I am thinking about creating a linux appliance (probably using xubuntu booting from a USB drive, FYI) and I'm curious about how best to perform remote updates and administration.
The use case I want to support, is to have this box at a remote location out of my control (someone's house or office) and I want to update it remotely to patch something, alter it's configuration, maybe just upgrade the OS or applications on it for example.
At a dead-simple one-by-one situation, I figure that if it's running the entire OS in RAM, I should be able to remotely overwrite the OS image on the USB drive and tell the machine to reboot for the changes to take effect.
However, I got to thinking that I can't be the first guy with this problem. So what software/conifguration is available to manage a remote set of (very similar if not identical) appliances. I'd also love to have a dashboard where I can dive into each box to diagnose problems too -- but the idea of remote updates (especially in bulk) seems like a whole new problem.
Any help?
For remote access, I'd have each machine establish an OpenVPN tunnel to a central location. This gets around NAT problems, and ensures that any protocol you might have to use that isn't encrypted by default is kept secured.
As far as updates go, I'm going to continue to beat on the Puppet drum. It really is the best way currently in existence to automatically manage and update a number of identical or near-identical machines.
If you haven't taken a look at eBox for a dashboard/appliance/remote-admin type situation I would highly recommend it.
http://ebox-platform.com/
https://help.ubuntu.com/community/eBox
As a heads up don't install the packages in the Ubuntu repository. Use the official packages from from the eBox website or use their Ubuntu installation ISO.
I think a common technique is to run the image in some sort of chroot. That way you can install a new package containing a new chroot environment with all the updates etc without affecting the "master" OS.
A few dashboards, off the top of my head:
Webmin
XPanel
HyperVM (Note: recent security problems).
Just ssh in. You can do everything from a shell. Ubuntu's aptitude programme is able to upgrade every part of the operating system from a shell.
You can use ssh with x-forwarding. This allows you to run any application on the remote machine to be displayed on your own computer.
You can update packages and apply patches without re-install. But if you feel reinstalling is necessary then you can run one OS in virtualized environment. That way you can always update the guest OS. Only thing you may want to update in host OS is the software you use for virtualization support.
Other than this you can use chroot environment and open VPN tunnels to get around NAT as other uses have suggested.