Hi On Wed, Apr 30, 2014 at 07:30:42AM -0400, Henning Follmann wrote: > On Wed, Apr 30, 2014 at 10:15:43AM +0100, Karl E. Jorgensen wrote: > > Hi > > > > Consider this scenario: > > > > - 1000+ servers (lenny, squeeze and wheezy) at varying degrees of > > up-to-datedness with respect to security updates and general bug > > fixes. > > > > - Demand for getting servers up-to-date. (They heard of heartbleed, > > but chose to ignore all my previous notifications of security > > problems. Go figure) > > > > - Risk-adverse non-technical upper management (spreadsheet mania) > > > > - Every update must be vetted and tested out first on development > > servers, then QA servers, staging servers and live servers. No > > exceptions. > > > > My current line manager knows only RedHat, and thus wants > > "spacewalk". (Because this is he used before. In a "proper > > enterprise". And Thus proper enterprises use spacewalk). > > > > Spacewalk looks sort of nice, but not quite the Debian way of > > doing things. > > > > And I cannot imagine that I am the first person with this problem... > > > > How have others solved this? > > > > My main concern here is the security updates and point releases: I'm > > pushing for getting all the servers upgraded to wheezy anyway, and as > > part of the upgrade they'll pick up any pending (at that point in > > time) security updates. > > There are a number of configuration management packages available. > A nice comparison is available on wikipedia: > http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software > > May I suggest Puppet. I think it is mature and has a active community > around it.
Yes - we make extensive use of Puppet (and to some degree: ansible) already. However, the main demand appears to have a web interface, where updates can be selected. Because that's what spacewalk has. And I don't see puppet filling that gap :-( -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140502062701.GE8743@hawking
