[Infrastructures] ISConf 4 vs. RPM-based LInux distro

[Steve Traugott]

Hi Lance!

You don't want to run yum, apt, or any of the dynamic package fetchers
from an isconf exec (or from any other automated build system) because
the distro vendors have a habit of changing things on the FTP servers
when you aren't looking.  The machines you build next month won't be
the same as the machines you build today, and they might not build at
all.  And trying to maintain a local "frozen" mirror is fragile and
inflexible.  What you want to do instead is make something like a
tarball that acts like a "mini mirror" of just the packages you need
for a given operation; this makes things repeatable.

What you want is the moral equivalent of apt-tar -- it grabs all the
packages you need, as well as their prereqs, and bundles the whole
thing up in a tarball rather than actually installing them.  You run
it on an example target machine so it only gets you the prereqs you
need.  It works by running apt in its dryrun mode, recording what it
*would* have done, and then creating the tarball and install script
accordingly.  I just uploaded the latest version (1.3) to
http://trac.t7a.org/isconf/pub/.

Since apt also asks you config questions, uses the debconf db to store
the answers, and then generates the config files from that, apt-tar
uses a *temporary* debconf db, runs debconf to get your answers, and
applies them during the tarball's install script.

This has all worked very well over the last few years.  The only time
I've heard of anyone breaking it was when Ryan Nowakowski threw an
800-package initial install at it; made a 600M tarball and things
didn't scale very well.  ;-)  I never ran into this because I tend to
use systemimager for initial installs, and do upgrades piecemeal.

I moved to Debian from Redhat in large part because the Debian tools
make these things possible.  Last time I looked (it's been a while),
yum didn't have a good dryrun mode, or something, and <flamebait> like
most Redhat-related stuff is just not as well suited to automation
</flamebait>, and then you've got rpm's way of littering .rpmsave
files everywhere rather than using anything like debconf, so config
files aren't as easy to deal with either.  I still think rpm-based
distros could overcome this, it's just going to take more work.  

If I had to maintain Redhat machines today, I'd probably use apt-rpm
rather than yum, and then use apt-tar to drive it.

Steve

On Wed, Nov 16, 2005 at 05:51:27PM -0500, Lance Brown wrote:
> Greetings,
> 
> I'm considering using ISConf 4 to manage a network of about 50 Linux
> desktops running Fedora Core 4 and have a question about RPM-based
> updates vs. isconf.
> 
> Right now, I have yum running out of cron to install RPM updates when
> they appear on the yum repositories.  It seems to me this would not work
> well under ISConf, or would it?  Does:
> 
> $ isconf exec yum -y update
> 
> make sense?  It feels like it wouldn't to me, but I'm not sure.
> 
> --[Lance]
> 
> -- 
>  My LiveJournal  http://www.livejournal.com/users/labrown/
>  GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9
>  CACert.org Assurer
> _______________________________________________
> Infrastructures mailing list
> Infrastructures@mailman.terraluna.org
> http://mailman.terraluna.org/mailman/listinfo/infrastructures

-- 
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@TerraLuna.Org 
http://www.stevegt.com -- http://Infrastructures.Org