Professional Web Applications Themes

Software configuration management tool required - Linux / Unix Administration

Hello group, Our company has more than 100 servers running all different kinds of services which are currently all doented. The problem is: after a couple of months the piece of paper will be worthless if it doesn't get updated by the system administrators logging what they changed. There are several administrators working on the servers and the problem is that not everything which gets changed will be logged. People forget about it, or just don't care to log. Management has now issued a new policy requiring *everyone* to log the changes. Unfortunately, checking all the servers if the administrators ...

  1. #1

    Default Software configuration management tool required

    Hello group,

    Our company has more than 100 servers running all different kinds of
    services which are currently all doented. The problem is: after a couple
    of months the piece of paper will be worthless if it doesn't get updated by
    the system administrators logging what they changed.

    There are several administrators working on the servers and the problem is
    that not everything which gets changed will be logged. People forget about
    it, or just don't care to log.

    Management has now issued a new policy requiring *everyone* to log the
    changes. Unfortunately, checking all the servers if the administrators are
    living up to the policy is a very time-consuming task.

    Is there any software out there which is able to check remote servers on
    their running services and their configuration? I need to know which
    services are running, where their configuration lives, where they're
    logging to, where theier data is stored (if any), what their dependencies
    are, which cronjobs are planned and when, ...

    Unfortunately I can't use snmp, since that only lists services *currently*
    running, no cronjobs and no configuration files etc.

    I know there probably won't be any tool out there which is able to do all
    the stuff we want, but if it only detects a little bit it would be of great
    help to us.

    The servers are running different versions of Linux and FreeBSD.

    Please let me know if you know any software for this purpose.

    With Regards,
    Vincent van Scherpenseel.
    Vincent Guest

  2. #2

    Default Re: Software configuration management tool required

    On Thu, 18 Aug 2005 10:53:25 +0200, Vincent van Scherpenseel <invalid> wrote: 

    ....that you know of...
     

    Yup.
     

    Normal and predictable behavior, yes.
     

    Couple of thoughts. On a basic level, you could get your logging by
    instituting sudo on your servers - all work done as root is logged in
    that manner. The logs aren't the most human readable but they're
    complete.

    There's a commercial product called "BladeLogic" (named strangely as it
    has nothing to do with specifically blade servers, but there you go)
    which we'll most likely be putting in place next year here, for our
    100+ unix boxes. It has all the logging, rollback, things like "change
    the encryption on all apache instances in the DMZ" type logic, and a ton
    of other stuff. Scheduling as well. They'll come out & give you the
    dog&pony show; we had the demo and it looks pretty good. A friend of
    mine went to work for them and he's pretty cynical generally, but he's
    very enthused about this; for a while after he went there he'd call and
    tell me "Hey, you know that quarterly patching you guys do? I've got a
    module that does it hands-off", and so on. Looks like a solid tool,
    and not obscenely expensive.
     

    Yup. Same reasons we went looking for something else, and when budget
    allows (next fiscal year) we'll most likely go with it.
     

    Likewise; we prefer open source for several reasons, and I'd love to
    hear about other options as well. But, sometimes, buying a commercial
    package makes sense.

    Dave Hinz

    Dave Guest

  3. #3

    Default Re: Software configuration management tool required

    Dave Hinz <net> writes:
     
    [...] 
    >
    > Likewise; we prefer open source for several reasons, and I'd love to
    > hear about other options as well. But, sometimes, buying a commercial
    > package makes sense.[/ref]

    You may be interested in some of the papers and the mailing list over
    at:

    http://www.infrastructures.org/

    There's a similar mailing list for network people:

    http://www.greatcircle.com/lists/network-automation/

    --
    David Magda <dmagda at ee.ryerson.ca>
    Because the innovator has for enemies all those who have done well under
    the old conditions, and lukewarm defenders in those who may do well
    under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
    David Guest

  4. #4

    Default Re: Software configuration management tool required

    Vincent van Scherpenseel <invalid> writes:
     

    For procedures a Wiki could be useful. Also, a weblog where people can
    post could also be useful for simple "heads up" posts about changes or
    planned changes.
     

    A combination of restricting root access, using sudo, and something
    like RCS/CVS/Subversion may encourage people to 'follow procedures'.
     

    Discipline comes from inside, not from outside. (I think I got that
    from a fortune cookie. :)
     

    SNMP (or other monitoring system that uses SNMP) should be looked to
    help monitor how things are running. The system administrators should
    be one of the first people to know when things aren't working
    properly. Something like Nagios doesn't cost a penny, and isn't too
    difficult to set up.
     

    I would look at radmind:

    http://rsug.itd.umich.edu/software/radmind/

    Perhaps cfengine as well:

    http://www.cfengine.org/

    In another post I mention infrastructures.org; go through the mailing
    list archives as this has been discussed a couple of times.

