eli engineering s linux management environment timeline
play

ELI Engineering's Linux Management Environment Timeline The Surge - PowerPoint PPT Presentation

Dec 25, 2022 •118 likes •613 views

ELI Engineering's Linux Management Environment Timeline The Surge Started Jan 2014, Targeted End: Jan 2015 Real End: Summer 2015 (1.5 years) Standardized on CFEngine, Cobbler, SL6 TheLinux 2.0 What we called ELI

  1. ELI Engineering's Linux Management Environment

  2. Timeline • “The Surge” • Started Jan 2014, Targeted End: Jan 2015 • Real End: Summer 2015 (1.5 years) • Standardized on CFEngine, Cobbler, SL6 • “TheLinux 2.0” • What we called ELI before we had a name • Start: July 31, Summer 2015 • End: Start of Fall Semester 2016

  3. Goals and Objectives Processes and Documentation For the User Lifecycle and Integration Goals/Objectives Goals/Objectives To provide easy, diverse, and flexible user solutions • Goals/Objectives • To produce salient, reproducible, and consistent Notes practices internally • To Develop tools and processes that apply across Linux • "Some" level of support for BYO machines/devices Notes • Self provisioning of systems generations • Standards for scripts/tools created here • Encapsulation and isolation of environments • To coexist with org needs and best practices • Makes Linux meet client needs without making IT crazy A full featured test environment and processes • • Give the user control/choices Notes Include as few in-house tools as possible • • Multiple window managers - Cinnamon/Mate/GnomeShell Documentation and decision log for core infra • Inventory/End-of-life metadata • • Helpldesk role in Linux support, management Granular software deployment • • Dinosaur Control! - Sys Age mgmt • Flexible to meet customer needs/desires • Proper and full dev environment • Printing just works • Continuous Transition Process • Sane licensing of software controls • Software versioning (Matlab 2014/2015/2016/…) Central logging • • Self-documenting • Mainstream stable OS selection • More modern infrastructure/tools - git, cfengine, cobbler • Handle kernel upgrades • Process for component and service requests • Make sense within greater org policies (AD Audit) • Distro agnostic Understandability and documentation • • Flexible in SW and config methods applied • Upgrade path for SL6 Technical support from manufacturer or developers • • Because they want Ubuntu • Backwards compatibility Provision for "islands" • • Low touch baseline Client builds not dependent on backend/infra builds • • Easy to roll out, duplicate many systems Pain Points Data Access Flexible, Modular, Highly Available Goals/Objectives Goals/Objectives Goals/Objectives • To attempt to reduce limitation of the current • To provide access to data on modern storage in a • To provide robust and customizable solutions managed linux environment secure and flexible manner Notes Notes Notes Independent/modular pieces - PXE install, policy • Larger var part Home fileserver compat w/ newer NFS • updates, etc • Install on system under 20 GB File shares with user accessible snapshots • Options for local replication in case of network • • Symlink controls (www -> /home) Integration with user cloud storage • failure • • Network + Locally Deployable • Enhanced security on homes/shares • High availability & no single point of failure • Cluster support • Mobile capable • Works on the cloud • Handle disconnected systems Campus Integration Discretionary access control for admins • • Leverage existing features - cobbler, software, Goals/Objectives Deals w/ H.W. acceleration dependent window • policies To integrate our linux deployments with campus • managers Cobbler, ipmi support, ipam, - Do Cobbler better • services to provide an easy and intuitive method for Granular Security (Frank) • Enterprise Container Management • users to access, use and share systems, services, and Control system updates • Keep module like system • data Distributed module sources - like Local@ARI • Notes Other campus services available to clients (web stuff, • box, campus cluster, etc) Reuse existing resources when possible • AD integration - authentication, permisssions • Common authentication & authorization • • Leverage campus authoritative authentication/authorization + general services

  4. Components • Provisioning/OS Deployment • Systems Database/Inventory • Configuration Management • Software/Package Management • Authn/Authz • File sharing • Lifecycle Management

