This doesn't sound very professional. You would risk your production
environment because it's uncomfortable for the sys admin to remember
he needs to roll back a change in 10 minutes or 10 hours?

Assume we are talking about a business that looses tens of thousands
of $$$ for any small downtime. Does this change the picture?

Just because it's hard to follow procedure and deploy changes to
production in an orderly manner, some system admins just get puppet to
run every hour and then they can forget that they made a temporary
change to a system.

I'm starting to wonder, put bluntly so don’t get mad, if “Lazy” system
admins run puppet continuously in production, while putting their
systems in harm way due to a possible bug in puppet, corruption of the
source, accidental changes to the manifest, etc… just so they don’t
have to follow tiring procedures or keep track of manual changes to
the servers (damn that was long).

Is this the case or am I missing out on the big picture? Since when
does “being productive” come before production integrity?


On Dec 30, 12:36 am, Silviu Paragina <sil...@paragina.ro> wrote:
> berber wrote:
> > If you look at the reply from Russ Allbery you will notice he wrote "
> > We've only gotten bitten by this once, when there was a bug in Puppet
> > that occasionally caused it to overwrite managed files with their own
> > checksums."
>
> > I'm thinking to myself that bugs will always happen and that this
> > particular kind of bug would not necessarily show on a staging
> > environment as it only "occasionally" happens.
>
> > Now consider a company running hundreds of production servers with
> > puppet running continuously every hour and over the night random
> > servers start to fail. By the time someone understands that puppet is
> > to blame and stops it (one may think there is an attack), more servers
> > may fail. At this point you may have 10,20,100 servers down and no
> > puppet to fix them as the current version has a bug that randomly
> > ("occasionally") kills files.
>
> > Why would anyone want to put himself in this situation instead of
> > running puppet on a need to deploy basis?
>
> The first thing you must understand is that this is a really dangerous
> piece of software, just as any other similar software
> (configuration/settings/policy enforcer).
>
> I read a course about SMS (the equivalent of puppet from M$ for windowze
> only, I think they renamed it) and the course started with something
> like: with administrator permissions one could break a computer, with
> sms permissions one can break all the computers in the organization :-)
>
> Why would you keep this software always running you say, well simply put
> because you get tired of making the same changes every day to computers.
> Because you sometimes change a setting for "10 minutes" somebody calls
> you and you forget about the change, configuration drift and the list
> can go on.
>
> Yes, it's very dangerous, but very productive also :-)
>
> Silviu- Hide quoted text -
>
> - Show quoted text -

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


Reply via email to