On Tue, Dec 19, 2006 at 06:23:16AM -0700, Clint Pachl wrote:
> I'm not so convinced it is that complex on a homogeneous OpenBSD
> network. OpenBSD is a very manageable system, such as the entire
> OS contained in compressed tarballs for easy extraction and the
> flexible ports system. Both of these entities are easily
> scriptable. Then all there is to worry about is system configs and
> custom binaries, which can be easily managed by CVS. A hierarchal
> CVS structure can be built to mange global (all nodes in network),
> group (groups of similar servers), and single (things specific to
> a node, like /etc/myname) nodes. You apply global settings first,
> overwriting with more specific settings.
You now have an asston of files to keep track of. We did this _exact
thing_ using rsync at my previous job. It sucked. We moved to
cfengine. It sucked less.
> If you implement a "push" system, how do you know if something was
> actually pushed? What if something was pushed, how do you know the
> "pushee" did the right thing with what it was given? This argument
> goes both ways, but solved simply. A system should report what it
> does after it pushes or pulls. The other end should also report.
> So if the results show someone is pushing, but no one is pulling
> or visa-versa, you have a problem. This system could be
> implemented using mail or central syslog.
My point wasn't that it's not possible, but that you have to do it
yourself. There are lots of details that make these management
systems reasonable; if you're building your own, you've got a lot of
work cut out for you. And if you make a mistake, things hit the fan
rather quickly. It's not fun, and, in a lot of cases, not necessary.
[...]
> This is what I don't like to hear: as you say, "It's got
> worts...", "mostly solves the problems.." Why not build something
> that has no worts and solves all problems all the time to your
> specs. And most importantly, I use OpenBSD because of its
> simplicity and robustness and I like my tools to act the same. I
> guess I haven't heard enough good about cfengine to pique my
> interest in it.
I gave up looking for perfect software a long time ago. Everything I
use -- including OpenBSD -- has bugs. I accept that. I agree that
finding the simplest solution to a problem is a good approach, but I
haven't found that designing and implementing a brand new
configuration management scheme is ever a simple approach, and I've
designed a couple in-house ones before. These days, I look for what
sucks the least, and improve it as best I can to meet my needs.
There are presentations every year at conferences like LISA about
the state of configuration management, and it's getting better. But
all of those systems have problems, and the one you plan to build
will have problems, too. People have been working on this for
decades, now, and it's not an easy problem to solve. Perhaps your
site/case is relatively straightforward and you can come up with a
compact solution that works for you. That'd be cool.
--
o--------------------------{ Will Maier }--------------------------o
| web:.......http://www.lfod.us/ | [EMAIL PROTECTED] |
*------------------[ BSD Unix: Live Free or Die ]------------------*
