This post is also available in: Spanish
Administration of Server Configuration (ASC)
We must first introduce you, in a basic way, what the Administration of Server Configuration (ASC) is. We have already told you the story of Manolo, version 1.0, a very determined administrator, but poorly used by the company. Of course, our Manolo knows the basic tools that every System Administrator should have in his repertoire, both for the GNU/Linux environment and for Microsoft Windows®; the tools for networks are also known as well. However, every time he has to deploy – or repair – a server, he has to repeat the whole procedure manually.
We have already made a brief summary on how to manage and monitor an Active Directory database (Windows® distributed directory service) in a comparison of Pandora FMS and PRTG, and through this tool we could deploy (install, update, repair) applications in the computers of our networks under supervision, even with the help of Powershell and WMI technology.
In this same context is the Administration of Server Configuration (ASC), which is an excellent tool that looks more like a Swiss Army Knife, due to its many fields of application. One of those fields is monitoring, a task in which Pandora FMS offers wide experience and flexibility in its management and we will introduce here some aspects of ASC.
Introduction to ASC
The job of managing servers (web, database, DNS, etc.) is a difficult and repetitive task. Any good System Administrator who has to perform any task should be proactive enough to save it and use it at a different time, either for tomorrow, next month or next year. This is where automation plays a key role in ASC.
The ASC is the mechanism used for a server to reach the necessary conditions to host a service (work or task) that is needed, through the use of predefined scripts in a specific language and its characteristics.
This is the core, the reason for the ASC, so it is sometimes referred to as Configuration Management Tools or Information Technology Automation Tools, as well as Server Orchestration.
Benefits of ASC
- Version control of scripts: a team of System Administrators can work with Git and propose, create and modify scripts to fine-tune a server, and can track changes in detail and be audited and establish responsibilities, if necessary. We are talking about System Administrators who carry out their tasks as programmers in the same way (somewhat abstract- and structured), being able to replicate and/or share it in many different environments.
- Rapid supply of new servers: physical or virtual machines with the desired operating system can be upgraded in a short time.
- Rapid disaster recovery: the previous section enables a downed server to be replaced while we find the cause of the failure and prevent it from happening again.
- One-of-a-kind server cloning: it is well known that no two snowflakes are identical. This is why servers with a combination of unique software and parameters are called snowflakes servers. Since ASC keeps a detailed account of all the steps and operations to which they have to be subjected, it is easy to repeat the assembly of a server, regardless of how unique its configuration and software agglomeration may be.
- Blue-Green implementations: if you’ve read our article about new software implementations on identical machines to those in production, you will understand that with ASC they do not interfere at all with the real system in operation; we will only apply these scripts again to the new test machines and we will have an identical environment to the production one.
ASC operating models
As we mentioned, we can group these applications in this article by their ultimate purpose, their final aims, but the way they do it and the way they work is where the difference lies. Therefore, we can specify the points that we consider essential and common to all of them:
- Communities that contribute to it: Do you remember that we talked about System Administrators who worked in the same way as programmers? This is a common feature in ASC, the large number of files available to adapt them to our own needs and then share them back to the world. This saves us – and our colleagues – a great deal of time and effort (by contributing with our modifications)!
- Structured templates: each ASC shares the same use of reusable templates that allow dynamic values, which leads us back to the “programming” of scripts. We can, for example, “number” the names of the servers in order to assign them a unique name in the network. This seemingly simple operation involves a feedback system to analyze if the installation was successful, to proceed to assign a number, save that value and start the cycle again. Here we are outlining the idea of ASC monitoring itself, we need to know how each ASC performs its work (the specific details therefore depend on each ASC in particular).
- Structured template languages: All ASC that offer structured templates are ruled by specific rules, either their own or standardized in other languages. We have to learn how to write such formats and then keep track of the versions (see benefits of ASC).
- Global variables of the local area network: assigning names to servers in an automated way -progressive numbering in this case- leads us to control other variables, such as, for example, the private IP addresses that the servers will have. Pandora FMS has an IP address management (known as IPAM) and we even talked about PHPIpam, a powerful software that plans and manages all the work in an automated way. Therefore, an ASC must be able to consult such system facts and include them in the structured templates we mentioned earlier. Other facts of the system can be the operating systems used, the network interfaces (cabling, WIFI, their connection speeds), etc.
