[olug] System management tools

Daniel Pfile daniel at pfile.net
Sat Nov 27 01:57:42 UTC 2004 

Hard job. No easy solutions. That's why you have a job.

This is what we were starting to do at work at the start of the new 
contract (75 server windows shop, but the principles apply) before I 
moved over to doing oracle development a few weeks ago. Keep in mind we 
were using hp insight manager to identify what the real configuration 
of the system is. You may want to look into what's available on linux 
for that. IM works with the HP hardware we were running so we knew when 
hardware was failing or failed as well. It also stored the data in a 
sql database so we can pull whatever data out we need.

The second part is a baseline. Identify what each server should be and 
replicate it as close as possible. "This is an MTA, it runs OS ver Y, 
MTA ver X with XX patch levels." "All our machines will log these 
daemons at this level to this logging server." and so on. Try to 
identify what does what and document it. Then when your system goes 
down you can look it over and find out what's different from the 
baseline. What changed?

For changing the systems, cfengine is good, CVS is also good. Try to 
keep your config files in version control. You can identify exactly 
what change was made when. Good stuff. Learn to script. Script 
everything. GET A TESTBED. If you're going to roll out a security 
patch, automate it with whatever you use (rpm, deb, cfengine, etc), 
TEST it on your test bed, then make sure it gets rolled out to the 
servers running that product (refer to your baseline).

That's the closest real world solution we could come up with while 
still managing to do our new installs, config changes, etc. The plan 
was still in a state of flux as I was leaving. I need to stop in and 
talk to my coadmin to see how it's going (we're still on the same 
contract, I just moved offices). I'm sure it will change and more 
automation will be applied.

Good luck.

-- Daniel


On Nov 26, 2004, at 6:58 PM, Don Kauffman wrote:

> Are you aware of webmin? It's a admin tool that can be installed on 
> most
> *nix systems and can be accessed securely through a web browser. I am
> not a system admin so can't speak about it's robustness but I use it at
> home. It does the job and more. It will work on all the *nix platforms
> that you mentioned.
>
> Check it out at and let us know what you think:
>
> http://www.webmin.com/
>
> Don Kauffman
>
> On Fri, 2004-11-26 at 18:06, Sean Kelly wrote:
>> I am currently looking for tools and solutions for maintaining system
>> configurations on many machines in a networked environment where each
>> machine may run one of several OSes, have several different purposes, 
>> etc.
>>
>> For example, some machines are running Linux (RHEL AS 3), some are 
>> running
>> HP-UX 11/11i, and some are running FreeBSD. Some machines are running
>> Oracle, some are running Apache, some are running ISC BIND, and 
>> others are
>> running Sendmail.
>>
>> I've looked at a few solutions, such as cfengine 
>> (http://www.cfengine.org),
>> the solution used by FedEx, and various other things. None of them 
>> seem to
>> hit the nail on the head, so to speak.
>>
>> I was curious what others are using out there, if anything. We're 
>> talking
>> at least a few dozen machines spread across a few subnets, OSes, 
>> services,
>> etc...
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list