How long does it take you, to recover an arbitrary server, or duplicate an arbitrary running configuration to a new system? Especially in the latter case without a full-backup, which would contain a wrong IP Address, Hostname and other things and would therefore eventually break some things - and are storage-exhaustive. Get into FAI - Fully Automatic Installation. FAI http://www.informatik.uni-koeln.de/fai/) is a framework for completely automated installations - via LAN, CD or USB stick, as well as configuration management for running systems. The concept "Plan your installation, and FAi installs your plan" supports, but also requires building a well planned and documented infrastructure. Configuration properties can be defined into the smallest possible Detail, and then be arbitrarily combined - a great advantage in environments with many different system types, which at the same time share one or multiple common bases and settings. FAI makes it possible to install and change many different systems at the same time. In addition to all these things, with the grml-live software, FAI can even be used to build live cd's/usb sticks. This talk will give an overview of the functionality and possibilities of FAI, including a comparison with the also renowned software for similar, but not completely the same tasks, Puppet - which can even be integrated into FAI.

1. Automatic System Installations
And Change Management
with
FAI

2. Speaker

3. Henning
Sprang

5. OpenSource
consultant,
developer,
author

6. Interests

7. Systems management
Software development
QA and testing
Virtualization

8. FAI Team member

9. About system
installations

10. Do You...

11. ...use FAI already?

12. Another auto-installer or
config management
tool?

13. wonder how to
rebuilt/restore
configurations?

14. manually tinkered
and tweaked over
long time

15. Exactly, really

16. quick

17. Disk images

18. Create templates from
``proper'' installations

19. Copy when needed and adjust
them as needed

20. Pros

21. low learning cost
Simple and fast implementation: cp/rsync/tar/dd

22. Cons

23. Inflexible - the smallest change requires
rebuilding the image
Still manual work needed to get a installed
system
Storage cost linear to number of different
configurations

24. Configuration
with shell scripts

25. Manual work
replaced by shell scripts

26. Pros

27. Much lower storage cost
Higher flexibility
Tailor made

28. Cons

29. Full-blown development project
(you'll realize after a while)
You solve every problem on your own, instead of
reusing work of others

30. Use available
Auto-Installer

31. Anaconda / Kickstart:
Fedora-based

32. Autoyast: SuSE-based

33. Nlite/Unattend:
Windows in many flavours

34. FAI:
Debian-based,
Fedora-based,
SuSE-based,
Windows experimental,
Solaris possible

35. Others:
Solaris Jumpstart
RedHat Cobbler/Koan

36. About FAI

37. Why FAI?

38. Shellscript-based
Simple, Flexible, easy to extend

39. Community support by
seasoned quot;`Installersquot;'

40. Diverse client- and server-
distributions

41. Multiple installation types
and
system updates

42. Can be used for real hardware
and virtualization systems

43. One-Step-Install
bare metal
to
fully working system

44. Easily integrate other tools
CFEngine
Puppet
Custom scripts

45. History

46. Started 1999 by Thomas Lange
at the University of cologne

47. Base idea:
structured and planned
installation

48. Plan your installation, and FAI
installs your plan

49. Part of the Debian Distribution

50. Today about 10 active
developers, small but nice
community

51. Since 2005 softupdates from
Henning Glawe included

52. Who
is using it
for what?

53. EDF uses FAI (with GOSA) for
some research clusters

54. LiMux in Munich:
installs/updates 400(to be 14000)
clients/servers

55. Multiple top 500 High
Performance Clusters

56. Small home networks
starting from 2 systems

57. GRML admin live CD
built with FAI

58. Functionality

59. Overview

60. FAI classes

61. A class
defines system properties
and actions to be taken

62. Class-assignment with
simple texfile,
database,
or scripts

63. Systems can be assigned to
multiple classes
combined at will

64. Server-distribution:

65. Debian-based
Dependencies:
Perl, NFS, TFTP, debootstrap
So, easy to port!

66. Target-distributions:

67. Debian, Redhat, Ubuntu, Suse, Mandriva

68. Different installation types
(networked, CD/USB, chroot)

69. Integrated versioning with
subversion, CVS, git

70. System updates

71. Installation types

72. Network installation
with central install server

73. Client/Server architecture

74. Directly calling
„dirinstall“
for chroots
(Can be easy integrated into xen-tools, ganeti, ...)

75. With grml-live:
Live-CD generation!

76. The
installation/update
process

77. Most important FAI quot;tasksquot;
(steps of installation)

78. defclass:
Class definition(assignment)
for the target system

79. partition:
guess what?! :)