- Integration with monitoring: another fact of the system is that all ASC must be able to alert the monitoring system about major changes that need to be made in order to “deactivate” it and to avoid false positives on the alarm panels. Once its work is finished, “activate” the software again, in our case Pandora FMS. This means secure communications and protocol compatibility.
- “Idempotence” behaviour: we borrow this term from mathematics – which is a passion of ours in the engineering field – and most of the time is a desirable behaviour in ASC. The idea is that our scripts always produce the same result (status) on our servers. But as we all know, a program that is already installed and running does not need to be reinstalled. In order to do this, structured templates must be able to determine whether installation or even reinstallation is necessary: we often need a certain exact version (executables, libraries) for our tools to work. A willing and well-meaning employee may update a server and render it inoperative for our purposes and here we can direct our ASC to periodically visit our servers and verify that everything is in order. Again we insist on the issue of monitoring: with Pandora FMS we can -and must- be aware that it has been restored to the previous version and create an incident management with Integria IMS, so that the employee is notified via email about the reasons behind not updating certain libraries in the computer under its jurisdiction.
Several programs operate in this area, but first we must name CFEngine, created by Dr. Mark Burgess in 1993 and who together with graduate students had different problems with computers that used to run different versions of UNIX. In 1998, Burgess launched a theory about self-healing systems, which took up his time until 2004, and it wasn’t until 2008 that our good doctor grasped the benefits of releasing CFEngine version 3 (now they’re going for 3.10.3).
They say that necessity is the mother of inventions and that project is still up to date. Although it is not in the official Ubuntu repositories, we can install it quickly with this script if you want to try the community version (available for other platforms):
sudo add-apt-repository 'deb http://cfengine.com/pub/apt/packages stable main'
wget http://cfengine.com/pub/gpg.key -O /tmp/gpg.key
sudo apt-key add /tmp/gpg.key
sudo apt-get update && sudo apt-get install cfengine-community
There are also other programs. Without it being a definitive list, we can name:
- Puppet (free software and enterprise version, GNU/Linux and Windows® environment).
- Ansible (free software, GNU/Linux environment).
- Chef (free software; GNU/Linux and Windows® environment client version, GNU/Linux environment server version).
- Salt o SaltStack (free software written in Python language, GNU/Linux and Windows® environment).
- Otter (software privativo, plataforma Windows®).
The first of these tools, Puppet, was discussed in detail by one of our colleagues in 2014. At that time we used Puppet as a tool to install Pandora FMS agents, but in the second half of the article we exposed the monitoring of the server that runs Puppet itself. Since four years have gone by, we believe it is appropriate to conclude with a brief update of this article.
Puppet: features of this ASC
You already know what a Puppet is and Puppet Master means puppeteer and that is the role of the server where Puppet is installed. In order to distinguish the puppets he runs, they are called Nodes. Puppet does not “talk” directly to the computer to be controlled, but an agent must be installed to open the communications.
- Due to the use of nodes, its administration is centralized around the corresponding Puppet Master (although self-administered nodes are possible, we do not recommend them).
- Uses Ruby language, but in a particular way.
- Their scripts are based on Manifestos and a group of them form a Module. These Manifests are saved in each Node and must be regularly synchronized with the Puppet Master (each System Administrator decides this aspect).
- Such scripts or batch files may be applied in a non-sequential manner.
- Keeping digital certificates for secure communications is important!
Like CFEngine, Puppet is not in the official Ubuntu repositories, so we will need to run the following commands (for other OS):
sudo wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
sudo apt-get update && sudo apt-get -y install puppetmaster
In this your blog we are concerned to link all that Pandora FMS can do for you (don’t hesitate to contact us), because we gather a collection of knowledge, and experiences (which is the name we give to our own mistakes) so that you can take advantage of them -and avoid repeating mistakes– in your works. We are a community that integrates and shares information and publications to offer you a complete and connected overview of the science – and art – of the monitoring world. Until the next article, you can leave a message below in the comments section!!
Redactor técnico. Comenzó a estudiar ingeniería en 1987 y a programar con software privativo. Ahora tiene un blog en el que difunde el conocimiento del software libre.