First off, I'm a "practical" type- a "computer janitor" as it were. I am also a consultant and an Entrepreneur, so I see my job as eliminating my job- I'm quite interested in configuration management systems, but on a conceptual level, I simply don't understand how they would usefully work.

Now, I see you are speaking of validation tools; This is something I understand quite well, and have implemented (perhaps in a more 'bottom up' than 'top down' fashion than the theory types would have) using Nagios; The idea being that those who consume my services should not need to know my phone number, so my policy is to run an external nagios server to monitor every service I provide to other people. As I am checking from an external perspective (sending mail through a mail system, or retrieving a html page and comparing known-good bits) the nagios-with-plugin system can catch just about any configuration error the customer can.

Now, the problem with this is that it catches the error after, not before the error hits production; as I'm doing quite a lot of work with Xen-based paravirtualized servers, I'm thinking about simply running a full test environment with a duplicate of every real server within my virtual environment; then use some tool (perhaps systemimager? maybe systemimager with service-specific scripts to gracefully reload modified servers?) to copy configs from test to production after the test passes validation.

On Thu, 12 Oct 2006, Alva Couch wrote:
You assume that it must be integrated. There is a lot of value, however,
in an out-of-band validator that is not integrated. For one thing, it
tests the configuration tool itself. For another thing, it has an easy
path to adoption. Third, it is easy to write such a validator in small,
orthogonal pieces that don't have to talk to one another. In other
words, the component composition problem (the subject of my student
Yizhan Sun's thesis) goes away, and is replaced with the simpler problem
of comprehensiveness.

"me too" (This is exactly what I do with the nagios setup- as far as I can tell, nagios plus custom perl scripts are a good answer to the validation problem, at least once the configs are production.)

I believe the tools available for validation are adequate. some work could be done to provide better default scripts, and make a default install of nagios more useful, but most of the stuff that requires is only a short google away.

You're assuming that the validator would check "everything". That is not
the role of a validator. It instead checks what it can and reports on
strange situations.

Identifying all the services a customer uses is not trivial, but it is definitely not a 'hard problem' - It is fairly easy to sick a first-year person on that job, or worst case, every time a customer complains of something breaking, add a nagios check for the same thing.

Me, I'm on the list because I'm interested in configuration management; but frankly, my brain it too small to comprehend how you might go about replacing my configuration management duties with a program. I like the idea, I just don't know how you would do any better than a systemimager style "base image for each class of machine, then per-box lists of diffs to apply"

The basic problem that *I* would like the theory people to solve is how to break down the "configure the system" high-level problem into a easy to understand set of tools like nagios that people like me can come in and configure on a low level for each one of our services. Heck, you don't even need to write the actual tools, just describe what the tools need to do (of course, that's what writing the tools would do, right? computer languages are designed to precisely specify what a program ought to do.)

The thing is, until you translate it into reality, someone like me will have no way of understanding what you are speaking of. I joke that I am a computer janitor, but a computer mechanic would probably be a more apt analogy. I don't really understand a thing until I take it apart and put it back together.
lssconf-discuss mailing list

Reply via email to