On Mon, 2005-03-07 at 14:15 -0700, Dan Parrish wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sean Cook wrote: > | I am looking for a good starting point to learning how to manage groups > | of machines. We have around a dozen or so machines most of them running > | Fedora Core 2. Because of stability issues that I have run into I am > | trying to come up with a migration plan to gentoo. My fear is that > | administration of these machine will quickly get out of hand. > | > | I have heard of ways to more easily manage large numbers of machines and > | am looking for a nudge in the right direction. > | > | thank you. > | > | Regards, > | > | Sean > | > | -- > | [email protected] mailing list > | > > Some tips for saving yourself time doing repetitive things: > > 1. Build a centralized loghost. This is pretty easy to do with > syslog-ng. Having all the pertinent logs for all your hosts available > on one machine will save you bunches of time down the road from not > having to log into each machine individually just to check up on it. > > 2. Install logwatch or some other logfile-parsing program. If you miss > something throughout the day, at least logwatch will email you each > night to alert you to some issues and such. > > 3. You also might want to look into setting up hostkey-auth-based > logins between the machines...I'd use one machine as your trusted host, > and set the other machines to only allow ssh from that one machine. > You'll limit the number of open ssh ports on your network to the outside > world, but you also have that single point of failure that can ruin a > weekend if it goes down. Hostkey-auth is more secure than password-auth > in ssh, but if your one trusted host gets exploited, then it's easier > for them to get into your other machines...It's got some plus and some > minus, but I think it's worth it. > > There's my 2cents for now. Good luck. :-) > - -Dan
I have most of this done already... I guess what I am really looking for is package management / security updates and building new machines. -- [email protected] mailing list