  5. Integration • Sprints: • Integration 1A Start Date: October 9, 2015 • Integration 1B Start Date: November 2, 2015 • Integration 2A Start Date: January 4, 2016 • Integration 2B Start Date: February 1, 2016 • Integration 3A Start Date: February 8, 2016 • Integration 3B Start Date: February 29, 2016 • Integration 4A Start Date: March 21, 2016 • Integration 4B Start Date: April 24 2016 • Component Level Testing • Verify that components can interact successfully. • Solution Level Testing • Combination of components can provide the needful

  6. ELI Infra Diagram

  7. Key Differences • Flexibility • One size fits all vs. meets individualized needs • Modularity • Monolothic design vs. Component design • TheLinux all-or-nothing vs. ELI pick and choose • Highly Available • Single point of failure vs. no single points of failure

  8. ELI Provisioning

  9. Pr Provisioning • What were we looking for? • Baremetal provisioning • Supports RedHat/CentOS • Supports Debian/Ubuntu • What products did we consider? • Cobbler • Foreman • Satellite/Spacewalk • JuJu

  10. Pr Provisioning (cont.) • JuJu • Does not support RedHat/CentOS • Foreman • Requires Puppet just to install • Assumes you will use Puppet as config management • Satellite/Spacewalk • Uses Cobbler under the hood • Satellite was $$$$ • Spacewalk had uncertain future due to release of Satellite 6 • Winner is: • Cobbler

  11. Sy Systems Database • What we wanted: • Store the following: • Machine Name • Machine Model • Machine Serial Number • Operating System Distribution version • Machine Owner • OU • Warranty End Date • Location • Machine Birthdate • Integration with Cobbler

  12. Sy Systems Database (cont.) • What products did we consider? • OCS Inventory • Cobbler • Tech Services CDB • AITS CMDB • DIY • DIY was last option • Tech Services CDB • Too simplistic • Not extensible • OCS Inventory • Too complex • Required agent • AITS CMDB • Did not have REST API ready for others • Needed for Cobbler integration • Cobbler wins again!

  13. Sy Systems Database (cont.) • How does one use a provisioning tool as a systems database? • The same way you mold steel…heat the hell out of it and bang it with a hammer! • Cobbler keeps a database (JSON) of all systems • Made sense to see if we could just add some more metadata fields • Written in Python with Django web frontend. • Find the right files, and edit the source code.

  14. Screenshots

  15. ELI Configuration Management

  16. So many choices There are many options when choosing a configuration management system: • Ansible • SaltStack • Puppet • Chef • CFEngine • Fabric • etc...

  17. Our requirements Our requirements for a config management system were: • Easy to install, configure, and automate • Modular • Doesn't require special software compilation • Doesn't need a special SDK • Doesn't have crazy dependencies • Supports running from a Git checkout • Is idempotent - (only changes configs when it needs to) • Is at least somewhat self-documenting • Isn't overly complicated and doesn't have too many moving parts • Continuous management - (not fire-and-forget)

  18. The finalists After testing and deliberating for a few months on which system to use, we had two finalists: • Ansible • SaltStack

  19. Why Ansible? Ansible is the new hot thing in the world of config management • Very simple to use • Agentless - (Doesn't require a special client to be installed on the system) • Reasonably self-documenting • Very small and modular • The “master” server can be anything - (laptop, VM, physical server, etc.) • Written in Python • Supports acting on external data from things like cobbler • Officially supported and backed by RedHat

  20. Why SaltStack? SaltStack is like a better version of Puppet written in Python instead of Ruby: • Still pretty simple to use • Reasonably self-documenting • Modular • Written in Python • Supports acting on external data from things like cobbler It’s a traditional client/server setup where an agent is required on the systems being managed and uses a special key to authenticate the client to the master.

  21. First we tried Ansible • Ansible seemed like the thing to try if we wanted to be forward thinking and modular. • Plus it’s easy to use and new admins could get up to speed quickly.

