On 02/23/2010 09:33 PM, Seth Vidal wrote:
I've been looking through the code for the minion lookups some more and
I'm wondering - does anyone use the minion delegation code? Just trying
to figure out the use cases people are actually USING it with.
Yeah. We do use it. Right now with just a few hundred machines in two
data centers, in the future with several thousands machines in several
datacenters.
[root@func-01 ~]# echo -n "Number of minions in production: "; func '*'
call --xmlrpc command run 'func "*" list_minions' | grep -c '\.prod\.'
Number of minions in production: 438
[root@func-01 ~]#
The set up is a typical tree. We do have a global overlord which talks
to datacenter overlords. These machines in turn can contact the minions
in each datacenter.
So much for the setup. Functionality wise it's the usual: Restart
services, check services, verify random things with the command module
and do a large amount of code rollouts for a website.
A multi-datacenter system is much easier to handle with the delegation
feature than with a single overlord. For disaster recovery purposes
(think "ohh shit, $LOCATION just went up in flames") it is much easier
to just point the DC overlords to another global overlord than to
repoint several thousand machines. Configuration management tools such
as puppet would make that a manageable task but introduces complexity.
Policy-wise delegation is godsend. At many places it is much, much
easier to get firewall changes approved for one machine crossing
firewall boundaries than have every machine cross it. If compliance
issues (e.g. PCI) come into play, this can be very important.
We are extremely happy with func itself. ssh and sshpass works for
accessing a large number of machines and doing stuff but func is easier
for both one-off calls as well as regular things. The latter is
especially easy with the ability to extend func with modules.
Delegation however would need a bit of work. The current func release
horribly breaks delegation but ssalevan helpfully patched that part on
his github tree but it is not completely there yet. Globbing works,
concatting with a semicolon doesn't which is what I am looking into
right now. :-)
If you have any further questions I am happy to go a bit more into
detail how we use func.
cheers,
andreas
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
