Centralized system administration

[ZippyJay]

First off, thanks in advance and thanks for all of the great info that I have already snarfed out if the forums!

Question:
Centralized system administration over multiple systems:

Most of my work with Linux has been in regards to utility and Windows facing uses. By this I a referring to the use of NAT, Firewalls, Proxies, Email and File (Samba) servers. I have worked with Linux for a while now and understand most of the ins and outs of system administration, but I have never worked very much with integrating Linux systems in a network environment with each other.

Right now I have 3 Gentoo servers running at my organization and a few other flavors of Linux servers (which will soon be moving over to Gentoo as well).
I already utilize programs like SSH for remote administration and an occasional shell script here and there, but what I would really like to do is start centralizing things like system logs and updates.
For updates I suppose I could write a few scripts that ran once a day that would sync portage and then check for updates on world and then email the data to me, but before I get into any of that kind of stuff I thought I would drop a thread and get some input.

Anyway, the main things I am interested in are:

1. Centralized management of updates (emerge updates). It would be great to not have to sync and emerge each pc individually. Even if I could automate or group part of the process…
2. Centralized Log management. I have read a little on this, but would love to hear your comments.

I have never played with NFS, NIS, LDAP or any of that sort of integration related stuff. I sure there is all kinds of different script related fancy things that relate to these sort of things also.
I am sure some of you folks have some great ideas on how to ease management of several boxes. Any input on just about anything that pertains to centralizing management would be greatly appreciated!
_________________
ZippyJay

[Crisis]

[ZippyJay]

Thanks for the input. If anyone knows of this tutorial that Crisis is speaking of, please drop a line. Thanks.

Also, the more I dig on the forums, the more I find people complaining about Gentoo not scaling very well for large organizations.

Who here has successfully scaled Gentoo over a larger organization?
Or even over half a dozen boxes or more?
If so, how was it done?

Thanks again,
_________________
ZippyJay

[bigfunkymo]

people that say gentoo doesn't scale well for large organizations are generally not very creative ;)
_________________
[No package... Grabbing a set.]

[ZippyJay]

I am assuming most large organizations use Distcc to ease the time of compiling updates, and I would assume that there are some other tips for when you have several boxes.
Any info would be great on how to deal with multiple boxes in a production environment.

Thanks,
_________________
ZippyJay

[bigfunkymo]

I would assume otherwise... what I do is use one very fast machine to crunch updates and build binary packages... which then get pushed out to each host.

no need to rebuild them for each PC.
_________________
[No package... Grabbing a set.]

[robbyt]

[JTHM]

Hey, I'm not really too experienced in this field, but I'm definitely interested in it (currently running 1 desktop, 2 old laptops, and 1 PS2 on Gentoo, always looking for easy ways to manage them all :F).I think this is the tutorial that Crisis was talking about, though. I've got this setup on my network, and it works great. Real quick-and-easy.
_________________
Any problem can be solved. You just need to throw enough time and ninjas at it.

[Crisis]

Yep that's the one, thanks

[prleu]

you should also try this one:

http://gentoo-wiki.com/HOWTO_Using_a_shared_portage_via_NFS

[xbmodder]

No. NFS sucks. Sorry! use SMB. Smb is nice, easy, and windows compatible. Distcc is probably best for large compile. If you guys are using multi-threaded programs on an AMAZINGLY fast network use beowulf or openmosix. OpenMOSIX is probably better. Maybe we should start a program called GentooAdmin-Redhat-clone 1.0
_________________
http://xbmodder.us/

[ZippyJay]

Thanks for all the info and the link to the HowTo.

Other info to add to the pile:
This post talks about how to stream line updates. Seems like an interesting way of managing updates.

Thanks again! Any more input is always greatly appreciated!
_________________
ZippyJay

[bigfunkymo]

I don't think a local portage or distfiles mirror is what you want. What I do is use a very fast machine to do builds of binary packages and then I mount the /usr/portage/packages/All of that machine from all the other machines--which can be done via samba or with nfs (I use NFS). This machine also runs a local portage rsync mirror.

I build all updates with one machine and then all the other machines use these binary packages to install to themselves. I have it all automated via cron, works very smoothly

(ZippyJay, is your avatar the cover art from Defender?)
_________________
[No package... Grabbing a set.]

[ZippyJay]

funkymo,
10 Points for guessing correcty! Only 40 more points tell you get a Star.


Can I build binaries if I have different hardware configs? They only really differ by processor type (PII PIII and so on).

Thanks!
_________________
ZippyJay

[groovin]

hey zip,

i used to worry about gentoo scalability as well, but then i started thinking that with a few scripts and some good planning, cooking up your own solution is definitely possible. i say 'your own' because everyones environment will be different as will their needs, constraints, and own operational personalities.

i have a dozen gentoo machines, half of which are really critical, the other half being important enough that some people would be ticked off if they went down for a day or two.

NIS helps out alot, and its pretty easy to set up... just plan your mappings out carefully. there are some security considerations with NIS, but as long as you have other layers in motion, you should ok. LDAP/kerberos is supposed to be quickly replacing the aging NIS.

right now, i just have shell scripts running from cron jobs checking on things like disk space, mem usage, etc. when something odd happens, the script sends me an email (or page). i have nagios running to a limited degree... just testing it out at this point and using it to watch the availibilty of simple services like http and ftp. i do spend a good amount of time checking logs manually, so i threw together yet another script that copies the logs for the day and sends them in simple ascii text to a share where i can just give them a quick look over. yeah, central syslogging is available in any modern syslog daemon, but i though this would be fun for me (and it is).

now as far as managing updates and stuff like that, well i am writing some more scripts (yeah, more of those) to run emerge and check which updates are available, chop them up into a more pleasently viewable format and present them in html so i can see what updates are needed for any server, kinda like a poor mans RHN. changelogs will also be viewable so i can determine if a an update is needed. it wold be great to be able to issue the update command from the html gui, but hey... i suck at scripting...

[bigfunkymo]

As long as you're not seting the ARCH for portage, using different i686 class processors in the build machine and production machine should not cause a problem for you. I use my P4 3.2ghz with RAID0 to build binaries for my P2-350mhz based router and my linode.com rented server (which runs about 200mhz on the average and hd access is pretty slow because its a virtualized machine)
_________________
[No package... Grabbing a set.]