80. extrbase:
Unpack a minimal base image

81. debconf:
apply Debconf preseedings

82. instsoft:
Software package installation

83. Configure:
Run configuration scripts

84. savelog:
Push logfiles on
the install Server

85. Usage details

86. Considerations
and
Planning

87. Installation

88. Decide the matching install type
(net/cd/dirinstall)

89. Plan your installation

90. Use cases
Network and environment
Software-packages
Additional files and config adjustments
Acess control, Identity Management, ...

91. Using mirrors of Internet software repositories

92. Updates

93. How and when
should
which patches
be applied?

94. Testing processes
how do I know the effect of a patch/update?

95. Mirrors of security update repositories?

96. Automatic
(scheduled, timebased)
or
manually
started?

97. Setup and
configuration

98. Installation on Debian:
apt-get install fai-quickstart

99. Adjust install server setup
in /etc/fai

100. fai.conf:
LOGUSER=fai, LOGPROTO=ssh
(for Logging via ssh)
apt/sources.list:
use local mirror if available
make-fai-nfsroot.conf:
local mirror for debootstrap

101. FAI server is configured!
Now create NFSroot:
fai-setup / make-fai-nfsroot

102. For PXE-Boot:
fai-chboot
to set boot-kernel, -options

103. Without PXE / Installation
from CD:
fai-cd

104. Infrastructure services
for network install

105. DNS entry
for server and clients

106. DHCP config:
Host/IP/MAC as usual

107. some FAI-specific stuff:
option root-path quot;/srv/fai/nfsroot ...quot;
server-name quot;faiserverquot;; # boot-server
next-server 172.20.2.64; # tftp server: kernel
filename quot;pxelinux.0quot;;

108. System configurations

109. Configurations for
installation
are stored in
FAI „configspace“

110. Simple text files and scripts

111. requirements from
installation plan
are reflected here

112. Example included in
/usr/share/doc/fai/examples/simple

113. Default location: /srv/fai/config

114. Contents of configspace

115. class
disk_config
basefiles
debconf
package_config
scripts
files
hooks

116. Adjust configspace: class

117. class contains
class- and variable definitions/assignments

118. Simplest way:
assign classes based on hostnames

119. Some sample classes:
FAISERVER, GNOME, DEMO, XORG

120. Any script can be used to assign classes

121. E.G.:
check specific hardware,
MAC or IP,
disk size, . . .

122. Adjust configspace: basefiles

123. Minimal base images for non-Debian
distributions and special uses

124. Task quot;extrbasequot;
checks this directory for
matching images

125. Images named by classes

126. You could also
put an image here
and skip the rest :)

127. Adjust configspace: disk_config

128. detailed control over
partitions and mounting

129. new tool includes lvm and raid setups

130. hard sizes or ranges

131. # example of new config file for setup-storage
#
# <type> <mountpoint> <size> <fs type> <mount options> <misc
options>
disk_config disk1 disklabel:msdos
primary / 250 ext3 rw,errors=remount-ro
logical swap 200-1000 swap rw
logical /var 600-1300 ext3 rw createopts=quot;-m 5quot;
tuneopts=quot;-c 0 -i 0quot;
logical /tmp 100-1G ext3 rw createopts=quot;-m 0quot;
tuneopts=quot;-c 0 -i 0quot;
logical /usr 1G-8G ext3 rw
logical /home 100-50% ext3 rw,nosuid createopts=quot;-m 1quot;
tuneopts=quot;-c 0 -i 0quot;

132. Adjust
configspace:
debconf

133. Presets for package install scripts

134. Only for dpkg-based distributions

135. Works analog to Debian Installer

136. Adjust configspace:
package_config

137. Contents:
files named by class names

138. Purpose:
Define packages to be installed

139. Supports many
installation methods:

140. install (apt-get)
aptitude
taskinst (Debian tasks=Package collections)
urpmi (mandriva)
yumi (Fedora)
y2i (SuSE y2pmsh)
yast (SuSE yast -i)

141. Example package_config/DEMO
from simple examples:
PACKAGES aptitude
fortune-mod fortunes
rstat-client #rstatd
rusers rusersd
# only when also class XORG is defined
PACKAGES aptitude XORG
bb frozen-bubble xpenguins

