[CentOS] Spacewalk or Puppet?

Les Mikesell lesmikesell at gmail.com
Wed Nov 4 18:49:38 UTC 2009 

Karanbir Singh wrote:
> 
> I personally think that cloning is for people who dont know what they 
> are doing. 

Of course - that's a feature, though, not a bug. You want the people who 
bolt the machines in the racks to be able to do it - and you don't want 
it to dictate to you what OS they can install.

> Bare metal install and provision into a role with even a 
> moderately usable app deployment strategy, cap'd with a monitoring 
> system that actually know what it needs to do - will easily be more 
> friendly than any form of cloning.

OK, just as soon as one exists that works across platforms for people 
who don't know what they are doing.

>> I'm not sure I agree with that.  I really do want to know about
>> platform/state history even if I can't roll it back.
> 
> well, most people replace or upgrade the platform ( hardware ) when 
> things break, so rolling back is sort of academic in this sense. You are 
> much better off storing platform inventory in something like ocs / glpi 
> / spacewalk ( or even doing things like getting sosreport to give you 
> the right foo, checking that into a local vcs - so you can 'track' a 
> system's evolution )

A pre-configured ocs agent is part of our base images, so I have that as 
soon as the network is set up, but I'd like more detail.

>>  For example, if
>> someone changes the duplex setting on a NIC to match a switch I'd like
>> to have the change recorded - and a way to look at how that machine is
>> different from both the way it was at some other time and from other
>> similar machines.
> 
> how do you mean 'changes' ?

I'd like to have the whole /etc tree handled more or less like rancid 
does for cisco configs - that is, toss the whole thing into 
cvs/subversion, etc., but with similar machines handled as branches to 
compress the space and give you an easy way to see diffs.  And, of 
course, something similar for the windows registry.

> I highly recommend there be no way for 
> people to get onto the machine unless in an emergency.

It is always an emergency except for things like content on the web 
servers (which mostly gets there via rsync over ssh with underlying 
versioning).

>> Also, we almost never roll out a change across all machines in a group
>> at the same time but instead closely schedule individual machines or
>> small sets.
> 
> puppet, atleast, makes this sort of a thing trivial - since you can 
> setup environments, and then nominate machines to join different 
> environments on demand. It also make it possible for one to have 
> code-like release and deployment cycles.
> 
> You could potentially even have various test and/or wrap some of the 
> policy in tests with rollback capabilities ( I tend to do that for my 
> ssh and puppet configs - configs for puppet itself that is ).

Just dreaming here, but I think this stuff really belongs in something 
like Hudson with a drools plugin where you could automate all the way up 
from the source code through testing and deployment.  That would start 
out with something that already has a cross platform 
scheduling/execution capability and knows more nuts and bolts about 
programming and platform differences than most admin-only tools.

-- 
   Les Mikesell
     lesmikesell at gmail.com

More information about the CentOS mailing list