Industrial Linux administrationI manage a bunch of servers, more or less 1000 VMs, running either Debian (lenny,wheezy, jessie) or CentOS (5,6,7).
In order to handle this, I use CFEngine.
- Create the VM
- Add CFEngine repository (apt or yum)
- Install CFEngine (via apt or yum)
- Bootstrap CFEngine
State of the nationI performed the same steps for all VM I installed for the last 3 years.
The main problem I face is the fragmentation of the agents versions: some old installations are still with CFEngine 3.5.x and the latests are on 3.8. This is not a bearable situation: I need to align versions.
Methods and attemptsMy attempts to upgrade CFEngine from CFEngine did not pass tests, mostly because promising version from within CFEngine will remove the package (the running process) and leave the system in an anormal state.
I tried several other ways to do it and specifically for the case of CFEngine package, I will manage it with a script that I'm going to launch outside CFEngine and will upgrade CFEngine (including restart the deamon) then bootstrap from the hub and we're done.
The CFEngine APT & Yum repositoryCFEngine is very kind to provide a repository for their APT or Yum packages. The problem is, if I'm going to massively upgrade my thousand of VMs, there is a small risk of disturbance. As far as I use Artifactory for the development activity, I decided to use its YUm & Apt component to be a cache of CFEngine repository.
How it looks like without ArtifactoryApt source list:
deb https://cfengine.com/pub/apt/packages stable main
Yum repo file
[cfenginerepository] name=CFEngine baseurl=http://cfengine.com/pub/yum/$basearch/ enabled=1 gpgcheck=1
Configure Artifactory to cache those
I need to be adminsitrator of the Artifactory instance. Then I got to the "Admin" section:
Then I go to the "remote" tab, as I want to provide something related to a remote repository:
Next I create a new repository and there I can choose wether I want to setup an Apt or a Yum one:
- What I want as local name for the repository
- The URL of the root of the remote
Specifically for our case,
For the Apt repository:
- Name: cfengine-debian
- URL: https://cfengine.com/pub/apt/packages
For th Yum repository:
- Name cfengine-centos
- URL: http://cfengine.com/pub/yum/x86_64/
How to use thisApt source list:
deb https://artifactory.rktmb.org/artifactory/cfengine-debian stable main
Yum repo file:
[cfenginerepository] name=CFEngine baseurl=https://artifactory.rktmb.org/artifactory/cfengine-centos/ enabled=1 gpgcheck=1
Note that the GPG check is enabled both on Debian and CentOS and as far as this repository is just a cache one, the needed key is the original CFEngine repository key: https://cfengine.com/pub/gpg.key
The local artifactory GPG key is useless in our case now.