It’s late at night, and I’ve been hacking on my home network of Gentoo
Linux boxes. I’ve been performing rigorous analysis and system tests
(does the shit work) for nearly a year. I think it’s all culminating
here and now at 0100 AST 1000 miles off the coast of Florida on the
Caribbean island of Puerto Rico.
One of the biggest challenges in
maintaining more than one Linux box is the updating. The Open Source
community moves so fast, it’s impossible to maintain more than one box
by manual methods (ie performing updates physically yourself via CD or
Internet). You have a couple of options. You buy a distro, slap it in,
install it, firewall the hell out of it, and forget about upgrading for
at least a year. You’ll get lots of work done because you won’t be
constantly tweaking your machine and breaking things every other week,
and you’ll have good solid security more or less for a year. Or you try
to keep up with updates and end up breaking something, having to
install something that is not vendor supported, overwrite something
else, want to remove it, but can’t, and end up wiping and reinstalling
a new version. So on the one hand you don’t have access to usability
upgrades, and new features, on the other you end up spending more time
in administration for your machine than actually doing useful work. A
computer as a tool shouldn’t become the focus of the employee. The
computer must be able to take care of its needs with little interaction
from the user. Or if you prefer, the computer is too important to have
its well-being left in the hands of a user. Say it with me IT
professionals, "If you have to depend on the user for anything, you’ve
failed."
Now, this is where Gentoo comes in. It’s a distribution
based on the source code of the programs themselves. A Sparc, an old
Alpha, an MIPS machine, PPC, Intel, AMD Opteron all update the same
way, automatically, seamlessly. It’s beautiful, in theory of course
In
practice stuff still breaks, libraries still get whacked, and things
sometimes don’t work as advertised. For example, the library issue:
When you compile a program some of them dynamically link to certain
library files, for example openssl-0.9.6 a library for secure socket
layer encryption functions. A literal ton of programs (that’s funny
only if you realise that programs are electrons), link against this
library and use its wonderful features. What happens when you move to
openssl-0.9.7? This happened recently in the Linux world and it was a
pain in the ass.
I mean, you could go through all your binaries
and check to see with what they are linked. If it returns an error,
well there’s your culprit. There are thousands of binaries, and you
don’t want to do this stuff by hand. I really don’t care how long it
takes, I’d just like the computer to take care of it on its own, behind
the scenes, like a secret little administrative agent.
So
this is what I’ve been doing today. Turns out this openssl-0.9.6
business is now trivial thanks to Gentoo’s package tools, namely
revdep-rebuild. It takes a look at your installed package database and
draws all the lines between libraries and programs that link to them,
then recompiles the programs to link against the new library (I think
it just really brute forces the whole issue, but I have to investigate
more thoroughly). Pretty cool, huh? This is actually pretty heady stuff
and a lot more significant than it sounds. It allows you to hit the
moving target that is OSS development, maintaining integrity of your
Linux distribution, taking advantage of the fast pace of development
with absolutely NO manual intervention with any of the hosts you’re
maintaining.
It works like this. You set up a central master
server that is responsible for, downloading, compiling, and serving
packages. The network of client machines each pick up prepackaged and
pretested packages and install them at set intervals, every day if you
like. Gone are the days where you have to either wipe the client’s
machine and reinstall to upgrade, or tell them to just deal with it
until the following upgrade cycle in a year.
Man, it’s late,
and I don’t know why in the hell I decided to write all this down. Just
what I’ve been doing for the past couple of weeks, seamless automatic
maintenance of multiple (hundreds) hosts on a network. This rocks!
Now to bed.