  22. Scaling Issues • We pushed our configs to 400+ freshly built hosts • It took over 45 minutes to push our configs to these 400 hosts and some of them broke in the process. • 190 of the 417 were left in a completely unusable and inaccessible state • Ansible is insanely CPU intensive • We were seeing file descriptor out of range errors during ansible runs before they failed • Yum seems to get corrupted very easily from failed ansible runs • The number of forks can be an issue

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

Notes on Running Dsniff and the Lab Network Environment Cyber Security Lab 2/16/10 1 General Overview 1.1 Initial machine configuration Outside World DMZ Management 192.168.50.50 192.168.50.60 Dmz 192.168.50.0/24 FW1 Outside =

182 views • 4 slides
The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State

The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State

The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State University Linux Flavors There are many different distributions of the Linux operating systems. Some of the most popular are as follows: Ubuntu

373 views • 10 slides
Engineering with the Engineering with the Environment Environment working with the environment

Engineering with the Engineering with the Environment Environment working with the environment

Engineering with the Engineering with the Environment Environment working with the environment to working with the environment to improve access improve access Mike James, Peter ONeill and David Salter Access and the poor Access and the

949 views • 27 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Value Engineering Proposals Overview 1 Value Management Office 2 The Value Management

Value Engineering Proposals Overview 1 Value Management Office 2 The Value Management

Value Engineering Proposals Overview 1 Value Management Office 2 The Value Management Offices seven programs can be seen here on the timeline of a project. As you can see the programs cumulatively span the entire life cycle of a project

337 views • 17 slides
Topics: 1. Advanced task management schemes 2. Binding to the Linux architecture Tasks vs

Topics: 1. Advanced task management schemes 2. Binding to the Linux architecture Tasks vs

MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Topics: 1. Advanced task management schemes 2. Binding to the Linux architecture Tasks vs processes Types of traces User mode process/thread

1.58k views • 130 slides
$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to Linux Linux filesystem The terminal Basic Linux commands Some tips and tricks User and group management File and owner

1.26k views • 72 slides
Process Management Outline Main concepts Basic services for process management (Linux

Process Management Outline Main concepts Basic services for process management (Linux

9/9/19 Process Management Outline Main concepts Basic services for process management (Linux based) Inter process communications: Linux Signals and synchronization Internal process management Basic data structures: PCB.

479 views • 46 slides
Embedded Linux Conference San Diego 2016 Linux Power Management Optimization on the Nvidia

Embedded Linux Conference San Diego 2016 Linux Power Management Optimization on the Nvidia

Embedded Linux Conference San Diego 2016 Linux Power Management Optimization on the Nvidia Jetson Platform Merlin Friesen merlin@gg-research.com Linux Power Management Optimization on Nvidia Jetson About You Target Audience - The

494 views • 45 slides
Basic Linux Original slides from GTFO Security outline Linux What it is? Commands

Basic Linux Original slides from GTFO Security outline Linux What it is? Commands

Basic Linux Original slides from GTFO Security outline Linux What it is? Commands Filesystem / Shell Package Management Services run on Linux mail dns web central authentication router

1.55k views • 23 slides
Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment

Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment

Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment Greatly reduces time to: deploy new hosts - because the best way to standardise is to automate. fix problems - because everything is built

835 views • 80 slides
International Conference on Management, Engineering and Environment -ICMNEE 2018 - SCC Obrenovac,

International Conference on Management, Engineering and Environment -ICMNEE 2018 - SCC Obrenovac,

International Conference on Management, Engineering and Environment -ICMNEE 2018 - SCC Obrenovac, Obrenovac, Republic of Serbia October 11-12, 2018 Paper presentation plan Day 1, Thursday, October 11, 2018 11.40-12.20 LECTURES BY INVITATION

200 views • 4 slides
Software Development in Engineering and Science (SDES) Using Linux Tools FOSSEE team (In

Software Development in Engineering and Science (SDES) Using Linux Tools FOSSEE team (In

Software Development in Engineering and Science (SDES) Using Linux Tools FOSSEE team (In particular: Puneet Chaganti, C. Madhusudan, Asokan Pichai, 2010) Department of Aerospace Engineering IIT Bombay FOSSEE (IIT Bombay) Using Linux Tools

