automated linux deployment and config management at small scale - is it worth it?

linux debian configuration-management automated-install

I would recommend using a mixture of Debian pre-seeding, where you give the installer a text file that answers all the questions it would ask, and Puppet.

THe reason for using the preseeding, rather than FAI is that you don't have to set up an image first and deal with keeping it up to date. You will end up with an install very similar to what you would have if you did them all by hand. When you come to install a new release, you will have to update a config file with the changes, rather than having to rebuild a new image.

A configuration management tool is particularly useful where you have several servers performing the same role and you want them to be identical, e.g. webserver cluster. However, they can also be useful for configuring the base install of all servers. You're going to want to install particular packages on all your servers, like ntpd and a MTA. You're going to want to change a config file on all your servers. An additional benefit is that you can keep your manifests in something like subversion and keep a record of what changed on a server and who did it and why. Configuration management can also be a life saver in the case of a server failure and you need to rebuild it quickly. Install the OS (using FAI or preseeding), install puppet and away it goes, built back exactly as it was before. Obviously you'll need to keep backups of data.

Configuration management requires dedication to make sure you only make changes using it and will have an upfront cost setting things up, but once you have a working setup you won't regret it.

Puppet is the more modern of the two tools you've mentioned. I really recommend it to anyone. The configuration is a declarative language and is easy to build up higher level constructs. There is also a very large community around it and there are always people welcome to help on the mailing list or the IRC channel.


I'd recommend CFengine for any environment which is more than 2-3 boxes and where you have some concept of 'templates' or servers performing specific roles.

Why? Simply put it reduces mistakes, you have a tool which will ensure file/directory permissions are correct everywhere in the environment and when you come to roll out more servers, the tool handles absolutely everything and never makes any mistakes.

Contrast with even a skilled System Administrator rolling out a web server at the end of a twelve hour shift when things already went wrong.... Are they likely to remember that nasty little configuration file which needs to go in /etc/random/location/foo/bar otherwise the application will silently fail to do something rather important, like bill customers? :)

Tools like CFengine are also a great way to perform environment-wide security updates. Dropping a Nagios configuration (NRPE) onto all boxes is also a doddle. Whether you're dealing with five boxes or five hundred boxes you will save time with CFengine.

It is probably worth noting that my environment is a little larger, however I've also deployed CFengine for smaller environments than you note, hence the recommendation!

Probably your next question will be CFengine vs Puppet? That's a more difficult decision, and I've always gone CFengine due to (in the early days) some immaturity from Puppet, particularly around error logging.... these days I'm really not sure - have a play 'n see? Looking back to my specific issues with Puppet, they were SSL certificate related, painfully still recall the time I spent 3 hours diagnosing server <-> client connectivity issues in irc.freenode.net/#puppet with some hefty RTFM and RTFS only to find an error, not being logged, and Luke said, "Ah that's really difficult to fix" and never did. :(

Related

Alternatives to Heartbeat, Pacemaker and CoroSync?
Convenient Windows equivalent to tail -f logfile?
Distributed Storage Filesystem - Which one/Is there a ready to use product?
How to improve MySQL INSERT and UPDATE performance?
How does dropbox version/upload large files? [closed]
Resources for beginning Linux administrators
Configuring Apache 2.4 mod_proxy_wstunnel for Socket.IO 1.0
Two network interfaces and two IP addresses on the same subnet in Linux
Centralized management system for SSH keys?
Why are Linux-based operating systems considered safer than Windows? [closed]
What's the difference between a switch, a router, and a modem?
What antivirus do you recommend for dev boxes [closed]