How to manage a FreeBSD infrastructure
But what if your infrastructure has more than 10 FreeBSD systems? Then things can get more complicated and time consuming if you just stick with the standard tools. I manage more than 20 FreeBSD systems just in my spare time. To keep these systems up and running smoothly and securely I have to be smart and efficient.
The FreeBSD ecosystem has the right tools to do this! And these will be discussed in this post.
The following subjects are discussed:
- packages (and ports)
- system and configuration management
- monitoring and alerting
To run services on an operating system you need to install and configure software. FreeBSD provides 2 ways to install software:
The downsides of using the FreeBSD ports are:
- installing and updating the software is slow
- the ports are not scaleble, you have to use it on each host or share a ports tree with i.e. NFS
The downside of using the FreeBSD binary packages is:
- that the binary package is compiled with the default settings and options. You may want to enable different settings and options for your requirements!
Poudriere is primarily, as the link says, a tool designed to test package production on FreeBSD. However, you can use it to make your own package repository! With this all the above downsides are gone!
And to finish this section some links to how to make your own package repository using Poudriere:
System and configuration management
To get some efficiency on managing your servers you need a system and configuration management solution. I have been managing and configuring my FreeBSD systems by hand for many many years. This took just to much time. It happened a few times already that I couldn’t keep up with the demand to manage my own servers. The consequence was that systems got in such a bad shape that I had to rebuild them.
I haven’t done any comparison of these 3. SaltStack was new to me when I first heard of it. I knew both Puppet and Ansible at the time, but only theoretically. The remote execution functionality of SaltStack was very appealing to me, so I started playing with it. When this post is published I will have it deployed in production.
This is not about which one is better or worse or which one fits your requirements best. This is about using a system and management solution or not for your FreeBSD environment.
To conclude this section: yes I recommend using a system and configuration management solution. It means investing some time and effort but it will pay you back!
Monitoring and alerting
After you have configured your systems you can monitor them. Or you have to monitor them. Or not. This chapter is about the kind of monitoring where you check that something works or not. I.e. that a daemon or service is running. Or that the amount of diskspace left is more than 20% of the total diskspace. Or that a database transaction is happening as you want it. And what if that something does not work as it supposed to? Then we want to get an alert. Alerting can be sending an e-mail, sending a SNMP trap or change color of a traffic light from green to red on a web-interface. Let me be clear this is not reporting. Reporting is something else!
So what monitoring solutions are available in the FreeBSD ports :
Yes, I recommend to monitor your FreeBSD servers. You just have to know if important infrastructure elements like DNS work as you want and expect. You also want to know if the functionalities you provide to your users work as expected. You want to know if something brakes (or is going to brake) before your users do!
Use the tool you like. I currently use Nagios because it satisfies my needs and requirements.
Reporting on infrastructure elements allowes you to see trends happening such that you can avoid incidents and faults. It allowes you to see i.e. that your storage fills up or that the CPU usage of one of your hypervisor nodes grows. It is therefore important that if you implement reporting that you periodically review the produced reports.
Some of the reporting tools available in the FreeBSD ports are :
This list is not complete. More reporting tools are out there. Munin has also some alerting capabilities and other reporting tools have this capability as well.
I use Munin as I find it quite easy to setup and it provides the reports I need.
A suitable tool is available for you in the FreeBSD ports, just make sure you periodically review the reports the tool produces!
Some resources used for subject: