Re: [Puppet Users] Re: continues puppet run in production

Wed, 30 Dec 2009 00:41:30 -0800 

2009/12/30 berber <webersi...@gmail.com>:

I'm starting to wonder, put bluntly so don’t get mad, if “Lazy” system
admins run puppet continuously in production, while putting their
systems in harm way due to a possible bug in puppet, corruption of the
source, accidental changes to the manifest, etc… just so they don’t
have to follow tiring procedures or keep track of manual changes to
the servers (damn that was long).



That's a highly subjective view. The decision to run Puppet this way is a risk equation (it's actually two risks - you've conflated them above)?  The risks goes something like this: 


* There is the risk of a bug in Puppet that could impact my production 
availability
* There is a risk that poor controls will result in incorrect configuration 
being applied and impact my production availability

These risks exists with pretty much every sysadmin tool that has similar powers 
- even just having root on the box - hence the sudo warning:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

   #1) Respect the privacy of others.
   #2) Think before you type.
   #3) With great power comes great responsibility.

We then determine if the likelihood/consequence of the risk of running Puppet 
in a particular mode outweigh the benefits?  If in your environment it does 
then you shouldn't do it.  And that's the first risk...

Alternatively, if you have weighed up this risk and said "Sure I'll run it 
continuously" then you have to consider the mitigating controls that reduce the 
likelihood/consequences of any faults.  Such controls include staging changes, version 
control manifests, work flow, test changes, --noop mode, change control, segregation of 
duties, etc, etc, etc. If you can reduce the level of risk to whatever your appetite is 
then you've addressed the second risk.

That's professional, rational, and working within your organisation's risk 
appetite.  Seems perfectly reasonable to me.

Regards

James Turnbull

--
Author of:
* Pro Linux System Administration (http://tinyurl.com/linuxadmin)
* Pulling Strings with Puppet (http://tinyurl.com/pupbook)
* Pro Nagios 2.0 (http://tinyurl.com/pronagios)
* Hardening Linux (http://tinyurl.com/hardeninglinux)




Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to