I imagine you're looking for something along the lines of WSUS. There are
lots of ways to organize a set of (gentoo) servers, so I don't know if
there's one common tool out there to accomplish this just yet. However,
since it can be a chore to manage many of them individually, I've been
working on something kinda like this in my spare time. The current model
is as follows:
- A build server for each class of servers. They build updates for their
clients nightly.
- "Client" servers (auto) nfs mount the portage tree and packages dir for
their build server. Each client runs some reports each night that are
emailed to a common account. The reports include the output from the
following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p
- Some procmail filters/perl scripts take each of those emails and dump
them into a database for web viewing. Various other features are
planned for the web end, like inventory information, diffs of these
reports, etc. Logwatch data is also split up by type and dumped in
here.
- Another cron script sifts through the reports in the database from that
day and compiles a summary report.
Originally there were only a few servers, so a few emails to check a day
was no biggie, but eventually I needed a way to summarize it. I admit
this is isn't the most efficient way of getting that, but its been
evolving rather slowly.
Anyways, if anyone's interested I can post the procmailrc, scripts, and db
schema somewhere.
Here's an example of a security-check summary report. Currently the output is
split up by server class via data from the database and is formatted to allow
copy and paste execution on all hosts via cssh.
gentoo-i686ws update list:
You can perform the following command(s) to update the hosts with their updates:
# cssh \
rocket
# emerge -1ka \
=net-analyzer/wireshark-0.99.7
gentoo-ppcencoder update list:
You can perform the following command(s) to update the hosts with their updates:
# cssh \
ppcencoder01 \
ppcencoder02 \
ppcencoder03 \
ppcencoder04 \
ppcencoder05 \
ppcencoder06 \
ppcencoder07 \
ppcencoder08 \
ppcencoder09 \
ppcencoder10 \
ppcencoder11
# emerge -1ka \
=app-admin/syslog-ng-2.0.6
gentoo-p4srv update list:
You can perform the following command(s) to update the hosts with their updates:
# cssh \
mysql1 \
mysql2 \
gentest
# emerge -1ka \
=app-admin/syslog-ng-2.0.6
Brian
sysspoof <sysspoof@ng-lab.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello ML members,
>
> I am curious if there is any update system available for Gentoo Linux
> server for corporate use.
> With update system I mean a full concept with dist host, perhaps a
> webinterface where you can see all available server and what packages are
> out of date, cron job for daily --sync and world update. It should also
> contain a guide, shows how to configure the Gentoo server for those
> updates. For example it should recommend settings like
> FEATURES="protect-collisions" etc.
>
> Any input?
>
> Thank you,
>
> - --
> Patrick Grieshaber
> sysspoof@ng-lab.org
> http://ng-lab.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHgjjDPtCAYLeEIgwRAnCdAJ0XHmy7VFzf3aLVNl3QzBJ7hMgaiQCdH2FC
> IxcTc4B4rxblJywjDi+yquo=
> =dkJr
> -----END PGP SIGNATURE-----
>
> --
> gentoo-server@lists.gentoo.org mailing list
>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature