Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough...
Transcript of Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough...
![Page 1: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/1.jpg)
Effective Configuration Management(9 Things You Should Be Doing)
N.J. [email protected]
Amplify Education
November 6, 2013
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 2: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/2.jpg)
Introduction
Who I am
Who you are
Disclaimer
Caveats
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 3: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/3.jpg)
Use Configuration Management
Proposition 1 - Use Configuration Management
Regardless of how small/large your team is, or how many systemsyou are managing, pick a modern Configuration ManagementSystem and use it.
Rebuttals:
not enough sysadminsnot enough machineshomegrown systemtoo simple/complex a setup
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 4: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/4.jpg)
Use Configuration Management
Modern Configuration Management Systems:
Ansiblebcfg2CFEnginePuppetChefSalt
Reasons
actively developedlarge user/install basewell documentedmailing lists/forums/paid supportpre-existing modules/cookbooksmulti-platform
LISA ’13 is a great place to make your choice!
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 5: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/5.jpg)
Use Version Control
Proposition 2 - Use Version Control
Once you have a Configuration Management System chosen, picka modern version control tool for the backend repository.
Git, Subversion, Mercurial, etc., are all fine choices.
NB: presupposes you have a text-based directory tree forbackend.
Reasons:
reversibilityconcurrencyannotationmultiple branches of developmentfeature/story branchinghooks
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 6: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/6.jpg)
Use A Validation Testing Suite
Proposition 3 - Use A Validation Testing Suite
Before pushing out a newly committed change, make sure it hasbeen run against, and passes, your testing suite.
Tests:
CM lintsyntax checking for YAML, XMLsudoers syntaxpasswd file validitynagios -v
Some sites use VCS hooks for this, but a continousintegration tool is strongly recommended.
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 7: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/7.jpg)
Use Code Review
Proposition 4 - Use A Code Review Tool
Before making any commit into your CM repository, make sure it isaudited by at least one other peer.
Reasons:
Github: pull requestBitbucket: lightweight code reviewTrac: many plugins (PeerReview, CodeReview)Gerrit
Rebuttals:
small changes (big mistakes)too slow (make it lightweight)“I know what I’m doing.”
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 11: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/11.jpg)
Important Note on Testing/Code Review
Proper use of your testing suite and code review tool willcatch 95% of potential problems.
For the ones that get through, add a test.
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 12: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/12.jpg)
Use Templating
Proposition 5 - Use your CM’s Templating Facilties
Never manage more than one copy of a file. Use your CM’stemplating facilities to manage one file along with a variableproperties list.
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 13: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/13.jpg)
Use Templating
Don’t do this:
restrict 127.0.0.1
restrict default kod nomodify notrap noquery nopeer
server ntp1.qa.example.org
server ntp2.qa.example.org
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict default kod nomodify notrap noquery nopeer
server ntp1.prod.example.org
server ntp2.prod.example.org
driftfile /var/lib/ntp/drift
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 14: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/14.jpg)
Use Templating
Do this instead:
{% python
servers = [el.text for el in
metadata.Properties[’ntp.xml’].findall(’Server’)]
%}\
restrict 127.0.0.1
restrict default kod nomodify notrap noquery nopeer
{% for server in servers %}\
server ${server}
{% end %}
driftfile /var/lib/ntp/drift
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 15: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/15.jpg)
Use Templating
The associated properties file:
<?xml version="1.0" encoding="utf-8"?>
<Group name="production">
<Server>ntp1.prod.example.org</Server>
<Server>ntp2.prod.example.org</Server>
</Group>
<Group name="qa">
<Server>ntp1.qa.example.org</Server>
<Server>ntp2.qa.example.org</Server>
</Group>
</Properties>
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 16: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/16.jpg)
Use Your CM for Provisioning
Proposition 6 - Use Your CM for Provisioning
You should be able to use your CM to provision new systems, withlittle manual intervention.
Notes:
existing hostclasses/profiles/classesability to scale on demandnecessary with EC2/cloud servicescommon pattern: usepxe/jumpstart/kickstart/bsdinstall/cobbler plus your CMpackage, then use CM for everything else
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 17: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/17.jpg)
Use Your CM for Automated Monitoring
Proposition 7 - Use Your CM for Automated Monitoring
For every machine that is provisioned automatically by your CM,you should also be generating monitoring.
Notes:
use a monitoring system that accepts text-based configsalways having your new configs go through your testing suite(nagios -v)add dummy hosts for sanity checking
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 18: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/18.jpg)
Use A CMDB
Proposition 8 - Use a CMDB
Use a CMDB in conjunction with your CM.
”A repository that acts as a data warehouse for informationtechnology (IT) organizations. Its contents is intended to holda collection of IT assets that are commonly referred to asConfiguration Items (CIs), as well as descriptive relationshipsbetween such assets.” – Wikipedia
Notes:
some CMs bundle their own CMDBuse a CMDB that can be programmatticaly-queriedcan use the CMDB to pull into CM and vice versaif using homegrown, make it lightweightdon’t use a spreadsheetdon’t use the CM as a CMDB
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 19: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/19.jpg)
Use Your CM for DevOps
Proposition 9 - Use Your CM for DevOps
Use Your CM for DevOps tasks. This includes, but is not limitedto, software/product deployments, security auditing, qualitytesting, etc.
”DevOps (a portmanteau of development and operations) is asoftware development method that stresses communication,collaboration and integration between software developers andinformation technology (IT) professionals. DevOps is aresponse to the interdependence of software development andIT operations. It aims to help an organization rapidly producesoftware products and services.” – Wikipedia
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13
![Page 20: Effective Configuration Management (9 Things You Should Be ... · not enough sysadmins not enough machines homegrown system too simple/complex a setup ... LISA ’13 is a great place](https://reader033.fdocuments.in/reader033/viewer/2022050602/5fa9cd1ce5c22f021c59e458/html5/thumbnails/20.jpg)
Conclusions
Questions?
N.J. Thomas [email protected] Effective Configuration Management - Usenix LISA ’13