Re: Spacewalk or similar for Debian?
Hi
On Wed, Apr 30, 2014 at 07:30:42AM -0400, Henning Follmann wrote:
> On Wed, Apr 30, 2014 at 10:15:43AM +0100, Karl E. Jorgensen wrote:
> > Hi
> >
> > Consider this scenario:
> >
> > - 1000+ servers (lenny, squeeze and wheezy) at varying degrees of
> > up-to-datedness with respect to security updates and general bug
> > fixes.
> >
> > - Demand for getting servers up-to-date. (They heard of heartbleed,
> > but chose to ignore all my previous notifications of security
> > problems. Go figure)
> >
> > - Risk-adverse non-technical upper management (spreadsheet mania)
> >
> > - Every update must be vetted and tested out first on development
> > servers, then QA servers, staging servers and live servers. No
> > exceptions.
> >
> > My current line manager knows only RedHat, and thus wants
> > "spacewalk". (Because this is he used before. In a "proper
> > enterprise". And Thus proper enterprises use spacewalk).
> >
> > Spacewalk looks sort of nice, but not quite the Debian way of
> > doing things.
> >
> > And I cannot imagine that I am the first person with this problem...
> >
> > How have others solved this?
> >
> > My main concern here is the security updates and point releases: I'm
> > pushing for getting all the servers upgraded to wheezy anyway, and as
> > part of the upgrade they'll pick up any pending (at that point in
> > time) security updates.
>
> There are a number of configuration management packages available.
> A nice comparison is available on wikipedia:
> http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software
>
> May I suggest Puppet. I think it is mature and has a active community
> around it.
Yes - we make extensive use of Puppet (and to some degree: ansible)
already.
However, the main demand appears to have a web interface, where
updates can be selected. Because that's what spacewalk has. And I
don't see puppet filling that gap :-(
--
Karl E. Jorgensen
Reply to: