MassMaintenance

Differences between revisions 4 and 5
Revision 4 as of 2007-11-01 04:11:44
Size: 5848
Editor: 12
Comment:
Revision 5 as of 2007-11-01 04:32:15
Size: 6679
Editor: 12
Comment:
Deletions are marked like this. Additions are marked like this.
Line 30: Line 30:
We will choose existing tools and polish them for hardy if possible.
Line 31: Line 33:

 * For mass system maintenance, [http://reductivelabs.com/trac/puppet/wiki/DocumentationStart puppet] seems to be the tool of choice.
  * cfengine was considered and rejected
  * [http://trac.mcs.anl.gov/projects/bcfg2 bcfg2] was briefly discussed. It seems solid but less powerful than puppet.
  * Canonical's "Lanscape" intersects with this area but cannot be the primary solution for Edubuntu in this area.
   * The Lanscape developers are considering integration with puppet.
  * puppet is currently packaged in universe; the packages (client and server) are good.
  * The Ubuntu server team was represented in the BoF and is open to including puppet in main.
  * puppet has not released version 1.0 yet, and is still moving quickly. Luke Kanies (upstream) participated in our BoF and said a 1.0 release may be available by hardy feature freeze, but no promises were made.
   * ogra will monitor the puppet & puppetmaster packages in universe to see if puppet matures sufficiently in time to move into main before hardy feature freeze.

 * For mass user maintenance...?
Line 34: Line 48:
 * Mass system maintenance
  * puppet uses configuration "manifests" and files (for distribution to clients) that live under /etc/puppet/ on the puppetmaster (server). There is no impact here to existing UIs.
  * puppet clients query the puppetmaster for configuration directives and apply these directives to themselves. It is thus possible for locally-made configuration changes to be overwritten by directives from the puppetmaster. (For example, a printer that was installed locally could disappear if the puppetmaster administrator has decided to push out a printers.conf file to the client in question.)

 * Mass user maintenance...?
Line 35: Line 55:
 * puppet upstream is very active and responsive, and eager to see puppet moved into main. The project lead owns a company that sells support for puppet.
Line 37: Line 58:
There is no existing tool to do mass maintenance; no migration to hardy will be necessary.
 * It is desireable to wait for a sufficiently mature version of puppet before it is included in main. The project is moving quickly enough right now that there may be migration issues when upgrading between versions of puppet.
Line 39: Line 62:
 * Jorge Castro has ~1 year of experience implementing puppet in production and was very pleased.
 * Matt Oquist began implementing puppet in production 6 weeks ago and is so far pleased.
Line 41: Line 66:

 * Mass user maintenance tool selection
Line 51: Line 78:
 * Puppet: http://reductivelabs.com/trac/puppet
  '''looks like this is the tool of choice'''
  * upstream development will be monitored to watch for a 1.0 release
  * we will wait and see if it becomes sufficiently mature before hardy feature freeze to move it into main
   * ogra will monitor the puppet & puppetmaster packages in universe
  * good for ensuring a small number of particular users exist locally on a large number of systems
  * great for mass BOX management
  * can do very well in a remote situation, such as a WAN
  * upstream is VERY receptive & responsive
   * Reductive Labs (upstream) sells support for puppet
   * 2/3 of the code in puppet is for testing
 * Cfengine
  * largely being abandoned at this point; syntax problems, extensibility problems, difficult to set up and begin using
  * sensitive to time sync btw client & server; easily broken in this way
 * Bcfg2 : http://trac.mcs.anl.gov/projects/bcfg2 This tool models really well a system so it's possible to get a declarative spec, not a procedural one.
Line 69: Line 81:
 * Lanscape (http://www.canonical.com/projects/landscape)
  * This is a service from Canonical, and can offer much of this functionality.
  * This is not the primary solution for solving these issues in Edubuntu.
 * dsh
 * clusterssh
 * fanout/fanterm (http://www.stearns.org/fanout/README.html)

  * The next sessions should be attended by a person from the server and the landscape team, ogra will care for them to be subscribed.
  * Also, moquist has contacted Luke Kanies (puppet project lead) to see if he can attend remotely
  * Jorge Castro has put puppet into production as well; would be good to get his input

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

Edubuntu is often used in situations with large numbers of systems and users; we will provide tools to maintain these large networks.

Release Note

Rationale

Maintaining 10.000 thin clients, 17.000 desktops/laptops, and 80.000 users dispersed over 10.000 square kilometers is very difficult with the tools currently provided in Edubuntu.

