From owner-freebsd-pkg@FreeBSD.ORG Fri Sep 20 00:54:10 2013 Return-Path: Delivered-To: freebsd-pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5184888B; Fri, 20 Sep 2013 00:54:10 +0000 (UTC) (envelope-from jason.unovitch@gmail.com) Received: from mail-yh0-x22a.google.com (mail-yh0-x22a.google.com [IPv6:2607:f8b0:4002:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 060C223C4; Fri, 20 Sep 2013 00:54:09 +0000 (UTC) Received: by mail-yh0-f42.google.com with SMTP id z12so4588418yhz.15 for ; Thu, 19 Sep 2013 17:54:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=j4rLMty9b6e752jcBUlzhuYDfqNExTS015cR6VSCUSQ=; b=OjhTsyNjnUzmsm3KZEIefh/dd0jijm330JNG2N1uEKbChI/4yyaXjW62iV4ApNfjJr HA8+HgFecRINjETKD+F2var7m/cNOBkhQmlH/AOJLWTA6CwH9U3YF2Ob1fvCnVTiYdts 3eerI5SFyJTncqM3LqMaj7lAwpK/ctoxMz3uK5J94UkI0OOn1UJ3pnZ9J35HOO85ZU67 ZSur58bx+a0qAEtx+6+Sc7tAdju/Tet9+oDut7B8CfwWv7PanBaH/zoLiHhl/d2C8ucn BdSScXcAb/ynerOGgbGxfqbC1IzTM76FA+tTdauPldekgxNyrqBEGcmUrxu2Gxur5qvb gN+A== X-Received: by 10.236.124.172 with SMTP id x32mr3819199yhh.59.1379638449087; Thu, 19 Sep 2013 17:54:09 -0700 (PDT) Received: from ?IPv6:2001:470:8:955:ac3e:1995:c71e:ef54? ([2001:470:8:955:ac3e:1995:c71e:ef54]) by mx.google.com with ESMTPSA id d26sm14900174yhj.25.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 19 Sep 2013 17:54:08 -0700 (PDT) Message-ID: <523B9CAF.5060002@gmail.com> Date: Thu, 19 Sep 2013 20:54:07 -0400 From: Jason Unovitch User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 MIME-Version: 1.0 To: jgh@FreeBSD.org, freebsd-pkg@freebsd.org Subject: Re: pkg integration spacewalk question References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Sep 2013 00:54:10 -0000 Hi Jason, Some of the functionality looks similar to what is in Puppet. I've been working on finalizing a "how to" running Puppet open source with its Dashboard on an Nginx/Ruby on Rails/MariaDB back-end. Unfortunately I haven't tried any FreeBSD clients yet and only have experience with Linux clients talking to the Puppet on a FreeBSD server. If the pkg integration works as well as integration with the Linux package mangers, declaring having the latest versions of packages would be enough to ensure everything got updated. With a private pkg repo that gets vetted and updated when security issues come up I could see this working rather well for ensuring tight configuration control. Once I get around to testing some FreeBSD clients I'll see how well pkg integration works out. If Puppet doesn't work for you, other options to look into are Cfengine, Chef, and Salt. I've just stuck with the first tool for the job that I tried as it worked well. I'd be more than happy to point you to the how to guide when I'm done as I'm planning on putting it up on the forums for anybody who can benefit from it. Cheers, Jason Unovitch On 09/19/2013 08:00 AM, freebsd-pkg-request@freebsd.org wrote: > Message: 1 > Date: Wed, 18 Sep 2013 16:11:14 -0700 > From: Jason Helfman > To: pkg@freebsd.org > Subject: pkg integration spacewalk question > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > Hello All, > > I am mainly using Linux (RedHat) at work, at the moment, however I am using > FreeBSD as my desktop. A tool I was introduced to recently is SpaceWalk. I > have already had some thoughts shared regarding this tool, but for doing > what little we use of it, it is pretty good. > > http://spacewalk.redhat.com/ > > At a basic level, you can have spacewalk subscribe to modern based > repositories (much like pkg is now), and list the subscribed systems in a > particular group and how out-of-date they may be with software. > > I made a brief inquiry to the development list, and received this feedback: > https://www.redhat.com/archives/spacewalk-devel/2013-August/msg00064.html > > Beyond patching, it is also good for send a remote command to a remote > host, and there are some other features that are worth looking into. > > The reason I bring this up is that I don't know of an Enterprise Level > software package, or even open source, that gives you a view into your > FreeBSD systems, and a tool to manage them effectively. > > Sure I can create a shell script that goes to each server and does a pkg > upgrade, but what do I do for say 500 systems, or more? > > This tool can even update the system using a newer kernel package. I know > about updating all to well, as I wrote the article on implementing your own > FreeBSD Update Server, but could this be done the FreeBSD way with a tool > such as SpaceWalk, or another tool that we may be able to write. > > I believe SpaceWalk could be crafted to handle FreeBSD from a package > point-of-view, and possibly other items such as remote commands, however is > SpaceWalk the right tool? Is there a tool out there that I am unaware of > that does this? > > When I was upgrading systems at my previous position, we had to create a > tool internally that just monitored the kernel versions of the system, but > going to each system individually to upgrade was required. > > Is there a tool that say a business may use for a "dashboard" view of their > infrastructure, and where they stand from a security and patch > point-of-view? > > Many thanks! > > -jgh >