On 1 Feb 2010, at 5:47 pm, Justin Lloyd wrote: > * Change Control - well-defined dept/company procedures for > change approval, and all changes to systems should be done only > through > Cfengine policy, never locally on any system
Change approval, if made an absolute blanket rule, can really slow work to a crawl. I guess it depends on the business whether that cost is worth it. In academia, it probably isn't, but in a bank it is. > * Automated Comments - have Cfengine add comment headers to > files it manages We definitely do that. > * Documentation - thoroughly and clearly comment the policy > files and also create external documentation, such as an easily > searchable wiki, that people can read to find out what is managed by > Cfengine We do some of that, although not as well as we should. Documentation has a tendency to become outdated. > * Training and Communications - teach the team what is managed > by Cfengine and have good communications channels (email list, team > meetings, etc.) to review when the policy is updated to manage new > things Our cfengine config is stored in CVS. Any commit to it is automatically emailed to the entire Systems team, showing the diff, so no-one can ever claim they didn't know about a change. There's a window of opportunity to say no to it there too, because the commit to the CVS server happens before the cvs update on the policy server makes it go live. Education is key though. Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