Use Cases

  • Matt has 14 Edubuntu servers in 11 different schools, and his VPN connection to these schools is unreliable. He frequently installs applications by request, and realizes that all the servers should have these applications. He can use the Edubuntu mass system maintenance tool to ensure that configuration changes are applied to these systems.
  • Mart has 14 Edubuntu laptops in one school, and teachers are constantly carrying the laptops around and taking them home. He frequently installs applications and configures network printers by request, and realizes that all the other laptops should also have these changes applied. He can use the Edubuntu mass system maintenance tool to ensure that these configuration changes are applied to all the laptops without his needing to chase them all down.
  • Mort administers 1000 Edubuntu servers in 1000 classrooms throughout Chile, and 35% of these systems have Internet connectivity for only 11 hours per day on average. In addition, 763 of the teachers in these schools have Edubuntu laptops. Mort is responsible for ensuring that all these systems are configured properly for the printers in their buildings, that they have all the correct media packages installed, and that the mode of /usr/bin/pidgin allows only teachers execution privileges. Mort is very happy that the Edubuntu team has provided a mechanism to manage all these details on all these systems!
  • Mary's team administers 100k Edubuntu servers, desktops, and laptops for all the schools in her country. This seems like an insane task, except for the Edubuntu mass system management tool! With this tool Mary's team has complete and secure control over every aspect of each of these systems, even though each system may be running, off, booting, in transport, being repaired, or in a subway tunnel at any given moment.
  • Maggie administers an Edubuntu server with 35.785 user accounts. She is thrilled that she can use the Edubuntu mass user maintenance tool to import, modify, and delete these users in large groups.

Assumptions

  • Administrators who make use of the mass maintenance tools in hardy should have a relatively high level of expertise. These are not necessarily point-and-click easy.
  • The goal is to make/keep the easy things easy, and make the hard things possible. e.g., the complexity of using the tools should scale with the number of systems/users being maintained.

Design

We will choose existing tools and polish them for hardy if possible.

Implementation

  • For mass system maintenance, [http://reductivelabs.com/trac/puppet/wiki/DocumentationStart puppet] seems to be the tool of choice.

    • cfengine was considered and rejected
    • [http://trac.mcs.anl.gov/projects/bcfg2 bcfg2] was briefly discussed. It seems solid but less powerful than puppet.

    • Canonical's "Lanscape" intersects with this area but cannot be the primary solution for Edubuntu in this area.
      • The Lanscape developers are considering integration with puppet.
    • puppet is currently packaged in universe; the packages (client and server) are good.
    • The Ubuntu server team was represented in the BoF and is open to including puppet in main.
    • puppet has not released version 1.0 yet, and is still moving quickly. Luke Kanies (upstream) participated in our BoF and said a 1.0 release may be available by hardy feature freeze, but no promises were made.
      • ogra will monitor the puppet & puppetmaster packages in universe to see if puppet matures sufficiently in time to move into main before hardy feature freeze.

  • For mass user maintenance...?

UI Changes

  • Mass system maintenance
    • puppet uses configuration "manifests" and files (for distribution to clients) that live under /etc/puppet/ on the puppetmaster (server). There is no impact here to existing UIs.
    • puppet clients query the puppetmaster for configuration directives and apply these directives to themselves. It is thus possible for locally-made configuration changes to be overwritten by directives from the puppetmaster. (For example, a printer that was installed locally could disappear if the puppetmaster administrator has decided to push out a printers.conf file to the client in question.)
  • Mass user maintenance...?

Code Changes

  • puppet upstream is very active and responsive, and eager to see puppet moved into main. The project lead owns a company that sells support for puppet.

Migration

There is no existing tool to do mass maintenance; no migration to hardy will be necessary.

  • It is desireable to wait for a sufficiently mature version of puppet before it is included in main. The project is moving quickly enough right now that there may be migration issues when upgrading between versions of puppet.

Test/Demo Plan

  • Jorge Castro has ~1 year of experience implementing puppet in production and was very pleased.
  • Matt Oquist began implementing puppet in production 6 weeks ago and is so far pleased.

Outstanding Issues

  • Mass user maintenance tool selection

BoF agenda and discussion

Tools


CategorySpec

Edubuntu/Specifications/MassMaintenance (last edited 2010-01-21 18:43:01 by 196-210-177-89-wblv-esr-3)