Here we look at some cool tools that the Linux system administrator will
find useful or even indispensable. The tools we’ll discuss in this article are
all free.
.png)
Puppet is available in both a free open source version and a paid
commercial version known as Puppet Enterprise, which includes extra features
and support. Puppet is used for IT automation, orchestration and reporting.
With Puppet, you can define the desired state of your system, simulate the
changes before implementing them, enforce and deploy the desired state
automatically, and then report the differences between the two states of before
and after Puppet has run and enforced the desired state. The desired state is
defined on the Puppet master, and your Puppet agents will be installed on those
servers that you want to control: the agents will get the desired state from
the master and then implement it.
To understand better how this works here are some examples of what
Puppet is capable of doing; in each example imagine that you have hundreds of
servers that you manage.
·
Control files: Linux is based around files; by modifying files you can
control almost everything. Rather than editing files on different servers in
the way that you require, you can specify this on the puppet master. The puppet
agents will ensure that the same file is present on the server where it is
installed. For example, you have a custom /etc/ssh/sshd_config and /etc/sudoers
file that locks down SSH and gives root access to admins. You can roll out
these files automatically and any future changes with Puppet. If someone such
as an attacker changes or overwrites any of the Puppet controlled files the desired
changes will be put back.
·
Set cron jobs: Puppet can set cron jobs on a server from the Puppet
master on all of your servers, so you can schedule jobs anywhere without having
to manually set these up.
·
Install or remove packages: You can ensure that packages are installed
or removed from your servers. For instance, if you need Apache you can ensure
that it’s always there along with the required configuration files that you
have set. Alternatively, if you want to ensure that Apache is removed you can
set this as well, if someone installs Apache then Puppet will remove it.
·
Ensure services are running: Puppet can check to ensure that services
are running or stopped. For example, you can ensure that Apache is always up
and running. If Puppet detects that Apache is not running it can try to start
the service.
·
Execute commands: You can also set Puppet to run a command on all of
your servers. So, you could use Puppet to run the auto install command for the
Anturis agent to have it installed automatically on all of your servers that
you wish to monitor, saving a lot of time.
It’s important to note that the above only happen when the Puppet agent
completes a run. When this happens it will get the desired configuration from
the Puppet master. By default the Puppet run will happen every 30 minutes.
However, you can change this time.
MCollective is a framework to build server orchestration or parallel job
execution systems. The service is separate to the puppet agent but typically
installed with it. It can scan your network for virtual machines based on
command-line criteria. Then it lets you send them messages - for example, to
find out which ones are down, or to restart the processes on the machine or the
whole machine from one central location. The application is written in Ruby, so
you could copy some of that and adapt it to your specific needs.
The data comes from Puppet, Chef, Facter, and other plugins. It reads
the metadata left behind when you used those tools to build the machines.
Here are some example MCollective commands and a list of what you can do
with the tool:
·
mc-find-hosts: finds all virtual machines.
·
mc-facts shows which machines are located in what countries.
·
mc-service –with-class /dev_server/ httpd status: finds machines that
are running web servers.
·
use mc-rpc to send messages to machines and discover those with errors
when they do not echo back the same message.
·
mc-service –with-class /dev_server/ httpd restart: restarts development
web servers.
No comments:
Post a Comment
Thank You:)