    --
    David Magda <dmagda at ee.ryerson.ca>
    Because the innovator has for enemies all those who have done well under
    the old conditions, and lukewarm defenders in those who may do well
    under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
    David Guest

  5. Moderated Post

    Default Re: Software configuration management tool required

    Removed by Administrator
    Michael Guest
    Moderated Post

  6. Moderated Post

    Default Re: Software configuration management tool required

    Removed by Administrator
    Dave Guest
    Moderated Post

  7. Moderated Post

    Default Re: Software configuration management tool required

    Removed by Administrator
    Michael Guest
    Moderated Post

  8. #8

    Default Re: Software configuration management tool required

    On Fri, 19 Aug 2005 13:19:35 -0700, Michael Vilain <net> wrote: 
     
    >
    > Here's the meat of the problem we had: how do you doent changes to a
    > system?[/ref]

    Doent, or doent _usably_? Sadly, not a lot of overlap.
     

    Right. A centralized tool that allows you to make the changes, provides
    snapshots, and easy backout and automation would be the ideal. From
    their claims, bladelogic is just that, and the fact that a trusted
    friend who now works for them is still enthusiastic about it leads me to
    believe that it's more true than "marketing fluff".

     

    Well, if all changes are made by a mechanism that tracks, then you know
    what changes are made, by definition. It's a different way of working,
    though, and the best way to get something like that adopted is to have
    using it be less work than doing it the normal way. If it's harder
    _and_ a hassle, it'll get ignored.
     

    Or unless it's monday and you completely forgot what you did friday.
     

    I wish I had the time to know my logfiles personally, but with 6 guys
    and 100-ish servers, it's just not going to happen. Hell, I can't even
    remember all the sites we host anymore.
     

    Well, to some extent, I think. Again, we don't have it in yet so I'm
    somewhat speculating, but...our webserver cluster is a series of
    identical enough boxes. If, for instance, I want to turn off some
    encryption method on all apache instances...let's see, that's close to
    100 of 'em. Too many files to edit by hand for my comfort. In that
    case, the boxes don't need to be identical, and the files are _not_
    identical, but on all of 'em I need to change the line which says
    "blah +blurgh"
    ....to just say
    "blurgh"

    Sure, I could do some foreach server in (list) type thing, but there's
    no tracking. If I use the tool for it, it's tracked, the old version of
    the file is saved, and I can revert if I need to. All of these things
    are, of course, scriptable, this just puts a framework and a boatload of
    sample scripts to start with.
     

    Yup.
     [/ref]
     

    Ah. The position I'm trying to avoid, at least for now. Got it.
     [/ref]
     

    Something to consider, anyway, yes.
     [/ref]
     

    Customer gets to set the rules, after all. We've got some, well, let's
    just say large financial institutions whose names probably appear "in
    your wallet" that we deal with, and the demands of some of them are
    pretty strict. It's doubly ironic when those same companies show up on
    the front page of the WSJ for data security breaches, which, if they
    followed what they force us to follow, couldn't happen.

    Topic drift anyone? Sorry about that.

    Dave Guest

  9. #9

    Default Re: Software configuration management tool required

    Vincent van Scherpenseel <invalid> writes:
     

    Try ServDoc
    http://servdoc.sourceforge.net/

    It doents many "standard" services, configurations,... .
    All you need to do is to run it (it's just one perl script) on a
    regular basis and collect the results centrally.

    It's easy to add doentation for new services.
    Or ask the maintainer :-)

    Uli

    --
    '''
    (0 0)
    +------oOO----(_)--------------+
    | |
    | Ulrich Herbst |
    | |
    | Tel. ++49-7271-940775 |
    | |
    | de |
    +-------------------oOO--------+
    |__|__|
    || ||
    ooO Ooo
    Ulrich Guest

  10. #10

    Default Re: Software configuration management tool required

    Begin <local>
    On 2005-08-18, David Magda <dmagda+ryerson.ca> wrote:
    [snip!] 

    Thanks for the links and sorry for re-awakening a rather old thread,
    'twas interesting enough to drop the question here;

    Are there experiences with the arusha project/ARK here? I had a shot
    at it once, but then that test-server got usurped in one of the many
    other projects and I kinda forgot about it. It is python based which I
    don't like too much, but if the benefits are big enough that's easily
    overlooked, of course.

    http://ark.sourceforge.net/


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    jpd Guest

Similar Threads

  1. Replies: 5
    Last Post: July 20th, 08:45 PM
  2. Configuration Management Software
    By Nigel Howard in forum AIX
    Replies: 0
    Last Post: September 22nd, 10:05 AM
  3. Software Design - Software Management - Project Management
    By Paul Johnson in forum PERL Beginners
    Replies: 1
    Last Post: August 26th, 12:34 AM
  4. Software management
    By james leclair in forum Debian
    Replies: 1
    Last Post: June 30th, 05:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139