Start presentation
Slide 1: Debian GNU/Linux 3.1 (Sarge) at GSI
Christopher Huhn
Slide 2: Woody installation
- Woody installation 2002/2003
- Server installation: cloning over NFS
Slide 3: Woody installation
- Configuration management: shell scripts
- Who dunnit? No revision control, no one to blame
- Centralisation achieved by central NFS mount
/usr/local
- Sparse documentation
- Know-how often only implicit
- Administration techniques don't scale well
- particularly in relation to the number of admins
Slide 4: Woody client
- "Groupserver" concept:
- classic NFS root concept
- shared read-only
/usr
- Client system - almost - completely on server (except for
/var
and /tmp
)
- Old server hardware
- Hardware maintenance painful
- Important binaries writeable (i.e.
/sbin/init
)
- No automatic upgrade for anything outside
/usr
- I. e. no automatic security updates for
/bin
, /sbin
binaries
- No automatic distribution of
/var
or /etc
files
Slide 5: Into the future ...
- http://www.infrastructures.org/ - Site management best practices
- System administration should not work like craftsmen
- Infrastructure architects
- Configuration as condensed and central as possible
- FAI: Fully Automatic Installation framework
- Plan your installation and FAI installs your plan
- Debian-centric but very flexible
Slide 6: Into the future ...
- Cfengine - configuration management framework
- centralised and pull-based
- description of the intended configuration state
- not a sequential list of actions to be performed
- Use of Debian tools (Package management, Debconf) wherever appropriate
- Debian repositories used:
- Debian, Debian-Security, Backports.org, Debian volatile, GSI repository
Slide 7: Into the future ...
- More services - increased diversification
- Divide installation and configuration into host classes
- Keep It Small and Simple - only install what's required for a service
- Installation and configuration system excellence indicator:
- Reinstallation to service production state should be
- completely unattended and
- faster than a restore from tape backup
Slide 8: ... back to the past?
- NFS root reinvented:
- Single system image
- Shared by all clients
- managed with cfengine
- completely distinct from the server system
- read-only root filesystem
- unionfs filesystem
- All host-specific files in a central Subversion repository
- Accessed via WebDAV/davfs
Slide 9: Pros
- Improved security
- Difficult (impossible?) to hack
- Updates even when the box is down
- ready for dual boot / multi boot
- Improved reliability?
- Improved performance (new hardware)
- Instant installation (~ 2 minutes)
- Can be performed by the operators
- Ease of administration
- Condensed and centralised
Slide 10: ... and Cons
- Completely reliant on the network
- Inferior performance compared to local installation?
- Installation time irrelevant if installation request response time is in size of days?
Slide 11: On and on and on and on ...
- Create NFS root image with FAI
- Move to 64bit
- Upgrade to Etch
- GSI Knoppix CD?
- failover NFS-Cluster
- Build a complete test environment
Slide 12: Fabric management
GSI Linux infrastructure framework
- Set ALLOWTOPICCHANGE = Christo
- Set ALLOWTOPICVIEW = *
--
Christo - 06 Jul 2006