by My experience until recently has been from very small shops consisting
of only a few machines, where system administration in each machine
individually has not been burdensome. Now, however, I am one of a
team managing about 40 machines, mostly Suns with mostly Solaris 7 or
8 ( we're migrating to 8) and system administration, which has been
something of a Cinderella, is assuming threateningly large
proportions.
A good deal of yesterday, for example, went to editing user profiles
on only two of the machines in order to eliminate thousands of error
messages in root's mailbox. Now I want to bring some system to our
system administration before we get any bigger.
.profile files, for example. These are very standard, with few
personalised exceptions, and come in three main flavours.
First I considered using include statements in .profile files.
Then I considered using symlinks to a .profile file on a central nfs
mount (with or without include statements).
Next I considered making /export/home a nfs mount to our admin
machine. A slight problem would be in respect of ssh, but ssh_config
could point to another location for each user's .ssh directory. I
don't know how this would affect gnupg, but only two users use gpg yet
so that's not a big deal.
Finally I considered making other directories - for example /usr/local
- nfs mounts. At this point we're getting to the stage where a crash
on the nfs server brings down the whole machine park, so we'd need a
cluster arrangement, which could be on a pair of Linux machines, to
avoid the need for another Veritas cluster.
So here's my question. What's the modern thinking on this topic?
What do you guys do who have not 40 but 400 or 4000 servers to manage?
And how do you handle the machines in the DMZ?
I'm cross-posting this to one other - semi private - list, so
apologies if you see this in two places.
Thanks in advance for your help.
mvh/regards
James