Hacking Gentoo
It’s late at night, and I’ve been hacking on my home network of Gentoo
Linux boxes. I’ve been performing rigorous analysis and system tests
(does the shit work) for nearly a year. I think it’s all culminating
here and now at 0100 AST 1000 miles off the coast of Florida on the
Caribbean island of Puerto Rico.
One of the biggest challenges in maintaining more than one Linux box is the updating. The Open Source community moves so fast, it’s impossible to maintain more than one box by manual methods (ie performing updates physically yourself via CD or Internet). You have a couple of options. You buy a distro, slap it in, install it, firewall the hell out of it, and forget about upgrading for at least a year. You’ll get lots of work done because you won’t be constantly tweaking your machine and breaking things every other week, and you’ll have good solid security more or less for a year. Or you try to keep up with updates and end up breaking something, having to install something that is not vendor supported, overwrite something else, want to remove it, but can’t, and end up wiping and reinstalling a new version. So on the one hand you don’t have access to usability upgrades, and new features, on the other you end up spending more time in administration for your machine than actually doing useful work. A computer as a tool shouldn’t become the focus of the employee. The computer must be able to take care of its needs with little interaction from the user. Or if you prefer, the computer is too important to have its well-being left in the hands of a user. Say it with me IT professionals, "If you have to depend on the user for anything, you’ve failed."
Now, this is where Gentoo comes in. It’s a distribution based on the source code of the programs themselves. A Sparc, an old Alpha, an MIPS machine, PPC, Intel, AMD Opteron all update the same way, automatically, seamlessly. It’s beautiful, in theory of course
In practice stuff still breaks, libraries still get whacked, and things sometimes don’t work as advertised. For example, the library issue: When you compile a program some of them dynamically link to certain library files, for example openssl-0.9.6 a library for secure socket layer encryption functions. A literal ton of programs (that’s funny only if you realise that programs are electrons), link against this library and use its wonderful features. What happens when you move to openssl-0.9.7? This happened recently in the Linux world and it was a pain in the ass.
I mean, you could go through all your binaries and check to see with what they are linked. If it returns an error, well there’s your culprit. There are thousands of binaries, and you don’t want to do this stuff by hand. I really don’t care how long it takes, I’d just like the computer to take care of it on its own, behind the scenes, like a secret little administrative agent.
So this is what I’ve been doing today. Turns out this openssl-0.9.6 business is now trivial thanks to Gentoo’s package tools, namely revdep-rebuild. It takes a look at your installed package database and draws all the lines between libraries and programs that link to them, then recompiles the programs to link against the new library (I think it just really brute forces the whole issue, but I have to investigate more thoroughly). Pretty cool, huh? This is actually pretty heady stuff and a lot more significant than it sounds. It allows you to hit the moving target that is OSS development, maintaining integrity of your Linux distribution, taking advantage of the fast pace of development with absolutely NO manual intervention with any of the hosts you’re maintaining.
It works like this. You set up a central master server that is responsible for, downloading, compiling, and serving packages. The network of client machines each pick up prepackaged and pretested packages and install them at set intervals, every day if you like. Gone are the days where you have to either wipe the client’s machine and reinstall to upgrade, or tell them to just deal with it until the following upgrade cycle in a year.
Man, it’s late, and I don’t know why in the hell I decided to write all this down. Just what I’ve been doing for the past couple of weeks, seamless automatic maintenance of multiple (hundreds) hosts on a network. This rocks!
Now to bed.