some ideas

ranty-bulk at bigfoot.com ranty-bulk at bigfoot.com
Fri May 10 11:06:25 CEST 2002


 Hello all,

 After having used FAI a couple of times, and tryed to show some people
 the merits of it some ideas came to my mind.

 Attached goes my thoughts, please comment.

  ranty

-- 
--- Manuel Estrada Sainz <ranty at debian.org>
                         <ranty at bigfoot.com>
			 <ranty at users.sourceforge.net>
------------------------ <manuel.estrada at hispalinux.es> -------------------
God grant us the serenity to accept the things we cannot change, courage to
change the things we can, and wisdom to know the difference.
-------------- next part --------------
UPDATING:
--------
- new task "polishing" runnable from a working system
	- all code run here should be idempotent.
	- the install envirionment could be reproduced on the running system
		- chroot
		- mount --bind
		- make task_setup depend on FAI_ACTION to do the right thing
		  on "update", define a class UPDATE and run a subset of
		  tasks, including "polishing".
		  Warnning: reconfiguring the network could be a problem in a
		  running system.

- A task or class which updates the system via cfengine during the automatic
  install, so the system gets just right and cfengine can be used from then
  on.

- when you do a change in configuration there would be various categories of
  changes:
	- NEEDS_CFENGINE_RUN
		- cfengine may do this already
	- NEEDS_FAI_UPDATE
		- via FAI_ACTION="update"
	- NEEDS_FAI_REINSTALL

  To state that you made a change you would run:
  	fai-changed [cfengine|update|reinstall]

  Clients or the server would keep track of the last date for each type of
  update and the server would keep track of the date of the last change of
  each type. This way any client will know at any time which update it has to
  go through if any. In the case of reinstall, a note could be send to someone
  to reinstall the machine at an apropriate time, or maybe it could be done
  automaticaly at night.

SECURITY:
--------

- when updating, the clients may poll for a push for increased security.
	- This way the server doesn't have to trust the client.
- there could be some special service to get the logs to the server, instead
  of full shell account.



More information about the linux-fai mailing list