On Fri, 2005-11-18 at 18:42, Alva Couch wrote: > The key here is that for reversions to be effective, they must stay > in the configuration until it is absolutely sure that all stations > have applied them. In a very large network, one is likely never > sure, so one can *never* remove the reversions from the config file.
Your "typical example of user thinking" is utterly contrived and muddy in its logic, which is a "typical" problem with theoretical analyses. As soon as you remove yourself from real experience and real examples, your conclusions become equally tenuous. If you can *never* be sure your revisions have been applied, well then you can *never* be sure that the original assertion was made, and likewise you can never even be sure that your nodes are being managed at all. (At this realization, the sysadmin might begin to question his/her purpose in life. Infinity and eternity make for fascinating conundrums, but are pretty hard to manage a network around.) You said yesterday, "The solution to the problem under discusssion is easy. One must enter a command into the configuration that performs the rollback." Well, duh, why didn't someone else think of that? This beautifully simple notion continues on to "keeping gold servers around", or other initial snapshot, as being a real solutions to rollback. These ideas sound great from a cerebral perspective, but fall way short for anyone who's really had to backpedal and consider all the side-effects and interactions involved. "Rollbacks" and "gold servers" are expressions of the naive thought that you can ever go back in time, as if swapping in a copy of the disk you had yesterday would necessarily get you out of the jam you're in today, or as if that gilded state is something static. The reality is that the mail server built a month ago is NOT what I want today. In fact, the only gold servers are the ones running at this moment, and that state is contained and described and managed by cfengine. If we screw up, there is absolutely no way around THINKING about how to undo the damage done, and move FORWARD. Do I have to keep that clean-up code around "forever"? Pedantic nonsense. -Ed _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