142. Adjust Configspace:
scripts
#!/bin/bash
#!/bin/perl
#!/usr/bin/cfagent

143. scripts to be executed
after package installation

144. Usually shell-, Perl- and cfengine-scripts

145. Need for others?
just install Interpreter in the NFS-Root

146. Naming scheme:
<CLASSNAME>/<NUMBER>-<SCRIPTNAME>

147. Number defines order of execution

148. SCRIPTNAME arbitrary just for readability

149. scripts example:
.
|-- AMD64
| `-- 99-discover-bug
|-- DEMO
| |-- 10-misc
| `-- 30-demo
|-- FAIBASE
| |-- 10-misc
| |-- 30-interface
| `-- 40-misc
|-- FAISERVER
| |-- 10-conffiles
| `-- 20-copy-mirror
|-- GRUB
| `-- 10-setup
`-- LAST
`-- 50-misc

150. Adjust configspace: files

151. Structure of a filesystem, starting with /

152. classbased copy/unpack

153. For usage with fcopy/ftar

154. Copy single files explicitly, or recursive from /

155. ftar unpacks an archive

156. Target file=directory

157. actually copied source file=CLASSNAME

158. ‘-- etc
|-- X11
| ‘-- xorg.conf
| |-- ATI
sample: | ‘-- NVIDIA
|-- apache2
| ‘-- conf.d
| ‘-- debian-mirror.conf
| ‘--FAISERVER
‘-- fai
‘-- fai.conf
|-- FAISERVER
‘-- FAI_SOFTUPDATE_CLIENT

159. Adjust configspace: hooks

160. Naming scheme:
<TASKNAME>.<CLASSNAME>[.source]

161. Execution before the according task

162. Examples:
partition.XENU
instsoft.FAIBASE
savelog.LAST.source

163. Do the installation

164. Depending on
chosen install type

165. Boot via
PXE
Bootfloppy
install-CD
USB Stick

166. fai dirinstall <TARGETDIR>
into mounted blockdevice

167. Call dirinstall from
xen-tools, Ganeti, . . .

168. Run grml-live

169. Depending on number of
packages it takes 3-30 minutes

170. (automatic)Restart with
production configuration

171. Functionality tests

172. Advanced stuff
Outlook

173. Support stuff for more
distributions: fai-distributions

174. GOSA as LDAP and FAI GUI

175. Automatic Tests
of the installed systems

176. hooks/scripts could check
files and configurations
Crucible Test Framework

177. No LDAP?
Management-Tool/lightweight GUI
without GOSA

178. better configspace layout

179. Comparison
with Puppet

180. LIMITED VALIDITY

181. I Only scratched Puppet's
surface yet!

182. But I try to be unbiased

183. I actually
like puppet
quite well

184. The
Points

185. Puppet has data encryption
functionality!
can distribute secrets!

186. FAI has a simpler
file copying structure
Could be „emulated“ with some
code in puppet.

187. Puppet: only quot;configurationquot;
FAI: also partition and base
install

188. FAI has multiple specific logs
Puppet logs into syslog

189. FAI: config files + scripts
Puppet: everything is a script
(most „config-filish“ - found some strange
syntax skimming through)

190. Puppet:
advanced client/server
config push
FAI: (scripted) ssh into
amanged host, additional tool

191. FAI is a bit more mature - no
youth problems

192. Puppet has some more
advanced distribution
abstractions

193. FAI is still lacking a nice Logo
and website :)

194. BOTH:
cool tools
that you should use!

195. Can work together
well and easy

196. Conclusions

197. FAI is
a powerful tool
for

198. Automatic installation

199. System-Change-Management

200. Structured
approach
required

201. Expect some learning
curve on the way

202. The Big Reward:
less worries
about...

203. getting a config cloned
setting up new machines
restoring after a crash
changing configs on multiple systems

204. Further information:
http://www.informatik.uni-koeln.de/fai/
http://faiwiki.informatik.uni-koeln.de/
IRC-Channel #fai at OFTC-Network
linux-fai-users and linux-fai-devel mailing list
Commercial Support: multiple companies and freelancers

205. ADVERTISEMENT:
to
learn more
or
implement
CALL ME! :)

206. Contact
henning@sprang.de
http://www.sprang.de/

207. THANKS FOR
LISTENING!

208. QUESTIONS?