Configuration management (was:Re: [Debconf4] Re: Fwd: Re: CDD World Domination @Debconf4)
Jonas Smedegaard wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Cosimo Alfarano wrote:
| This very issue will be discussed here at the DebConf, hopefully :)
| I hope here (in PoA) there is some guys able to explain why cfengine,
| config4gnu or whatever.
I can speak about "why cfengine" if you haven't discussed it already.
maybe we should have a "managed configuration BoF" if there isn't one.
Back @ home, and following the philosophy best described by Steve
Traugott (http://infrastructures.org/) we are working on managing
servers & workstations from a central server that holds:
- package repository
- svn or cvs repository for /etc which controls
- a makefile for one-time, ordered actions, isconf-style
along the way, we've tried many things, including
- push (discarded in favour of pull models -- yet we keep some push
ability for emergencies)
- managing a 'master' image, and distributing changes via rsync
(phasing out because it isn't atomic, and a truncated rsync can leave a
machine in a broken state such that it won't heal itself)
- after going through several transport solutions, svn or cvs over ssh
is current choice (afaik), over cfenfgine's own transport. We also use
https for package distribution.
- due to the pull model, we are also looking into integrating a
'report back' trigger, so the config server hears back from clients when
they succeed in the operation. this will allow us to provide a 'status
panel' and eventually trigger warnings if a critical update hasn't
reached 100% of clients.
Steve Wray (email@example.com) back @ in NZ is really interested in
Martin Langhoff |||| http://nzl.com.ar/