berber wrote:
> If you look at the reply from Russ Allbery you will notice he wrote "
> We've only gotten bitten by this once, when there was a bug in Puppet
> that occasionally caused it to overwrite managed files with their own
> checksums."
>
> I'm thinking to myself that bugs will always happen and that this
> particular kind of bug would not necessarily show on a staging
> environment as it only "occasionally" happens.
>
> Now consider a company running hundreds of production servers with
> puppet running continuously every hour and over the night random
> servers start to fail. By the time someone understands that puppet is
> to blame and stops it (one may think there is an attack), more servers
> may fail. At this point you may have 10,20,100 servers down and no
> puppet to fix them as the current version has a bug that randomly
> ("occasionally") kills files.
>
> Why would anyone want to put himself in this situation instead of
> running puppet on a need to deploy basis?
>
The first thing you must understand is that this is a really dangerous
piece of software, just as any other similar software
(configuration/settings/policy enforcer).
I read a course about SMS (the equivalent of puppet from M$ for windowze
only, I think they renamed it) and the course started with something
like: with administrator permissions one could break a computer, with
sms permissions one can break all the computers in the organization :-)
Why would you keep this software always running you say, well simply put
because you get tired of making the same changes every day to computers.
Because you sometimes change a setting for "10 minutes" somebody calls
you and you forget about the change, configuration drift and the list
can go on.
Yes, it's very dangerous, but very productive also :-)
Silviu
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
