Re: Large install and roll-out

[Adrian Phillips]

>>>>> "Rune" == Rune Mossige <runemo@stavanger.geco-prakla.slb.com> writes:

    Rune> In about 4-6 weeks, we will install a 128-node dual-CPU
    Rune> Linux cluster, running RedHat Linux 7.2, and I'd like to
    Rune> install cfengine on all those hosts at the same time....

    Rune> I guess that I am not the first, so I'd like to hear how
    Rune> others have done a similar thing.

    Rune> One think that I noticed, is that the cfengine install docs
    Rune> advises to first install cfenvd, and let it run for a week,
    Rune> before cfkey is run to generate the keys....this is not
    Rune> going to work for us, as we need to start using cfengine
    Rune> asap.

I don't even run cfenvd and it works. Note I would assume this has got
more to do with OSes that don't have /dev/random, but I am no security
expert.

    Rune> Also, after this initial rollout, we will need to update the
    Rune> kernels on all hosts very early after the initial
    Rune> bootstrap. How do others update a large number of RedHat 7.2
    Rune> machines with a new kernel? Is it OK to compile on one host,
    Rune> and then just tar up the /lib/modules and /boot directories,
    Rune> and re-run lilo on each host after untarring?

Well, I don't know Redhat, but with my Debian machine I have the
following lines in one of conf. files :-

control:
        linux.!smp::
                smp_up = ( up )
                kernel_image = ( kernel-image-2.2.20+up )
        linux.smp::
                smp_up = ( smp )
                kernel_image = ( kernel-image-2.2.20+smp )

shellcommands:
        # Upgrade the kernel if specifically requested
        linux.upgrade_kernel::
                # Make sure grub is updated as well as update-grub
                # didn't get the kernel order right in an earlier
                # version
                "/usr/bin/apt-get -q -q -y install grub $(kernel_image)"


Then I run cfagent -Dupgrade_kernel. I don't do this automatically
because I don't like automatic kernel upgrades but there would be no
problem removing the upgrade_kernel check then apt-get would be run
each time (although, of course it doesn't do anything if the latest
kernel is installed). The difference maybe that apt is setup to pickup
some packages from a local spool on a central server. If I wanted to
do automatic upgrades then I could just compile up a new kernel, copy
it to the spool on the server and next cfagent run would do the
upgrade. Does Redhat have something similar (I understood that
somebody had ported apt to support rpm which maybe one way of doing
it),

Sincerely,

Adrian Phillips

-- 
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]