[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Network-aware rpm?

From: <hanksdc about-inc com>
To: <rpm-list redhat com>
Subject: Network-aware rpm?
Date: Mon, 16 Jul 2001 15:28:53 +0000 (UTC)

I just wanted to pose some ideas for some software I've been working on for a bit for the feedback of those on this list.

Where I work, we manage a large number of machines whose installation we automate with kickstart, and ensuring each box is uniform after time (and among 6 sysadmins) becomes quite a task. I've done some initial steps using snmp to be able to query a listing of 'rpm -qa' from each box, but doing some thing like 'rpm -q apache' across 50+ machines becomes more difficult as you can't really pass arguments like that with snmp (At least I haven't figured out how to do so yet...).

So what I've been working on is a client-server application called, respectively, nrpm, and nrpmd. I wanted to get this group's feedback, before I get too far into it.

The basic concept is nrpmd listens on a gven port, waiting for incoming connections. The daemon process offers a protocol by which clients can retrieve various information about the set of rpms installed on that machine. So as an example, I could connect to a server, issue a command, and get a listing of all rpms installed on a box (much like an rpm -qa), or just information about a given rpm (rpm -q foo-software), or, another feature I've added - something aking to 'rpm -qa | md5sum' which makes it very easy to see which box out of 50 is out of sync, software wise.

Ultimately it would nice to be able to even tell a given machine to download a certain package and upgrade - all remotely.

I can see the obvious security issues here, and do not plan to nor would I recommend anybody running this on a public IP without some serious firewalling going on. Initially I've implemented something akin to an snmp community string to allow access, but I could forsee something a little more secure such as a public/private key-based system for authentication.

I realize I could get the same sort of functionality with ssh and some passphrase-less keys to make it all automated (ie, 'ssh -i foo_key remote_host rpm -qa'), but I thought it would be nice to have something not quite so hacked together.

Any suggestions, comments, ideas, warnings, etc., would be appreciated.

-- Dan
========================================================================
   Daniel Hanks - Systems/Database Administrator
   About Inc., Web Services Division
   1253 N. Research Way, Suite Q-2500.  Orem, UT 84097
   ph: 801-437-6023  fax: 801-437-6020  email: hanksdc@about-inc.com
========================================================================

Follow-Ups:
- Re: Network-aware rpm?
  - From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []