Re: speculations to characterize issues for Debian Enterprise
On Thu, Aug 12, 2010 at 11:28:26AM +1000, Geoff Crompton wrote:
> CJ Fearnley wrote:
>> 4. Configuration management.
>> * I mean at the Debian packaging level primarily. But unless puppet
>> solves the problem for everyone (and I'm not yet convinced), there
>> is broader design work needed too.
>> * Another hard problem. More than "just work", as it requires
>> creative new ideas too!
> Russ description of this server class packages made me immediately
> wonder why he wasn't using puppet for that. Perhaps that is what
> Standford were doing before they started using puppet, and have
> continued their practice.
> Can you mention why you don't think puppet is the right solution?
> Clearly the defaults on any package will not suit every enterprise, and
> some customisation is required. Puppet can do that just as well as a vi
> session, or a local configuration package.
In my operation every client has 1-10 servers (so none are big enough to
benefit from many common configuration patterns). That is, each server
is unique in hardware, domain name and in most other configuration details
(every client seems to have different requirements and so needs different
software with different integration behavior). Plus due to organizational
boundaries, we are hyper-concerned about security (each system is behind
network firewalls plus host-based firewalls plus several extra layers
to protect ssh).
For example, several clients want a web-based user management tool and
some of their networks are LDAP (each with a different schema, of course),
AD (also with different schemas), or traditional unix passwd. So ideally,
we need a configuration management tool that can flexibly work with
databases, LDAP _and_ files (and that doesn't need to be refactored with
every major upgrade of Debian). So I remain very skeptical of centralized
approaches that provide leverage primarily for homogeneous use cases.
I'm overwhelmed by excessive heterogeneity. The only thing in common
to all of our systems is Debian policy which is the baseline for all of
At Debconf10, I came to learn that puppet is possibly light-weight
enough that it might help even for our situation. So it is now on the
TODO list. But I remain very skeptical that another level of abstraction
can do anything but increase complexity.
We are on a spaceship; a beautiful one. It took billions of years to develop.
We're not going to get another. Now, how do we make this spaceship work?
-- Buckminster Fuller
CJ Fearnley | Explorer in Universe
cjf@CJFearnley.com | "Dare to be Naive" -- Bucky Fuller
http://www.CJFearnley.com | http://blog.remoteresponder.net/