On Thu, 12 Oct 2006, Narayan Desai wrote:
"Luke" == Luke Crawford <[EMAIL PROTECTED]> writes:
Luke> configuration management systems, but on a conceptual level, I
Luke> simply don't understand how they would usefully work.
Do you mean tools at all, or more researchy systems like autonomics
and the like?
I understand how tools can clone something I configure- but for example
tonight I need to setup a dspam/postfix/ldap mailhub. Essentially, I will
configure each postfix server as if it werw delivering locally for
prgmr.com. then I modify the local delivery transport such that it
forwards to my hub via lmtp.
this is 'standard but weird' and I am having a difficult time visualizing
how a tool would do it (aside from clone and patch)
Clone and patch is something; it enables one guy that understands things
to run a lot more servers than he would otherwise be able to do, but it's
still in the class of 'automating the things SysAdmins alrealdy do' rather
than automatic configuration management. I still have to go in and edit
the configs if I switch to a newer version with different config syntax.
Basically what you are describing here is a set of software
engineering/testing methodologies. Our paper at LISA this year
describes a set of slick ways to integrate timeline and versioning
data into configuration management specification, and the things you
can do with this info once you have it. (All implemented with bcfg2,
of course) I would suggest taking a look at it once it comes
out.
I will. making systemimager work with Freebsd was going to be my next
project but i should do more research before spending that kind of effort.
We have done a lot of this sort of server replication, now that our
specification is complete. We have found that using the configuration
management system to rebuild a system (upon system disk failure or the
like) is frequently faster and easier than going to backups. Producing
multiple instances of the same service in less tense situations is a
breeze. I would greatly suggest you look at bcfg2 for this sort of
thing.
I have used the restore from backup method of replication- it is a very
bad thing. You end up with a 'someone else configured it, then
left' hairball that is excessively difficult to upgrade when security
patches are required. this leads to bosses insisting we not upgrade
(because we screwed it up last time) which leaves me spending time
trying to write exploits (which isn't really my cup of tea, but if I
demonstrate the exploit, the boss lets me upgrade. It's funny; most
bosses don't beleve me when I say that there are attackers that are
smarter than I am, and many more attackers using tools written by people
that are smarter than I am, so we should worry about "theoretical"
exploits as well as those that I can exploit.) this is really what got
me started on the verification/validation path; I'd upgrade something on
a test box, people would check it out, say it is okay, then when I put it
in production, customers would find something we missed. a proper
validation system, even when implemented in nagios, can find errors
better and quicker than a tired admin.
I started this message on the train ride home yesterday, as my bike is in
the shop, but was interupted by a hosting customer customer running an
open mailto script on a phpbb system. Ugh. A perfect example of the
'someone configured it once, then left' hairball. I (obviously) don't
use phpbb and the logging was all screwy, so I didn't know where the open
mailto was. fortunately, the other prgmr.com sysadmin, Neal was able to
figure it out (he has phpbb experience) and disable the offending
script- but if that script was important and phpbb required upgrading,
it would have been quite a job- the customer runs a myspace-like
music-sharing website based on phpbb and oscommerce and some custom PHP.
It was written by some other guy that isn't excited about administering
the thing. The customer is paying us for bandwidth, rackspace and power.
- but when it starts spamming the world, it's still my problem.
Looking at it, I'm not exactly sure where the custom code ends and
phpbb/oscommerce begin, and more importantly, I have no idea what
changes from default phpbb/oscommerce were made. if the developer had
provided some sort of build script, we would be in much better shape, as
I would then only need to port the build script to the updated versions
of phpbb and oscommerce (whereas if I had to make the upgrade now, I
would be tasked with reverse engineering the build script, a problem
compounded by the fact that I doubt I could find unmodified old versions
of the programs in question to do a diff.)
_______________________________________________
lssconf-discuss mailing list
lssconf-discuss@inf.ed.ac.uk
http://lists.inf.ed.ac.uk/mailman/listinfo/lssconf-discuss
