Fai-updater: Difference between revisions

From FAIWiki
Jump to navigation Jump to search
No edit summary
m (+ category)
(14 intermediate revisions by one other user not shown)
Line 1: Line 1:
== fai-updater - run and supervise softupdates on many machines at the same time ==
== fai-updater - run and supervise softupdates on many machines at the same time ==
=== Screenshots ===
Everybody likes screenshots, so here are two. Note: they were done using fai-updater's dry-run mode,
which does not touch the hosts, but feeds fai-updater with random log snippets instead to test the
updaters log parser.
General logic is the following:
* clients are put into the "waiting" queue (the ''right'' column), by default in randomized order
* as soon as a slot in the "running" queue gets free (the second column from the right), the first "waiting" client gets updated/put into the "running" status and stays there until the update task finished
* Depending on the outcome, the client is sorted in one of the first three columns:
** Unreachable: the host was unreachable or the fai softupdate could not be started there
** Error: the updater detected an error during the update (basically, it parses for the error string produced by a logcheck script such as hooks/savelog.LAST in the simple example)
** Success: the update finished and no error was detected
==== Fai-updater in its basic mode ====
[[Image:Fai-updater.png]]
==== Fai-updater with an open logfile viewer ====
[[Image:fai-updater-viewer.png]]
=== License ===
=== License ===
I put this code under the GPLv2
I put this code under the GPLv2
=== Download ===
You can download the FAI updater from here:
[[media:fai-updater-20060321.tgz]]


=== Required packages ===
=== Required packages ===
Line 27: Line 49:
A script using ssh is included, but of course you can edit it to match  
A script using ssh is included, but of course you can edit it to match  
your own needs.
your own needs.
To be able to connect to the clients using the provided libexec/faiupdate,  
To be able to connect to the clients using the provided libexec/faiupdate,  
you need to have some way to access them via ssh as root without entering
you need to have some way to access them via ssh as root without entering
a password.
a password.
A solution for this is to install a matching file as  
A solution for this is to install a matching file as  
/root/.ssh/authorized_keys, start ssh-agent and load the private key  
/root/.ssh/authorized_keys, start ssh-agent and load the private key  
into it _before_ starting fai-updater.
into it _before_ starting fai-updater.
Another, but from a security point of view dangerous, possibility is to
Another, but from a security point of view dangerous, possibility is to
use a passphrase-less ssh private key into the account under which you run  
use a passphrase-less ssh private key into the account under which you run  
Line 45: Line 70:
If you have any questions or suggestions, feel free to write me.
If you have any questions or suggestions, feel free to write me.


Henning Glawe <glaweh@debian.org>
Henning Glawe <glaweh (at) debian (dot) org>
 
 
[[Category:Howto]]

Revision as of 10:29, 17 November 2009

fai-updater - run and supervise softupdates on many machines at the same time

Screenshots

Everybody likes screenshots, so here are two. Note: they were done using fai-updater's dry-run mode, which does not touch the hosts, but feeds fai-updater with random log snippets instead to test the updaters log parser.

General logic is the following:

  • clients are put into the "waiting" queue (the right column), by default in randomized order
  • as soon as a slot in the "running" queue gets free (the second column from the right), the first "waiting" client gets updated/put into the "running" status and stays there until the update task finished
  • Depending on the outcome, the client is sorted in one of the first three columns:
    • Unreachable: the host was unreachable or the fai softupdate could not be started there
    • Error: the updater detected an error during the update (basically, it parses for the error string produced by a logcheck script such as hooks/savelog.LAST in the simple example)
    • Success: the update finished and no error was detected

Fai-updater in its basic mode

Fai-updater.png

Fai-updater with an open logfile viewer

Fai-updater-viewer.png

License

I put this code under the GPLv2

Download

You can download the FAI updater from here: media:fai-updater-20060321.tgz

Required packages

for the frontend, you need the Curses::UI perl module, in Debian you get it via

apt-get install libcurses-ui-perl

On the client side, fai-client is needed and of course a FAI configuration which is update-safe.

Install

Just unpack the tarball.

Command line options

 updater-curses [options] <netgroup|-H host1,host2,...>
 --help            display this help message
 --version         print version
 -o                ordered mode: don't randomize order of hosts
 -s <number>       number of updates running simultanously
 -n                dryrun mode: use a dummy-script instead of really 
                   contacting the clients

Connecting to the clients

A script using ssh is included, but of course you can edit it to match your own needs.

To be able to connect to the clients using the provided libexec/faiupdate, you need to have some way to access them via ssh as root without entering a password.

A solution for this is to install a matching file as /root/.ssh/authorized_keys, start ssh-agent and load the private key into it _before_ starting fai-updater.

Another, but from a security point of view dangerous, possibility is to use a passphrase-less ssh private key into the account under which you run fai-updater.

Some comments on the code

I know the code is quite rough, as though I tried programming cleanly, a lot of hacks have slipped in, and I don't have the time to clean up the code right now due to my diploma thesis' deadline ;)

If you have any questions or suggestions, feel free to write me.

Henning Glawe <glaweh (at) debian (dot) org>