Systems management and the virtual world
Now that you've stood up your bright shiny new virtualization pod, all of your OS management issues are behind you, right? Not so fast. Virtualization does nothing for you in patch and configuration management, and can actually exacerbate the problem. Many workflows surrounding virtualization lean toward image based techniques, which can be more of a problem than traditional bare-metal techniques. Let’s look at the problems of image management and how you need a systems management solution in a virtual environment as much, if not more, than you do now.
The image based management solutions are great. The golden image install method is a tried and true means for ensuring that your systems all look identical. Disk cloning as a backup and provisioning method has been in the sys admin arsenal for nearly 15 years. As a provisioning and deployment method for IT, it was likely the way your laptop or desktop was built. So what is wrong with the image method?
The technique works well for high speed provisioning of identical hardware. Any changes to hardware platforms require additional work or images. Special care must be taken to match exact hardware specifications to the appropriate image to ensure driver compatibility. Post-install scripting is required to customize the install after it is laid down. Login scripts, computer profiles and DHCP addressing can alleviate the need for post-install work by pushing large amounts of customization off the generic image to centralized servers.
Image based solutions are no help once the OS is installed. In fact, patching increases the amount of work on admins, by necessitating the creation of updated images every time the acceptable patch level is changed within an organization. The library of images grows as new hardware is introduced through aging, new patches are released by vendors, and new configurations are required by business drivers. This consumes space and time, and leaves part of the management equation untouched. These image based solutions are often now part of a larger management suite, like Symantec's Altiris.
If not image based provisioning, what is the method of choice that can combine repeatable installations with the flexibility of update management and easing configuration changes? Within the Red Hat world, that solution is Satellite.
Based in the Red Hat kickstart installation methods, Red Hat Satellite combines a flexible stanza based install system with the Cobbler automation framework and native update management. Why a script based install over an image based install? Kickstart installs allow you to exercise the same levels of standardization across multiple platforms. Controlling the installation at the package and configuration layer instead of a binary image blob eliminates the issues with driver differences for different hardware platforms. The flexible keyword based files allow for complex customizations like firewall rules, SELinux enforcement, network configurations, advanced partitioning schemes and logical volume creation.
The addition of the Cobbler automation framework introduces even more power to the kickstart method. Using the templating features of Cobbler allows admins to reduce the size and complexity of kickstart files by creating code snippets to reuse for common stanzas. Conditionals, loops and other advanced features can extend and enhance the base kickstart syntax to reduce complexity. Cobbler can also be used to disconnect Satellite from the Internet for high-security environments. There's even basic configuration management capabilities that complement the configuration management capacity of Satellite. All of this leads to the elimination of maintaining and creating images to deal with hardware age out, baseline package changes or updated business needs.
What's the trade off for flexibility? Speed. An image based management solution can copy and start a new image rapidly. A scripted installer takes more time. What's the real world impact? An image based VM could be ready to go in a few minutes, say 2. A complex scripted install could take up to 10 minutes. In a fire and forget installation world at the speed of business, is 8 minutes a critical trade off? I say no. The amount of time saved in managing the images far outweighs the "orders of magnitude" higher provisioning times.
Beyond provisioning, Satellite is a complete update and configuration solution for your Red Hat Linux systems. Errata tracking, custom software and custom configurations are all handled via the same paradigm, the channel. Each channel contains sets of RPMs or files that systems or groups of systems subscribe to in order to receive updates. These channels can be cloned and manipulated to provide complete control over what is installed and updated on each system. Live systems can be compared against the stored profiles and package lists to ensure the configurations don't drift away from the standard. Layering channels allows administrators to have complex sets of software and configurations managed from within a single pane of glass.
The ability to continue managing your install base and roll those changes and updates into your provisioning workflow all from within the same tool is killer. Package based rollback and version controls ensure your updates and systems are clean and restorable. Flexibility combined with stability is the operations mantra. Shouldn't it extend to your tools as well as the services you are delivering?