You are not logged in.

#1 2018-09-06 20:59:07

discord
Member
Registered: 2013-02-06
Posts: 7

distro agnostic enterprise linux solutions

I work for a medium size organization and am interested in enterprise linux solutions that are platform agnostic. These solutions would be used to provide linux laptops for our devs, if they so choose.

The requirements for enterprise solutions have been vaguely defined as

(1) set policies from a centralized server and have them be adopted
(2) have clients receive regular software and policy updates
(3) have policy mgmt server and all clients forward relevant logs

Spacewalk https://spacewalkproject.github.io/ seems to be oriented towards redhat based distros, but I've read it has limited support for debian. Something more platform agnostic might not exist. Ideally I'd like to find something that could support the major distros and also smaller distros like arch. Anyhow I was wondering if anyone had some other similar projects that I should take a look at.

Offline

#2 2018-09-06 21:20:41

Awebb
Member
Registered: 2010-05-06
Posts: 5,206

Re: distro agnostic enterprise linux solutions

That sounds like a Windows admin trying to Linux. Ansible or Puppet, perhaps?

Offline

#3 2018-09-07 05:35:35

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,276

Re: distro agnostic enterprise linux solutions

Sounds like Red Hat virtual machines thin clients to me


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2018-09-07 08:26:47

demaio
Member
From: Germany
Registered: 2012-09-02
Posts: 85
Website

Re: distro agnostic enterprise linux solutions

I use Saltstack for managing a few hundred workstations and laptops and a few dozen servers and 60 VPN-routers with different OS (mainly Ubuntu, Windows and Debian). I even have a few (30) Arch Linux boxes (mainly used as thin clients with a web browser, RDP client and Libreoffice) but the maintenance of a custom stable repo instead of the fast-moving official repos is too time-consuming for our limited resources. The Saltstack server is Arch though.

We used ansible before and still use it for some automation tasks, but it is hard to manage the "road-warrior" (laptop) clients with it, especially the windows ones. Salt minions initiate a permanent connection to the server which is easier for us because we can have a very dynamic infrastructure without caring much for DNS and/or IP addresses. The saltstack system manages big part of the OS installation, software updates and the configuration/policy of the machines.

Compared to the other distributions, it was very easy to do fully automatic Arch installations with some special disk partitioning (dual boot with an Arch rescue system). Nearly every aspect of system administration is very easy with Arch (thanks to pacman and repo management scripts and of course the Wiki). Only the fast pace of the repo updates is a problem (for me) for which I have not yet found a resource-friendly solution. I would love to see/make a long-time stable repository for Arch but I guess there is not much community interest in it exactly because of limited resources/man-power. After all, Arch is a rolling distro...

So I really would like to recommend Arch and Saltstack if you can cope with the speed and other issues of repository updates, otherwise you can use Debian/Ubuntu together with Saltstack (as we do).

Arch Linux plays a central role in our setup: Did I mention that we use a custom PXE-booted ArchISO, just to install Debian, Ubuntu and salt-minion? It doesn't sound "enterprise" but it works.


Home is where my Arch is

Offline

#5 2018-09-09 09:02:02

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 2,543

Re: distro agnostic enterprise linux solutions

demaio wrote:

Only the fast pace of the repo updates is a problem (for me) for which I have not yet found a resource-friendly solution. I would love to see/make a long-time stable repository for Arch but I guess there is not much community interest in it exactly because of limited resources/man-power. After all, Arch is a rolling distro...

So I really would like to recommend Arch and Saltstack if you can cope with the speed and other issues of repository updates, otherwise you can use Debian/Ubuntu together with Saltstack (as we do).

If it's too resource-intensive to maintain a custom repo where you test each package as it comes into the official repos, you could use the https://wiki.archlinux.org/index.php/Arch_Linux_Archive to pin the repos to a weekly state, giving you a week of no updates (and no security updates either) while you check to make sure no issues have cropped up over the past week and devise coping strategies in the unlikely event something did.

Some people don't even update more often than weekly anyway... but using pinned Archive repositories means you won't end up with 404 errors when trying to pacman -S newpkg (that was just updated by the Devs/TUs) without doing a potentially unstable -Syu.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#6 2018-09-10 18:57:24

demaio
Member
From: Germany
Registered: 2012-09-02
Posts: 85
Website

Re: distro agnostic enterprise linux solutions

Eschwartz wrote:

If it's too resource-intensive to maintain a custom repo where you test each package as it comes into the official repos, you could use the https://wiki.archlinux.org/index.php/Arch_Linux_Archive to pin the repos to a weekly state, giving you a week of no updates (and no security updates either) while you check to make sure no issues have cropped up over the past week and devise coping strategies in the unlikely event something did.

Yes, that's how I do it, although the "week" is a bit longer here ;-) This strategy raises a few questions for me but I don't want to go off-topic... I will open a new thread if I can't find an answer.

Regarding the topic: the tools mentionend in this thread (at least ansible and saltstack, never tried puppet) are able to deal with different distros to certain degree, e.g. the saltstack module "pkg.install" calls pacman on Arch, apt-get on Debian and custom installation script on Windows. But for things like e.g. package names and configuration file paths, you have to take care of the differences between distros by yourself.


Home is where my Arch is

Offline

Board footer

Powered by FluxBB