Puppet users - Sep 2013 - Using Puppet for remote config management of offline machines?

Hello all,

I''m working with a Kenya-based non-profit (tunapanda.org) that uses OSS
to
provide computing resources to schools where bandwidth is either 
nonexistent or prohibitively expensive. We provide a customized 
Edubuntu/LTSP setup which will host local versions of useful online 
resources like Kahn Academy (via ka-lite), Wikipedia (via Wikipedia For 
Schools), etc. 

I''m serving as a sort of Linux/tech advisor to them, and am looking
into
ways to provide updates to configuration files on classroom servers that...

   - Are not physically accessible to me
   - Are not online (local reps can download updates to a USB drive and 
   bring it to the server)
   - Do not have much in the way of local technical expertise, so 
   deployment will need to be fairly straightforward/scriptable

I don''t have much experience with tools like Puppet, Chef, etc, but
after
reading through some of the docs, it sounds like Puppet might be able to do 
exactly what I want. Before I put too much effort into it, I hope I can run 
my ideas by y''all for a sanity check and ask some questions: 

   1. If I maintained a master image configured via a set of Puppet 
   manifests, could I just periodically put those manifests online, have 
   someone in Kenya download them to a USB drive, copy them to the server, and 
   run "puppy apply..." on them? 
   2. If they first backed up the server''s previous set of manifests,
would
   they be able to roll back changes in case of a problem?
   3. Is there a better approach? Any other suggestions for things 
   (including tools other than Puppet) to look at?

Thanks in advance to anyone who can help!

--Brad 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

On Wednesday, September 11, 2013 10:48:58 AM UTC-5, Brad Smith
wrote:
>
> Hello all,
>
> I''m working with a Kenya-based non-profit (tunapanda.org) that
uses OSS
> to provide computing resources to schools where bandwidth is either 
> nonexistent or prohibitively expensive. We provide a customized 
> Edubuntu/LTSP setup which will host local versions of useful online 
> resources like Kahn Academy (via ka-lite), Wikipedia (via Wikipedia For 
> Schools), etc. 
>
> I''m serving as a sort of Linux/tech advisor to them, and am
looking into
> ways to provide updates to configuration files on classroom servers that...
>
>    - Are not physically accessible to me
>    - Are not online (local reps can download updates to a USB drive and 
>    bring it to the server)
>    - Do not have much in the way of local technical expertise, so 
>    deployment will need to be fairly straightforward/scriptable
>
> I don''t have much experience with tools like Puppet, Chef, etc,
but after
> reading through some of the docs, it sounds like Puppet might be able to do
> exactly what I want. Before I put too much effort into it, I hope I can run
> my ideas by y''all for a sanity check and ask some questions: 
>
>    1. If I maintained a master image configured via a set of Puppet 
>    manifests, could I just periodically put those manifests online, have 
>    someone in Kenya download them to a USB drive, copy them to the server,
and
>    run "puppy apply..." on them? 
>    2. If they first backed up the server''s previous set of
manifests,
>    would they be able to roll back changes in case of a problem?
>    3. Is there a better approach? Any other suggestions for things 
>    (including tools other than Puppet) to look at?
>
>
1. Yes, absolutely.

2. No, not reliably.  The old manifests could be re-applied, but that is 
not at all the same as a rollback.  You cannot ''undo''
application of a
Puppet catalog because many of the actions Puppet performs to change the 
state of the system are inherently non-undoable.  Execs are the poster 
child there, but they are by no means the only example.

3. Maybe.  One possibility would be to provide full system images.  
Especially if you put user home directories on a separate file system, you 
could wipe and replace the system part of each machine to perform updates.  
The images could be tested pretty well in the lab before they are sent to 
the field, and they could be completely reverted by wiping again and 
putting an old image back in place.  The update process would consume a lot 
more time, though, and you might have trouble with locally-installed 
software.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

this blog by Chris McClimans might be of interest for you

http://www.instantinfrastructure.org/

On 12 Sep 2013, at 20:13, jcbollinger <John.Bollinger@stJude.org> wrote:
> 
> 
> On Wednesday, September 11, 2013 10:48:58 AM UTC-5, Brad Smith wrote:
>> 
>> Hello all,
>> 
>> I''m working with a Kenya-based non-profit (tunapanda.org) that
uses OSS to provide computing resources to schools where bandwidth is either
nonexistent or prohibitively expensive. We provide a customized Edubuntu/LTSP
setup which will host local versions of useful online resources like Kahn
Academy (via ka-lite), Wikipedia (via Wikipedia For Schools), etc.
>> 
>> I''m serving as a sort of Linux/tech advisor to them, and am
looking into ways to provide updates to configuration files on classroom servers
that...
>> Are not physically accessible to me
>> Are not online (local reps can download updates to a USB drive and
bring it to the server)
>> Do not have much in the way of local technical expertise, so deployment
will need to be fairly straightforward/scriptable
>> I don''t have much experience with tools like Puppet, Chef,
etc, but after reading through some of the docs, it sounds like Puppet might be
able to do exactly what I want. Before I put too much effort into it, I hope I
can run my ideas by y''all for a sanity check and ask some questions:
>> If I maintained a master image configured via a set of Puppet
manifests, could I just periodically put those manifests online, have someone in
Kenya download them to a USB drive, copy them to the server, and run "puppy
apply..." on them?
>> If they first backed up the server''s previous set of
manifests, would they be able to roll back changes in case of a problem?
>> Is there a better approach? Any other suggestions for things (including
tools other than Puppet) to look at?
> 
> 1. Yes, absolutely.
> 
> 2. No, not reliably.  The old manifests could be re-applied, but that is
not at all the same as a rollback.  You cannot ''undo''
application of a Puppet catalog because many of the actions Puppet performs to
change the state of the system are inherently non-undoable.  Execs are the
poster child there, but they are by no means the only example.
> 
> 3. Maybe.  One possibility would be to provide full system images. 
Especially if you put user home directories on a separate file system, you could
wipe and replace the system part of each machine to perform updates.  The images
could be tested pretty well in the lab before they are sent to the field, and
they could be completely reverted by wiping again and putting an old image back
in place.  The update process would consume a lot more time, though, and you
might have trouble with locally-installed software.
> 
> 
> John
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscribe@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.