On Tue, May 4, 2010 at 6:42 PM, Matt Lawrence <[email protected]> wrote: > On Tue, 4 May 2010, Tracy Reed wrote: > >> Correct. Kickstart should just get the basics (partitioning, basic >> software installed, network connectivity of some sort >> configured). Then I suggest puppet (my favorite) or cfengine/chef/bcfg >> or whatever to handly everything from then on. The biggest problem >> with their current setup being that %post only runs once and that is >> at install time. After that you can never make configuration changes >> again in an automated way without something like puppet etc. > > *I* know this, I'm trying to find serious references citing "best > practices" so I can go chat with management. > >>> So, I'm looking for references to best practices that I can take to my >>> boss and other management on the preferred way of doing RHEL kickstarts >>> and configuration management. Any suggestions? TAL? >> >> Don't forget to check the current kickstart into version control if >> that hasn't been done already so you can keep track of where you have >> been config-wise. > > I have a rant about old time Solaris admins constantly wanting to do > things the hard way that I will not post here, so lets just say these > folks have probably never even heard of using version control related to > systems administration. > > Also some of their security practices are terrifying and not just because > I recently passed my CISSP exam. I hope that (big A) auditors never ask > me anything. > > -- Matt
No one likes to be told (or treated as if) what they are doing it wrong. It will probably go a long way by taking the position that "what you have already is a good improvement over nothing at all, but I think we can take it to the next level". You will have to fight against the "I don't see any reason to change" argument, but it's much easier to discuss the benefits of improvements when you've already acknowledged that what's there is a decent baseline, and that you're building on top if it instead of throwing it out. Inevitably, you will reach a point where you need to stop using the giant kickstart %post and start relying on config management, but by that time it will be a natural part of the project. As you seem to already know, people are territorial and that just the way it is. You will be the same way when someone else comes in and criticizes the setup you've been working on for years because you will be proud of what you have done. If you can turn it into a chance for this guy to *improve* instead of *be proved wrong*, you have better chance of having an easier time with it. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
