Manage great amounts of Fedora installations

Cameron Simpson cs at zip.com.au
Wed Oct 24 06:47:51 UTC 2007 

On 24Oct2007 08:11, Martin J?rgens <martin at gamesplace.info> wrote:
| I have lots of low-end computers (500MHz) and I volunteered to make a
| internet cafe in a youth club for them. Currently they are running
| Ubuntu 6.06 quiet nicely, but at some time, I want to upgrade the
| software on them.
| 
| So I thought of Fedora.

Doesn't have to be Fedora. I thought Ubuntu et al all upgrade pretty
happily as well. But whatever's easy is good.

| But my question is, how can I maintain that
| great amounts of computers easily? For example, how can I install the
| RPM "foo" on them? How can I tell them to update? How can I change the
| configuration files on all installations?
| 
| Note that there is nearly no money available on the side of the
| organization for doing investations.

Provided they are all the same configuration and setup, a lot of this can be
pretty easy.

_If_ you allow root (or, I guess, a user-with-root-sudo) to have
remote ssh access to them. Then you can orchestrate it all from a single
machine. Allowing this kind of access is a policy decision for you.
Within a well walled LAN (eg a company LAN) it's very handy. On a more
public LAN (maybe like your internet cafe) it may not be so desirable.

If you go that way, ensure that the ssh access (not just for root but
for any user) is _only_ by public key and _never_ by password. You can
also lock down which users may remotely log in. Make sure your root-key
is protected by a strong, long passphrase. If there are multiple admins,
use one key per admin. It can be their normal ssh key provided you
have ensured they have made a good one. This lets you revoke access is
someone leaves the admin group, and also prevents there being a single
key, which means a shared secret.

Anyway, presuming the above, you can do variations on this:

  for host in machine1 machine2 ...
  do
    ssh -n "root@$host" "yum -y update packagename"
  done

Urr, sorry, that's Fedora speak; in Ubuntu your use some kind
of "apt" incantation. But the approach is the same.

You can keep all the machine names in a file:

  while read host
  do
    ssh -n "root@$host" "yum -y update packagename" </dev/null
  done <file-of-host-names.txt

Note the </dev/null on the ssh to avoid having it eat the while loop's
input.

And so forth.

If your key is in your ssh-agent, the above is very painless.  I have a bunch
of scripts[1] that do this kind of thing. There are also several tools
floating around for batch administering machines[2,3].

I'm sure you already have a squid proxy in place; make sure your package
update tools are configured to use it for their package fetches!

[1] http://www.cskk.ezoshosting.com/cs/css/bin/
    and http://www.cskk.ezoshosting.com/cs/css/
[2] http://freshmeat.net/browse/253/
[3] http://freshmeat.net/browse/4/

Cheers,
-- 
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

People who write "obtuse" to mean a mixture of "obscure" and  "abstruse" are
displaying their own obtuseness. - Eric Minch <minch at lotka.stanford.edu>

More information about the users mailing list