using FAI to maintain (as well as install) systems?

Erik Rossen rossen at freesurf.ch
Thu Oct 9 22:26:01 CEST 2003 

Is there a HOWTO or a recipe available that explains how to use FAI to
*maintain* machines as well as installing them?

I've read the FAI manual, done about 50 installs over the last two
weeks, and I've read the paper at
http://www.infrastructures.org/papers/bootstrap/bootstrap.html.  I like
FAI a lot, but it seems to be missing an obvious method of using the
classes for maintaining machines after they have been installed.  The
following scheme should be adequate for my present needs, but I would
appreciate any pointers from people who have already invented this
wheel.

I should point out that this scheme is meant for maintaining a wide
variety of configurations, from tiny FlashRAM firewalls to workstations
to servers, and not necessarily Debian machines.  I may even end up
using the system to maintain Windows boxes.  It is important that the
method for distributing system changes be simple, secure, and
universally available.  i.e. NFS, SMB, and FTP are out, rsync or CVS
over SSH might be OK, but HTTPSing tarballs and/or diffs looks easiest.

STRATEGY FOR USING FAI FOR KEEPING SYSTEMS UP TO DATE:
- starting with the generated class list of each FAI-created machine (or
  a hand-made class list for those machines not created with FAI),
- each time there is a change in FAI config directory,
- generate (new) package install scripts with: . /etc/fai/fai.conf;
  FAI=/opt/fai/config FAI_ROOT=/ classes=`cat classes_of_machine`
install_packages -t,
- run fcopy for each class list to create a machine-specific tree of
  files, trying to preserve their dates of modification,
- compare new tree with old tree,
- if there is a difference, make a new tarball and/or a recursive diff
  patch file,
- (optionally) upload tarball or patch to outside website,
- client machines check their own directories for new tarballs or patchs
- if there is a new file, download it with HTTPS to /var/spool/fai
- unpack the tarball
- run package install scripts
- copy file trees from unpacked tarball
- run one-time update scripts found in unpacked tarball with a make-like
  system (?)


-- 
Erik Rossen                          ^    OpenPGP key: 2935D0B9
rossen at freesurf.ch                  /e\   "Use GnuPG, see the
http://people.linux-gull.ch/rossen  ---    black helicopters."

More information about the linux-fai mailing list