Large Scale Linux Enterprise Management

Large Scale Linux Enterprise Management

If you're managing a network of more than say 10 computers, keeping them all updated, secured and managed properly is a big challenge. The more computers you get - both servers and desktops - the worse it gets.

Until recently, Windows really held the market in deploying multiple desktops. Active Directory and WDS makes it relatively easy, even if you do need a degree in Active Directory to not screw something up. On the Linux side most of the enterprise management systems were either for Red Hat or commercial products. Please don't hang me if I'm just not aware of them because I only recently started noticing these apps.

Enter Reductive Labs' Puppet. In the past few posts I've covered how to automatically install Ubuntu Linux over the network to multiple computers quickly and easily using PXE, Kickstart and a simple script. Puppet is the icing on the cake and so much more.

With Puppet, I'm able to simply specify a hostname for the new computer before starting the unattended install and walk away. After the OS is installed, Puppet will look up the computer in my LDAP directory where I have pre-configured special roles for it. It then utilizes a series of "recipes" to ensure that everything is installed and configured properly. It will then continue to monitor those settings to ensure they stay the way I intended.

Later on, I can simply add a new role to one or more computers and Puppet will automatically update the workstation with the new application, settings or whatever it is I need done. It supports a form of inheritance, so I can specify for instance that all of the accounting computers are configured a certain way, and then say that one particular accounting computer also gets another application installed.

I'm using it to distributed mandatory Gnome settings like ensuring that all of our desktops have password protected screensavers set at 5 minutes, and making certain that all of the desktops have a firewall that blocks both incoming and outgoing ports they don't need to use.

Puppet is still pretty esoteric at this point - requiring hand editing of various recipes and manifest files to get the configuration the way you need. I found the documentation to be a bit... confusing at times as well with a lot of links in the wiki leading off to now missing pages. But, such is the life of a bleeding edge open-source advocate.

Now I have in my mind - someone (not me because I don't have time) needs to make an Ubuntu installer DVD that will install and configure a server with a PXE boot system and DHCP built in, LDAP configuration and utilities, and puppet with a standard setup of recipes already installed. This one server could be used to automatically install and configure web servers, email servers, database servers and even client Linux workstations. A complete "Linux Enterprise" in a box.

If I knew more about packaging Ubuntu distribution media I'd probably do it.

Reductive Labs recently received $2 Million in venture capital to continue to enhance the Puppet system and roll out training boot camps. Maybe soon they'll throw some better user tools at it.

Posted by Tony on Sep 30, 2009 |