Making Debian Packages from Commercial Software

One of my main goals for a managed infrastructure is to make sure I have consistent versions of end-user applications installed everywhere. My users aren’t too picky about the version of xemacs installed, but they’ve got pretty stringent requirements on having a particular version of ANSYS, Abaqus, Fluent, Maple, Matlab, and other large non-free/no-source-available software […]

Client OS Update

(Original post here.) For the moment, I’m working on Debian GNU/Linux. Everything bought new (since sometime last fall) has the current stable release (4.0r0, or “etch”) installed, and everything older has the previous stable release (3.1r6, or “sarge”). Assuming that I keep apt sources for both the primary Debian archives and their security updates, the […]

Client Application Management (Part 2, for stow packages)

UPDATE: this page largely superceded by the stowedpackage puppet definition. Back in part 1, I outlined how I’m getting a consistent package load on my various hosts with pkgsync and puppet. This works great for things that are already included in Debian. And I’ll make .deb packages of some of our third-party commercial applications, too […]

Directory Servers

(Original here.) This is a relatively quick task on my end. The central ITS department handles DNS, I don’t use automount, and the vast majority of UID/GID mappings I already covered in the Authentication Servers post, though it may technically belong here. One other thing at the bottom of the post bears repeating, even […]

Ad Hoc Change Tools

Most of the cost of desktop ownership is labor [gartner], and using ad hoc change tools increases entropy in an infrastructure, requiring proportionally increased labor. If the increased labor is applied using ad hoc tools, this increases entropy further, and so on — it’s a positive-feedback cycle. Carry on like this for a short time […]

Client Application Management (Part 1, for .deb packages)

(Original writeup here.) Wow, this part has been a learning experience. The things I’ve picked up out of this stage: aptitude is not apt-get. Obvious, yes. But how different they are was not apparent until this weekend. pkgsync is great, and does exactly what it claims, but read its claims very carefully, since it […]

Time Synchronization

Time synchronization makes lots of things work better, including: make Kerberos tar syslog We’ve got a central NTP server on campus, and I’m using that to sync from. Puppet handles ntp and ntpdate configuration on the managed systems. Components of that setup: ntp.pp and ntpdate.pp classes imported from puppet/classes Virtualization-detecting facter recipe (originally from here, […]

The Gold Server

In terminology, the gold server is the one location that all clients check in with to see if they need to make any configuration changes. No changes needed? No changes made. No gold server available right now? No changes made, check back later. In theory, this should be a pretty simple server to provision. […]