> From: Phil Pennock [mailto:lopsa-t...@spodhuis.org] > > If you want to build manually, then snapshot: Docker > can be used in vmware or virtualbox or AWS or whatever: Packer
Thanks, I'm going to look at Docker and Packer too. So far, Ansible or Nothing seem to be the most comfortable fits. Blueprint maybe too - the only problem is - and maybe this is solvable - Blueprint is way more verbose than needed. I don't see any easy way to inspect the contents of a blueprint and modify for a similar but different system. And it includes boat loads of stuff that's not strictly necessary - If you have a base Centos installation, and you "sudo yum -y groupinstall base" then you get a decent baseline system, including selinux, but I observed the contents of the Blueprint included snapshots of all the selinux policies, which should not be necessary. Ideally, after a minimal centos install and yum groupinstall base, the "blueprint" should be just "Centos Minimal, and yum groupinstall base." Instead, it's a massive data structure... > It's just that we've moved from a world where machines are set up rarely > and repetitive tasks are scripts you write for users on those machines, > to a world where "machines" should be spun up in at most minutes, are > spun up frequently, and the end-users normally don't have accounts on > those machines. So the focus of the sysadmin automation moves to I don't really understand the use case of frequent spinning up machines - except in a few circumstances, such as to create a pristine QA environment for testing some development code. The two specific tasks at hand that I want to improve are: At one company, I inherited a single production server with boat loads of customized services on it. Apache with lots of modifications to the config files and document roots etc, plus dependent packages php and zend, mysql, ldap, rsnapshot, etc installed. Mysql I can handle easily enough. Automating the installation of the LDAP data seems to be nearly impossible. Even a manual one-time backup and clone to a new machine for development purposes is nearly impossible. The idea that we can automate the build of a dev clone environment and expect that we'll just "reapply" the thoroughly tested dev procedure into production is ... Perhaps not infeasible, but nearly so. The other specific task at hand is a drupal server. Yes I think I can automate installation of system packages and hardening, setting of document root, deploying the drupal core and all the modules, and even restoration of the mysql database and populating the various data directories and setting permissions. But then there's tons of details such as ... The mysql database is actually on a separate mechine. Usernames are "username@IPAddress" or whatever. Now in order to automate that, I'll have to automate the backup & restore of the database, and also automate the editing of all the mysql user credentials and firewall rules that only allow mysql connections from the specified IP addresses, and .... You get the idea. I don't understand how people expect this sort of setup to be repetitious, spun up frequently, or anything *other* than "do it by hand, one time, and document what you do as you go along." Even when an Amazon machine crashes, and comes up with a different IP address, the formerly automated process of setting the mysql user credentials and firewall rules have now broken, because of a simple IP change. Yes we have a documented procedure, copy & paste a dozen lines, to fix that when it occurs, but it seems like automating it would make it *more* work, not less. Plus, you have to learn a new language? Ruby and/or YAML, whatever... Next time you hire somebody, this is a requirement to be on their resume... There's something to be said for using lowest-common-denominator technologies because then you can hire *anybody* to do it. It's very clear to me why the automating community perceives people like me resisting adoption - it's very clear that it's the clear right thing to do if you're managing a compute farm, or a bunch of identical systems, but I'm having a hard time coming to grips with the idea that automation should be used by everyone, or even, anything other than compute farms. I don't have repetitive tasks that waste my time. I only have the desire to migrate systems from Centos 6 to Centos 7, or from Amazon to Vmware, or whatever. And the desire to confidently tell management, "Yes, even if all of AWS US East were to be submerged by a tsunami, I could restore services in a reasonable period of time." _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
