Deploying Red Hat Workstations

Wed Mar 17 17:22:28 UTC 2004

Christopher Ness wrote:

>On Wed, 2004-03-17 at 08:54, Chris Purcell wrote:
>  
>
>>>Why not create a local "up2date" server on your LAN that will only hold
>>>the packages you want your machines to have.  I'm assuming you want them
>>>all to be the same, correct.  Then set up2date to update automatically
>>>from the 'up2date' local server.  Very little outgoing network traffic
>>>and you control the packages/versions.  Seems good to me.
>>>
>>>I'm not sure how to set up an "up2date/yum/apt-get" server but maybe
>>>someone else has some experience.
>>>      
>>>
>>I was thinking about creating a central apt-get server.  You don't think
>>it will be too messy to install RPMs for every change I want to make?  For
>>example, lets say that I simply wanted to add a single Perl script to
>>/usr/bin, for example.  I would have to create an RPM package for that
>>single Perl script.  Do this even matter?
>>    
>>
>
>That's a fair question.  Do you use DHCP or static IP's.  In static IP
>land you are laughing because you can keep a text file of all the
>machines you monitor.  
>
>Use the IP information to write a simple shell script that will `scp`
>the file to the boxes (yes this means setting up a system account [don't
>use root!] and keeping logins the same on all the boxes.  GUARD THIS
>PASSWORD WITH YOUR LIFE).   Be sure to change the system box passwords
>regularly and use a STRONG PASSWORD.  There may be a better way, but
>this is all I can come up with right now.
>
>If they are all on the same subnet you could try broadcasting to the
>subnet your commands.  Other machines without the correct user account
>will not answer and will not be pushed the file's.
>
>There is no silver bullet!  But with enough money and experience you can
>get a bronze one.  ;)
>
>You could also look into red-carpet from Ximian.  I think they can
>connect to remote machines as well and may serve your purpose.
>
>HTH,
>Chris
>  
>
If you needed a common login on all the boxes would that not be possible 
using LDAP or the like.  I have not done such but I think it would be a 
useful thing to do (as an aside is there any guidance on the web for the 
inept like me about how to do this?).  Having to update passwords on 
several machines to keep up with password update rules is, by my 
experience, a royal pain.

Personally I run a local mirror to keep our four FC1 boxes up to date at 
this site.  I rsync from a mirror in the uk to a local dir then deliver 
that local dir with Apache (http server).  All the boxes point to the 
local http:\\  location to get updates. 

I don't see why you could not rpm up any local changes, put it in the 
appropriate site in the mirror then let the other boxes pick it up and 
install it.  The custom rpm could bundle up all local changes could it 
not?  Or you could have more than one  local customizing rpm if there 
are logically separate things to do.

Mike