1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Monitoring Linux servers and desktops?

Discussion in 'Business & Enterprise Computing' started by tin, Sep 11, 2016.

  1. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    I'm trying to work out an easier way to keep a bunch of Linux boxes up to date. Roughly 10-15. Mostly Debian, but a couple of others too. Currently, most are done with ClusterSSH, and the remaining ones are done individually.

    I think what I want is something that can list which machines need updating, and let me push a button to say to do it... Is there something (free & open) like that?

    I did start trying to get my head around puppet, but it seemed like overkill for this task. Am I wrong in thinking that?
     
  2. OMGguru

    OMGguru Member

    Joined:
    Apr 1, 2003
    Messages:
    3,488
    Location:
    CFS
    Puppet is the correct answer.
     
  3. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,536
    Location:
    Briz Vegas
    There I fixed that for you.

    Salt Stack
    Chef
    Ansible
    <add any number of other automation scripting/deployment systems>

    What about monitoring?
    Nagios
    Munin
    Ganglia
    Zenoss
    <heaps of others>
     
  4. elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,813
    Location:
    Brisbane
    I wouldn't call this "monitoring". You're after patch management.

    RedHat/CentOS/ScientificLinux/Fedora has "Spacewalk", which is the open source project that backs their commercial "RedHat Satellite":
    http://spacewalk.redhat.com/
    https://www.redhat.com/en/technologies/management/satellite

    Ubuntu has their commercial-only "Landscape":
    https://landscape.canonical.com/

    These are all more akin to how patch management is done in Windows, with manual approvals and whatnot.

    Alternatively, as others have mentioned, you can set up any number of management tools (Puppet/CFEngine/Chef/Ansible), and just tell them to keep packages up to date. If you stick to any sort of LTS distro, they won't upgrade to a new distro, but stay patched within an existing one.

    We run Kubuntu LTS desktops, and a mix of Ubuntu LTS and CentOS servers. We use Puppet to keep them all under control, and tell it to keep packages up to date. I know some people still live in this legacy world of wanting to delay packages, but we don't. We subscribe to the same philosophy as places like the US Navy and DoD: better to have an outage from a bad patch, than to have an outage from a compromised system. The impact of the former is to roll back. The impact of the latter can be catastrophic if you can't tell what else on your network the compromise has given people access to.
     
  5. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    Awesome... I'd come across almost every name you guys have listed, but at least now I know I'm coming across all the right things :D:thumbup:

    I guess I just need to sit down and start trying stuff out. Hopefully I don't go too crazy :D
     
  6. JumpingJack

    JumpingJack Member

    Joined:
    Jun 16, 2002
    Messages:
    298
    Dumb question. Could you go old-school with Cron-jo that pulls data locally approved apt-get mirror?

    Windows. You have SCCM and other tools like PDQ inventory/deploy
     
    Last edited: Sep 12, 2016
  7. Alationever

    Alationever Member

    Joined:
    Jun 10, 2014
    Messages:
    56
    You could, but you'd be reinventing the wheel. What happens when you add some Redhat boxes? How are you notified when updates fail? Configuration management has already solved these problems, as well as other problems we've not even considered.
     
  8. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,008
    Location:
    Brisbane
    the answer is Puppet and Spacewalk/Satellite

    add Nagios/Zabbix for monitoring and reporting and walk away
     
  9. elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,813
    Location:
    Brisbane
    APT and YUM both have config available for them to do this for you on a per-machine basis. No cron job required (but you can, if you want to).

    Doing it via Puppet (or any other configuration management tool) means you're centralising the management, and not having to drop scripts on a dozen machines all the time (and every time you rebuild something). This is the smarter way, even for 10 machines.

    The thing about Puppet is you start small and incremental. You put package/patch management in there. Then you decide you need to drop a few handy scripts on machines, update some auth settings, tell them all to point to a different time server or monitoring box, etc, etc, and before you know it you've got a few hundred lines of configuration that are all managed in one place, and make your deployment and/or management time a fraction of what it would be without.

    And they all cost a fortune in licensing. The benefit to open source solutions is you pay for support, not for the product. So you can evaluate, test and roll these things out for free if you want to, and you can pay for support if you want to.

    I've used both RHEL+Satellite in large commercial finance companies, and CentOS+Spacewalk in small start ups. Both work equally as well purely from a product/technical point of view, but you have the option for the expensive commercial support if you want it. And when you pay for support (rather than a product), you tend to get much better support, as that's their whole income generation focus, which means the vendor works hard for it.

    I run two sites right now purely off $0 Ubuntu and Puppet. If we were to change that to Windows and SCCM over night, completely ignoring the upfront migration costs, the per-year licensing costs would be an order of magnitude more expensive to the business (even if you sacked all the Linux admins and replaced them with cheap Windows monkeys).
     
  10. Fred Nurk

    Fred Nurk Member

    Joined:
    Apr 5, 2002
    Messages:
    2,257
    Location:
    Cairns QLD
    You don't use the enterprise support for Puppet?

    Have you looked at the other solutions around (e.g. Chef, Saltstack) or was it just as much a case of familiarity with Puppet and didn't look any further?

    I've been really impressed with some of the quality of the open source documentation for stuff recently, and with a recent investigation into possible document management systems, I've been leaning towards such options where possible.
     
  11. elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,813
    Location:
    Brisbane
    Nope.

    When I inherited the site in 2012, I was given 2 weeks to convert it from an unmanaged, mostly ad-hoc Windows network to a VFX-ready Linux network with no assistance. It was a hard deadline of a new job starting, and no slippage time. That included a lot more than just the OS - essentially the entire platform and application suite (which itself is a non-trivial and very long list of stuff).

    I didn't have the luxury to investigate new tools at the time. Puppet was what I knew well from other jobs (CFEngine too, but I didn't like it), so it got put in with incredible haste.

    I got the site built, the configuration in, and everything working as required. A week after deadline I had to fly to our Sydney office and do the same there in 3 working days.
     

Share This Page

Advertisement: