Subject:
Re: [lopsa-tech] Version controlling permission sensitive files
From:
"Edward Ned Harvey (lopser)" <lop...@nedharvey.com>
Date:
04/22/2013 10:29 PM
To:
Tom Limoncelli <t...@whatexit.org>
CC:
"t...@lopsa.org" <t...@lopsa.org>
Thanks everyone for your help. Fact is, I'm a consultant. The client is a
web hosting company where I typically work 2-4 hours per month, to apply
security patches and so forth. I provide them with systems that are acceptably
secure and stable, and documented such that any competent basic level sysadmin
could review and understand without me. In other words, the customer
deliverable is a lowest-common-denominator process for managing a small number
of servers.
Configuration management isn't in the cards. But a backup or snapshot or versioning destination of some
kind, where they can perform "ls" and "cat" and "diff" are goals well within
their reach. The customer does not demand that I educate them on configuration management - the customer
demands that I make systems good enough and simple enough for their use. For the numerous people here
swearing by configuration management despite me saying it's not the right solution in this case: Tell it to
the customer.
Sounds like a problem with the usability of the tech. File system
snapshots are a good example of something that's easy for end users to
understand and use (change to home\snapshot\yesterday and see
yesterday's files). I agree that CM software is not there yet, I think
that most of the posters here are not saying getting that level of
usability a goal, not where we are today. They're advocating improving
the usability until it is easy as the current manual methods. There
certainly is a level where it is hard to articulate to end users the
cost of the extra time to set stuff up.
From a functionality standpoint it's great, now it needs to be
ubiquitous and as easy or easier than the other methods of building a
system. You could argue that with any best practice the folks who get
the most benefit out of it are the ones who don't understand the
underlying reasons why it's important specifically because they do not
understand the underlying reasons (and times when there are valid
exceptions). CM is no different in this way than encryption or storage
architecture etc.
My dream job is getting end to end config management set up where a
"customer" selects what they want and it's auto-built from a repo with
any customizations checked into a host specific branch, monitoring is
added for any of the customization and the whole shebang managed via
source control. Configuration changes would be managed just like code
releases and the monitoring would be good enough (from a service
availability and a performance point of view) to verify that the changes
had the expected impact.
At least I have a goal...
Please be advised that this email may contain confidential
information. If you are not the intended recipient, please notify us
by email by replying to the sender and delete this message. The
sender disclaims that the content of this email constitutes an offer
to enter into, or the acceptance of, any agreement; provided that the
foregoing does not invalidate the binding effect of any digital or
other electronic reproduction of a manual signature that is included
in any attachment.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
