Foreman without Puppet..for software updates

Hello,

I work for a decent sized company where we manage about 200 servers
(windows and Linux). We are Linux (Debian) heavy and I installed foreman to
play around and see if it could help. For the most part it seems like a
great tool but I have a few question I am hoping someone could help me
with. We do not have puppet enterprise at this time and do not wish to
invest the money into it just yet.

How does foreman work with doing system updates on the servers in its
inventory? I don't really need server provisioning as much as just daily
maintenance.

Thanks,
Patrick

Beyond provisioning, Foreman doesn't really interact with systems at
all - it hands that off to the configuration management.

If by "system updates" you mean packages, then I'd look into some
mirroring of the debian packages such that you can decide when to
release a new set of packages into the "production" mirror, and have
your puppet manifests deal with the actual application of those
packages. There are a number of Apt tools out there which can do the
job, I think.

HTH,
Greg

··· On 2 July 2014 15:55, Patrick Helms wrote: > Hello, > > I work for a decent sized company where we manage about 200 servers (windows > and Linux). We are Linux (Debian) heavy and I installed foreman to play > around and see if it could help. For the most part it seems like a great > tool but I have a few question I am hoping someone could help me with. We do > not have puppet enterprise at this time and do not wish to invest the money > into it just yet. > > How does foreman work with doing system updates on the servers in its > inventory? I don't really need server provisioning as much as just daily > maintenance.

> Hey Greg,

Thanks for getting back to me. I have looked through a few options and the
worst part is being such a mixed environment here. I spun up clobber which
can handle repos and such but does not have the nice reporting that foreman
does. I think I'll need to researching combining the two in some fashion.

Thanks again

Patrick,

I feel your pain. I'm in the process of building a Pulp server for yum
repos, so that I can automagically promote repo snapshots through our SDLC
and cherry pick security patches as needed. I'm on the RHEL side of the
world, but for patch reporting, it's not difficult to write custom facts
and report on them through Foreman or even trend them using Foreman.

I'm not sure what equivalents are available in the debian world, but for
systems that are updating against public repos we use the check_yum nagios
plugin to create a few facts that we use Foreman to report on regarding
patches available. We also have deployed custom facts that read from the
logs to build a fact that gives the "last patched" date for each server.
Another fact we wrote was one to report the openssl version, back when
Heartbleed hit the scene. Foreman gives us a nice visualization on all of
those.

Unfortunately, major patching is still a manual process for us, since it
usually involves, complex application shutdowns, snapshots and reboots in a
coordinated effort startup various applications in a certain order across
our servers.

··· On Thursday, July 3, 2014 8:01:45 AM UTC-4, Patrick Helms wrote: > > > >> Hey Greg, > > > Thanks for getting back to me. I have looked through a few options and > the worst part is being such a mixed environment here. I spun up clobber > which can handle repos and such but does not have the nice reporting that > foreman does. I think I'll need to researching combining the two in some > fashion. > > Thanks again >

You have no idea how much I'd would like to find time to add deb
support to Pulp - it was started but never finished, as I understand
it. Chances of me actually finding time are slim however :slight_smile:

Patrick, I did hear about Aptly recently which might be able to
fulfill a similar role to Pulp… but I've not tried it myself.

Greg

··· On 3 July 2014 15:07, Sean Alderman wrote: > Patrick, > > I feel your pain. I'm in the process of building a Pulp server for yum > repos,