1.02k views • 83 slides
Emerging Technologies in Traffic Incident Management Penn State Traffic Engineering & Safety

Emerging Technologies in Traffic Incident Management Penn State Traffic Engineering & Safety

Emerging Technologies in Traffic Incident Management Penn State Traffic Engineering & Safety Conference December 8, 2017 The TIM Timeline Source: Federal Highway Administration The TIM Timeline Source: Federal Highway Administration

422 views • 41 slides
How 1000+ Greek schools How 1000+ Greek schools switched to Debian-based switched to

How 1000+ Greek schools How 1000+ Greek schools switched to Debian-based switched to

LTSP Manager LTSP Manager LTSP Manager LTSP Manager How 1000+ Greek schools How 1000+ Greek schools switched to Debian-based switched to Debian-based distributions distributions Alkis Georgopoulos (alkisg) Alkis Georgopoulos (alkisg)

426 views • 27 slides
SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes

SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes

SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes Zhenzhen Bao Jian Guo San Ling Yu Sasaki FSE 2019 March 27, 2019 @ Paris, France 1/67 Outline Introduction On Security On Implementation

1.13k views • 67 slides
HMMs for Speech 1 Transitions with Bigrams 2 Decoding Finding the words given the

HMMs for Speech 1 Transitions with Bigrams 2 Decoding Finding the words given the

HMMs for Speech 1 Transitions with Bigrams 2 Decoding Finding the words given the acoustics is an HMM inference problem We want to know which state sequence x 1:T is most likely given the evidence e 1:T : * x argmax p x | e ( )

556 views • 29 slides
Bare Metal DevOps Chris Read @cread Core Principles Agile Infrastructure Machines

Bare Metal DevOps Chris Read @cread Core Principles Agile Infrastructure Machines

Bare Metal DevOps Chris Read @cread Core Principles Agile Infrastructure Machines as Cattle Automation Communication GOTO Chicago @cread Agile Infrastructure Use configuration management! Test Rebuild

822 views • 19 slides
LENA: A multipurpose detector for low energy neutrino astronomy and proton decay Teresa Marrodn

LENA: A multipurpose detector for low energy neutrino astronomy and proton decay Teresa Marrodn

Introduction to LENA Liquid scintillator developments LENA physics Outlook: LAGUNA Summary LENA: A multipurpose detector for low energy neutrino astronomy and proton decay Teresa Marrodn Undagoitia tmarroda@ph.tum.de Institut E15

567 views • 23 slides
Deploying large-scale virtual infrastructures with Kadeploy3 Luc Sarzyniec, S ebastien Badia,

Deploying large-scale virtual infrastructures with Kadeploy3 Luc Sarzyniec, S ebastien Badia,

Deploying large-scale virtual infrastructures with Kadeploy3 Luc Sarzyniec, S ebastien Badia, Emmanuel Jeanvoine, Lucas Nussbaum Grid5000 Plan 1 Introduction Kadeploy3 Kabootstrap Our experiment 2 Scalability challenges 3 Experiment 4

205 views • 18 slides
Status Ubuntu 8.04 LTS mit FAI FAI-Setup for MPP-Computers, currently focused on ILC/Belle Martin

Status Ubuntu 8.04 LTS mit FAI FAI-Setup for MPP-Computers, currently focused on ILC/Belle Martin

FAI Why Ubuntu? Current Status Experiences Status Ubuntu 8.04 LTS mit FAI FAI-Setup for MPP-Computers, currently focused on ILC/Belle Martin Ritter 2009-02-06 Martin Ritter Status Ubuntu 8.04 LTS mit FAI FAI Why Ubuntu? Installation

215 views • 20 slides
Automatic testing and certification procedure for IGI products in the EMI era and beyond Sara

Automatic testing and certification procedure for IGI products in the EMI era and beyond Sara

Automatic testing and certification procedure for IGI products in the EMI era and beyond Sara Bertocco INFN Padova on behalf of IGI Release Team Manchester, 10 April 2013 EGI Community Forum 2013 IGI IGI Italian Grid Infrastructure

359 views • 15 slides

More recommend