Ask HN: How do you manage on-prem servers?

[craftsquick]

What is the best way to (/how do you) set up on-premise servers to give end-user engineers a cloud-like experience (keeping track of which servers are in use, remote SSHes, network configs, CI/CD, etc)?

[jhoelzel]

Well it really depends on what you need by on-prem-servers

Are you trying to provision services and apps? Kubernetes. Are you trying to provision Virtual machines? have a look at rancher harvester. Are you trying to replicate server setup to make it unified? Ansible Are you trying to explicitly control servers with instructions? Terraform

SSH works in containers too, all you have to do is either open the ports or forward.

Once they finish their ipv6 features, Rancher Harvester is going to be one interesting beast for on-premise. You may setup your virtual machines with the regular kubernetes api (libvirt), provision storage throughout the network and could even dife into software defined everything.

If none of these words mean anything to you though, the most common way for smaller orgs is either ansible or terreaform. Dont complicate things just to make them shiny ;)

[speedgoose]

On prem or in the cloud servers are very similar. I use Terraform, Ansible, kubernetes, teleport, Prometheus, ArgoCD to name a few.

The most complex thing perhaps is to configure the storage encryption with LUKS or similar. You get that for free in the cloud if you don’t care about letting your cloud provider play with your private keys.

[rkwasny]

Ubuntu MAAS to provision servers - when new server arrives guys at the DC just need to plug it in and power it once, everything else is just clicking around.

Pyinfra to manage and install software (I'm fed up with custom DSLs, pyinfra is pure python)

[lathiat]

I work for Canonical so a biased +1 for MAAS (Metal As A Service). It’s got a pretty great workflow where you PXE boot an unknown server and it “commissions” it by cataloguing all its hardware specs and running some hardware tests etc and adding it to the list of available services. It’s ready to deploy through the web interface, cli or API. That installs the OS and pre configures the network and storage and adds your SSH keys. You can give cloud-init metadata the same as a cloud server to bootstrap your next steps or config. It’s multi user so you can track who then deploys and owns the machines by username. We use that for our internal hardware lab as well as deploying OpenStack or Kubernetes using juju to automatically check out the machines which internally sets cloud-init metadata to kickstart the juju install process.

https://maas.io/

If you’re using Ubuntu it’s Pretty great. It does support custom Linux and windows images but the feature set isn’t as good for storage and network config etc and that doesn’t get as much focus as first party Ubuntu deployment. So if your primary OS is something else there may be better tailored solutions.

More generally there is a class of “metal” management solutions you can look at similar like Foreman and OpenStack Ironic that usually have some variation of PXE boot install. Hopefully some others can chime in with good examples or recommendations for those.

May help to share what your primary OS/Distro is and others you need to do.

[jryan49]

Does the dc provide racking servers for you as a service? Or do you have to go out to the dc?

[rkwasny]

Yes, DC provides racking servers, plugging in cables etc. I just write instructions in a ticket.

I go to the data centre from time to time, mostly taking junior engineers for a sightseeing trip to show them how "the cloud" actually looks :-)

If you need colocation in London I can put you in touch.

[athorax]

Ubuntu MaaS, OpenStack Ansible for control plane, Ansible for hypervisor provisioning. Probably overkill unless you are running hundreds of hosts

[more_corn]

Uhg open stack

[l3uwin]

Ubiquity auto-install + Cloud-init to build, Ansible for anything cloud-init can't do, Prometheus , promtail, Loki, grafana to monitor.

[wmf]

I've wanted to try Digital Rebar but I haven't gotten an opportunity yet. I never had good experiences with Canonical MaaS.