I like very much your focus on knowledge management. This is the future of configuration management, as you know I believe.
Addendum: I just wrote a blog/piece for ;login: also on my personal webpage about business value and system administration, and followed up by introducing "Business value tracking" in cfengine 3. This means you can attach a dollar value to each promise kept and work out what your automation is worth. It's a simple idea, but I think this could help to raise the perception of sysadmins and automation within organizations. M Justin Lloyd wrote: > Mark, > > I agree with you 100%. I'm absolutely for "voluntary cooperation", I've been > working hard to explain the benefits to everyone involved and getting them to > want this. Even groups outside our department and our Director and CIO have a > high interest getting this going. > > I bring up the issue not to ask how to force Cfengine on people and make them > work a certain way, but rather to illustrate the problem of knowledge and > process. My team is on board with using it but right now I'm the only person > who understands Cfengine and how to create and modify the policy. But for > example, if it's 3 AM and the Unix on-call person needs to make an emergency > fix just to get a system functional again, they may not know if the change > they're making will be wiped out by Cfengine in the next 5 minutes, but they > may also not yet know how to update or extend the policy to manage the change > they need to make. > > As I laid out in my original email, I can see several ways to educate my team > so I can hand this off to them entirely. (Technically, they're my former team > since I’m not on our Unix team any more but now a parallel "Infrastructure > Engineer" team of my own.) I just wanted to hear from others how they've > handled this sort of coordination. > > On a side note, to speak to your response about managing NFS filesystems, > that was just one approach. I like the idea of Cfengine enforcing only > "approved" mounts in /etc/fstab and automounter files (or netgroups in > /etc/passwd, etc.) but we certainly may need to give more latitude in such > configurations. > > Thanks, > Justin > > > -----Original Message----- > From: Mark Burgess [mailto:mark.burg...@iu.hio.no] > Sent: Monday, February 01, 2010 12:20 PM > To: Justin Lloyd > Cc: help-cfengine@cfengine.org > Subject: Re: Team-based Cfengine Management > > > To paraphrase Mr Krizak on a different occasion, "think voluntary > cooperation". It works > for politics as well as technical work. This is how cfengine began the notion > of autonomy > in the first place -- at a university where everyone wanted to control their > own box. > > When you have people who need to feel in control, you give the them power to > override and > engage them with voluntary cooperation. No one want to feel they are being > overrun by "The > Man", but controlling everything yourself is exhausting and most people lose > interest in > the end. You could present cfengine as something that helps them in their > lives, reduces > their burdens, and brings order and documentation. > > There are many ways to use cfengine. If I could just count the number of > times I've read > that "Cfengine forces you to...." and cringed. Cfengine doesn't force you to > do anything, > but admins often have poor imaginations and use it to carpet bomb their > systems into > compliance. I tend to believe in a lighter touch - less is more. Unless you > have mandatory > compliance issues (The Law -- did you say the Lieu?), I don't recommend > controlling > anything that doesn't show signs of running wild. You can insert new mounts > without > destroying old ones, for instance. > > Justin, you are a skilled power-user. With great power ... ;-) > > Mark > > Justin Lloyd wrote: >> Hi all, >> >> >> >> For those of you who are part of a team that manage a Cfengine-based >> environment, how do you prevent people from making local changes to >> things that are managed by Cfengine, thus causing local changes to get >> wiped out? For example, if Cfengine manages all NFS mounts in /etc/fstab >> on Linux systems and someone manually adds such an entry to a host which >> Cfengine later wipes out when enforcing just its specified NFS mounts. >> Things that come to mind are: >> >> >> >> · Change Control - well-defined dept/company procedures for >> change approval, and all changes to systems should be done only through >> Cfengine policy, never locally on any system >> >> · Automated Comments - have Cfengine add comment headers to >> files it manages >> >> · Documentation - thoroughly and clearly comment the policy >> files and also create external documentation, such as an easily >> searchable wiki, that people can read to find out what is managed by >> Cfengine >> >> · Training and Communications - teach the team what is managed >> by Cfengine and have good communications channels (email list, team >> meetings, etc.) to review when the policy is updated to manage new things >> >> >> >> Let me know if you have other ideas and how well they’ve worked for you. >> >> >> >> Thanks, >> >> Justin >> >> >> >> This electronic communication and any attachments may contain confidential >> and proprietary >> information of DigitalGlobe, Inc. If you are not the intended recipient, or >> an agent or employee >> responsible for delivering this communication to the intended recipient, or >> if you have received >> this communication in error, please do not print, copy, retransmit, >> disseminate or >> otherwise use the information. Please indicate to the sender that you have >> received this >> communication in error, and delete the copy you received. DigitalGlobe >> reserves the >> right to monitor any electronic communication sent or received by its >> employees, agents >> or representatives. >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine > -- Mark Burgess ------------------------------------------------- Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 ------------------------------------------------- _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
