What is Glue?
Like Microsoft Endpoint Configuration Management (MECM) or JAMF for Apple device configuration management, DIT’s Glue provides configuration management for Red Hat Enterprise Linux (RHEL). Glue isn’t a singular commercial off-the-shelf (COTS) product but comprises commercial and open-source software, scripts, account management, and processes. Glue has been going through a major revision over the past few years. Most of the backend systems that support RHEL 6 (Old Glue v1.5) are being retired, and RHEL 6 itself is being retired and replaced with newer tools and processes that support RHEL 7 and 8 (New Glue v2.0).
What Linux support can DIT offer?
- DIT renews the Enterprise Red Hat campus subscription yearly. Individuals and departments can use this to license the Red Hat OS and Satellite subscriptions at no additional cost.
- DIT renews several campus software licenses hosted on departmental and DIT-owned machines such as ArcGIS, AutoDesk, Mathematica, StarNet (XWin32, FastX, ENVI/IDL,) and SPSS.
- Linux users can license their server directly against Red Hat Subscription Management Portal or inventory their systems in DIT’s Satellite server. Red Hat Satellite will only be used to license RHEL and publish OS patches and daily software updates available in the Red Hat Software Collection. DIT won’t install patches or provide desired state configuration (DCM) in this unmanaged collection.
DIT has deprecated support for RHEL 6 and Glue v1.5, and currently provides support for Red Hat Enterprise Linux (RHEL) versions 7 and 8 with Glue v2.0.
This configuration management solution creates an RHEL 6 image that images servers with rsync, installing the base OS and latest patches. AFS played an important role as it is where configuration files are stored, often referred to as the config tree. Specific configurations, such as running services, printers, users who are allowed to log in, become root, and mounts, are stored in the Config tree. Storing the configurations centrally, and not on the local machine, allows for quicker recovery times and better scaling.
Glue v2.0 is available now to everyone who wants to utilize DIT’s managed enterprise Linux solution. Glue v2.0 is drastically different from the previous solution and utilizes the following technology:
- Red Hat Satellite - Satellite is Red Hat’s enterprise solution for managing Red Hat Enterprise Linux (RHEL). Satellite provinces content management, patch management, provisioning, and subscription management.
- GitLab - GitLab is DIT’s DevOps platform for managing RHEL on-premises and cloud deployments through version-controlled code versus hand-editing single configurations. GitLab allows DIT to manage, plan, create, verify, package, secure, release, configure, monitor, and protect code across several platform teams.
- Puppet/Hiera - Puppet is a tool that helps manage and automate the configuration of servers. Code is version controlled in GitLab throughout the DevOps lifecycle. Puppet, and Hiera, provide desired state management through declarative and hierarchical statements. Currently, DIT has access to this and must implement changes for server owners who utilize Glue v2.0.
- AFS - Andrew File System (AFS) continues to provide end-users access to specific computer settings, such as firewall configuration and user access. AFS is the networked file system that provides users with a centrally managed home directory across all glued machines.
- Kerberos - Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications using secret-key cryptography. DIT cutilizes Heimdal Kerberos for user and system authentication across glued machines.
- Software - The most current list of software, for those mounting AFS, is available at /cell_root/software. There are currently over 400 packages available. Additional Red Hat-supported software/updates are available in the Red Hat Software Collection server owners may install. Additional Red Hat software/updates are available in the Red Hat Software Collection (RHSCL) that server owners may install. DIT recommends only using software from the RHSCL since these updates will be installed via patching versus software repositories not backed by vendor support. Administrators installing software from the RHSCL, or other packages, are responsible for installation, resolving dependencies, and troubleshooting. Non-vendor (Red Hat) software must be monitored by the administrator installing the package and updated.
- Monitoring - Nagios is used for monitoring all DIT systems and is available for host and service monitoring for other administrators that utilize DIT’s managed Linux solution.
- Backups - The Backup and Storage team provide IBM Spectrum Protect backup services for Linux.
Partially managed (customer-owned)
AWS Virtual Server Hosting (AWS VSH)
AWS VSH provides server owners configuration management by utilizing Glue v2.0, DIT’s managed enterprise Linux environment. Servers will be managed/configured like all other DIT-owned servers. The server owners will be responsible for reboots for patch installation, backups, additional software installation, and other tasks related to system administration, as discussed in this article. Several IT Support articles also discuss billing and the EC2 Compute FAQ. Additional Red Hat software/updates are available in the Red Hat Software Collection (RHSCL) that server owners may install. DIT recommends only using software from the RHSCL since these updates will be installed via patching versus software repositories not backed by vendor support. Administrators installing software from the RHSCL, or other packages, are responsible for installation, resolving dependencies, and troubleshooting. Non-vendor (Red Hat) software must be monitored by the administrator installing the package and updated.
Roles and Responsibilities
- Management of the guest operating system (excluding deployments of updates and security patches), including reboots to apply OS patches
- Management of customer application software or utilities (including updates and security patches)
- Management of data backup and recovery
- Identity and Access Management - User Access
- Management of customer-owned physical hardware (including support contracts)
- Management of updates and security patches for the guest operating system
- Management of "campus-wide" application software or utilities (including licensing, updates, and security patches)
- Identity and Access Management - System Admin and Root Access
- Management of access to endpoints to store and retrieve data (including networking and storage)
What can’t DIT support?
- Teach basic Linux skills
- Day-to-day system administration support
- Install specific software packages only used by your group
- Create custom scripts (programming)
- Hardware recommendations
How we communicate with customers
- Puppet RHEL 8 configuration readiness - Upgrading auto-update for DNF versus YUM Cron, Splunk compatibility, backend scripts, and Trendmicro. Major cleanup/merging of older branches in GitLab, removal of old modules, etc.
- Satellite 6.9 to 6.10 upgrades - Product documentation for Red Hat Satellite 6.10
- RHEL 8 deployment and AWS AMI creation process development
- Puppet upgrade to 7.8
- General availability of managed RHEL 8 for Glue 2.0 customers
- General availability of unmanaged RHEL 8 for departmental administrators
- Nagios Core deployment to RHEL 8 and upgrade to the latest version
- AWS Grafana and Prometheus deployment (replacement of Ganglia server metrics and time-series data)