[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Debian in Server Farm

> > 1. What is the recommended method to synch config files on 
> all "real"
> > servers (Eg. Httpd.conf, horde/imp config files etc?) - 
> Have only one 
> > server that admins connect to for mods, then rsync any 
> changes to the 
> > other servers?
> 
> I asked a similar question a few months ago and someone 
> suggested 'cfengine'. I started using it and, after a bit of 
> learning curve, I have probably 30 machines (Debian woody) 
> being managed automatically by it. It works great. I think 
> the version in woody is old, so I got it from the upstream 
> site. Basically you can store configuration files and other 
> "actions" on a master server. Then you can cause (through cron, for
> example) each client machine to be updated with current 
> config files and other "actions". These files can be scripts, 
> so essentially you can do pretty much whatever you want to do.
> 
> For example, I have a list of the Debian packages that should 
> be present as one of the config files that gets transferred 
> to each machine when cfengine runs on the master. There is 
> another script that runs on each machine (also controlled by 
> cfengine)  that sets this new list of packages (dpkg 
> --set-selections) and then runs apt-get update/upgrade, etc. 
> So to add a package to my machines I just edit the one 
> package file on the master and then the clients get update 
> either when cfengine runs through cron (once a day for me) or 
> you could run it manually at that time if you needed the 
> update sooner. It works really well.

Thanks for the info - cfengine looks excellent!

> 
> >
> > 2. What about logfiles - We would have all users mail etc on an NFS 
> > share - Can you do the same for logfiles?(Or do you get locking 
> > issues?)
> > - From a statistical aspect, it would be a pain to have to 
> collaborate 
> > each "real" servers logfiles, then run analysis. Also from 
> a support 
> > perspective - How are support personnel supposed to know 
> which "real"
> > server a client would actually be connecting to in order to see if 
> > they are entering a wrong username/pass etc?
> 
> I don't have a lot of experience with this but I would 
> configure syslogd to send logging info to a master "log 
> server". I think it is clear that which host they came from 
> in this configuration.

Agreed.

qmail logs will be my only issue - but I will ask on the qmail list. 

Regards,
MB
Reply to: