kishi — Fri, 08 Jun 2007 03:41:14 GMT

communist - I checked again and comments should be enabled. Please sign-on and let us know if you have any additional feedback for us.

re: Systems Manageability Part 4: Systems Configuration

kishi — Fri, 08 Jun 2007 03:39:59 GMT

gregwallaceemu - I checked the site netdirector.org. VERY COOL .. I am impressed by the fact that its got an embedded Change Management Database built-in which is quite the need of the hour. THANK YOU for driving our awareness on that front.

re: Systems Manageability Part 4: Systems Configuration

kishi — Fri, 08 Jun 2007 03:37:45 GMT

einhverfr - as always, you continue to shed light on more prevalant and unique tools/apps and we're really grateful to you for brining this feedback to us. I'll make sure I look at OpenAFS and post something.

re: Systems Manageability Part 4: Systems Configuration

einhverfr — Tue, 05 Jun 2007 19:44:19 GMT

Sorry about the duplicate. I guess the comment count was not showing up on the front page.

re: Systems Manageability Part 4: Systems Configuration

gregwallaceemu — Sun, 03 Jun 2007 16:13:57 GMT

Hey Kishi, good summary! I'd love for you to check out our product as well and let us know what you think, and add it to this summary if you wish. You can find out more about our project at www.netdirector.org from there there is a link to download from SourceForge. Best, Greg Wallace

re: Systems Manageability Part 4: Systems Configuration

einhverfr — Fri, 01 Jun 2007 18:11:24 GMT

Two tools I would recommend using for larger environments with many similar Linux servers: 1) NFS or (more rarely) OpenAFS can be used to allow several servers with the same configuration to always have the same read-only copy available. This reduces the points of maintenance. A similar approach, using OpenAFS shares called "lockers" is behind the Athena approach to network management, though these lockers usually contain the entire applications, not just the configuration files. 2) CVS or SVN can be used to manage configuration files, merging changes between them, and more importantly tracking changes so that you know what changed when. This can be helpful for system configuration, change control, and even process control. And it can make troubleshooting a problem a whole lot easier.

re: Systems Manageability Part 4: Systems Configuration

communist — Wed, 30 May 2007 16:55:42 GMT

Seems as if comments are disabled? Anyway imho the best way is to use ssh as you'll find that on almost any linux distro under the sun ;)

re: Systems Manageability Part 4: Systems Configuration

einhverfr — Sat, 26 May 2007 02:28:32 GMT

Interesting post. I would add two more system configuration tools that you may have overlooked. They are not extremely commonly used but they can be very helpful for managing Linux/UNIX systems: - NFS: When a large number of servers need to share the same configuration, sometimes it is helpful to put that configuration information on a networked file server. OpenAFS could be used for user-specific sharing and security or where NFS is not feasible due to bandwidth limitations, etc. CVS (or SVN): With these programs, you can create, test, and maintain configuration files for groups of servers with identical configuration. SSH-based update commands can be used to push out the new files. Better yet, you can track the changes which makes for easier troubleshooting when something goes wrong...