RLSC Updates: 2/13/2015

Quick update items for the upcoming RLSC meeting (2/13/15 @ 1:30pm MRC 246)

Updates from OIT Central Systems Integration team

  • Completion of the new RedHat Satellite for campus has been delayed until March.  RedHat is not releasing anymore temporary entitlements until after the end of their fiscal year (this is the last month).
  • With the satellite entitlement delay, a decent amount of progress is being made with foreman.  Current area of work includes PXE and kickstart (close to being able to image a machine on the production network).
  • Analog paging being deprecated 3/1/2015.  There isn’t a way to remove somebody from putting something in analog paging w/o code re-write, but we can get everybody out that may be using it today.  Also, want to make sure those folks are using SMS and/or email so if they have something in monitoring there is at least one good source to notify on.
  • Will be rebooting the remaining Unity Linux environment to cover latest kernel updates.  This will take down things like Jabber, MySQL, AFS, monitoring, LDAP, ftp, printing, OIM, Wolfware.

Updates from Realm 7 Linux Committee

  •  Our current deadline for offering a “General Availability” Realm 7 candidate to campus is March. Once the satellite is up and properly supporting campus we’ll just need to ensure the Puppet modules function as expected. Richard already put a considerable amount of work into getting the cloned Puppet modules to work with his test setup. This work needs to be migrated into the core modules and tested before being pushed to all of campus.
  • We had some more discussion surrounding the future modular version of Realm. This included incorporating Jenkins CI as a new build system. Jack’s build system has to date worked quite well, but was also built at a time when services like Jenkins were in their infancy. One of our concerns is that the number of people who fully understand or can administer Jack’s build system is limited. Incorporating newer more industry standard tools (Puppet and Jenkins for example), would bring NCSU more in line with other universities/companies, and hopefully decrease the learning curve for new sysadmins on campus.

Updates from Puppet Best Practices Committee

  • We want to start cleaning up our code. Please start to use puppet-lint
    on your code to make it a bit easier to read.  You can install puppet lint on your
    computer using the following puppet code.
    package { 'puppet-lint': ensure => '1.1.0', provider => 'gem', }
  • We discussed multiple ways we could layout puppet (the code) to
    allow for inheritance and federation. Using git/GitHub and possible
    module path assumptions nothing was really decided.
  • Hearing from users who are new to Puppet that documentation is spare or not very well done.  We ask that, moving forward, everyone one do the best they can do properly document any newly created modules.
  • We want to setup a “secure” database that will hold things like root
    passwords/ certs, ssh keys  and the like. Then we use hiera to connect
    to that and pull all our secure information from a single secure source.
    That leaves the puppetdb open to contain all sorts of data without us
    worrying that it may contain stuff that we really don’t want to have
    open to everyone.
  • You can download the Puppet Pro book from the NCSU Library.
  • Next meeting is 2/25/15 @ 1:30 – 2:50pm (BoM 115).

Various other updates

  • core-modules are now being pulled from the GitHub repositories instead of AFS space.  Global modules to follow next.