[CLUE-Tech] Managing multiple servers (long)

David Anselmi anselmi at americanisp.net
Sun Oct 20 14:43:12 MDT 2002 

Dan Harris wrote:
> I wanted to get some advice from others here on distro suggestions, 
> hopefully without causing an all-out distro war. But we're all adults 
> here, right?

[...]

> I'd really like some advice here from people who have been faced with 
> the problem of managing multiple servers (i expect to be up to 20 
> servers within the next two years).

My advice is to simplify, and be anal about it.

First, all your servers should run the same distro and versions of 
software.  All the packages should be identical on every machine 
(including the test machine you try out *any* changes on).  There is a 
trade off here--you don't want to run a database on a machine that's a 
web server only, but you have to balance that with the difficulty of 
managing more configurations.

Second, all your config files should be as similar as possible and you 
should be able to identify who changed what, when.  You might consider 
putting templates into CVS, with machine specific adjustments (host 
name, IP, etc) made by a script.  I have done this before (on a web 
application, not a whole server) and it worked well.  The process for 
changing a config file and pushing the change out (including what needs 
restarting/rebooting) should be written down and you should follow it 
exactly, always.  There are many ways to manage config files, but in the 
end you should be able to diff everything in /etc on 2 machines and get 
a small number of well understood differences.

Third, document everything.  You should be able to check (easily) what 
packages/versions are installed on each server.  They should be exactly 
the same except for deliberate differences.  You should be able to take 
a bare metal machine, install, update, and configure and know that it 
matches your other servers.  This doesn't have to be difficult--all the 
info should be on the machine.  You just have to be able to find it 
easily (use a script to generate a database, text file, web page, whatever).

Fourth, test any changes you contemplate on an expendable server.  This 
is where documentation is important--the test machine must be exactly 
like the production machines.  Whether you're tweaking a config or 
applying a security patch, do it on the test machine first.  Make sure 
you can follow the same change process on each server, write it down, 
and follow it to the letter (that way you don't forget to restart 
something the 19th time you do it).  Ideally you would have some 
automated tests to make sure the test machine still functions after the 
change.  More than just "does it serve up index.html", more like "does 
it have the same performance profile it did before".

Of course this is a lot of work.  If you're trying to provide 20 servers 
for your hobby activities, it probably isn't worth it.  But if you want 
to provide consistent, reliable service to customers, it's worth the 
effort to build something reliable.

I will also say that the added effort to install packages from source 
probably isn't worth it.  If you have to use source (including source 
you are writing), set up a build process (on a build machine, not a test 
or production server) that will produce a binary package for you.  Then 
you can install it on the test machine, verify it, and use the same 
process to install it on a production machine.  That saves you from 
needing compilers et. al. on your servers (not to mention the 
performance hit when you ask them to compile something).

As far as distros go, Debian seems pretty good.  The update process (apt 
or dselect) is easy to understand, and stable doesn't change except for 
security fixes (which are easy to follow on their mail list).  Probably 
there is a way to get similar features out of an rpm distro, the key is 
how YOU manage it.

In implementing the above, you can take an evolutionary approach.  Start 
by setting up an easy way to list and compare what's installed on each 
server.  Work on standardizing that and setting up a test machine that 
represents the standard.  Once you have one piece (say updating packages 
for security fixes), work on another piece.

I wonder whether there are any tools to help with this problem.  It 
seems that everything is aimed at easing configuration by making web or 
gui front ends.  But they don't seem to address issues of consistency or 
repeatability.  I would think that running Linux on the desktop has a 
similar set of needs.

HTH,
Dave

More information about the clue-tech mailing list