Configuration management is a solved problem?

Transcript

1. Configuration
   Management
   is a solved problem(?)
   

   View Slide

2. I’m sorry
   

   View Slide

3. About me
   - Operations Staff Engineer @
   - @lusis on twitter, github and other stuff
   - (retired) DevOpsDays core organizer
   - He/Him/His
   - Father/Husband
   - All around opinionated bastard
   

   View Slide

4. Story Time
   

   View Slide

5. DevOpsDays Mt. View 2011
   Orchestration Panel
   “Configuration management is a solved problem” -
   me
   

   View Slide

6. “lol nope” - Andrew
   Clay Shafer
   (paraphrased)
   

   View Slide

7. What I meant to say was...
   - The tools do what they were designed to do
   - Not everything is CM shaped
   - “Past performance is no guarantee of future results”
   

   View Slide

8. Obviously it’s not a solved problem
   

   View Slide

9. The Dirty Secret
   

   View Slide

10. Services matter. Not
    Servers.
    

    View Slide

11. But we still have servers
    to configure…..
    

    View Slide

12. Unscientific
    Study
    - Packages
    - Daemons
    - Files
    - Templates
    - Users
    

    View Slide

13. Everything else
    Is (arguably) better handled by
    another tool
    - Orchestration
    - Application Lifecycle
    Management
    - Secrets Management
    - Binary Distribution
    

    View Slide

14. So with that in
    mind….
    What do I think we’re still missing?
    What does a “next gen” CM tool provide?
    

    View Slide

15. Active Enforcement
    

    View Slide

16. I wrote a blog post a few
    years back (go figure)
    http://blog.lusis.org/blog/2012/05/24/configuration-drift-and-ne
    xt-gen-cm/
    

    View Slide

17. Inspired by….
    

    View Slide

18. Current Behaviour
    - CM is running
    - This file doesn’t look like it’s supposed to
    - CM changes file
    - CM isn’t running
    What happens in the 5/10/30/60 minutes/hours/days in between?
    

    View Slide

19. Can we create a system that actively
    responds to (and optionally
    PREVENTS) changes to systems
    outside of CM policy?
    

    View Slide

20. Consider - FSEvents
    - kqueue
    - inotify
    - dbus
    - kbus
    - dm-verity-alike
    Do we really want to register watches/hooks for
    EVERY file CM manages?
    

    View Slide

21. If our scope is
    limited to core
    competency,
    maybe?
    

    View Slide

22. Maybe the kernel needs more
    efficient hooks to enable this
    (think libnetfilter_queue but for files)
    

    View Slide

23. Can we get something
    like this instead of a
    new init system?
    Asking for a friend
    

    View Slide

24. “Truly Compiled
    Catalogs”
    

    View Slide

25. I wrote a gist post a few
    years back (go figure)
    https://gist.github.com/lusis/015c7a39fa45ec38a34c
    

    View Slide

26. “Binary CM”
    - Upload source to “server” component
    - “Server” compiles binary for all hosts it knows about where
    the code would apply (i.e. role::webserver)
    - Optionally for unknown clients, the binary is on-the-fly
    compiled when the host “checks in” (e.g. golang
    cross-compile)
    - Entire CM run is contained in single binary artifact. Use
    rsync or more efficient p2p mechanism for transferring
    

    View Slide

27. Distributed CM
    

    View Slide

28. I talked to someone a few
    years back (go figure)
    Umm….how do I link a conversation in person?
    

    View Slide

29. This one is just sort of
    abstract
    Imagine a config management system
    This system uses a central server
    The central server goes down
    

    View Slide

30. View Slide

31. What if….
    Nodes could pull state in peer ring instead of a central
    server?
    Habitat’s supervisor is sort of like this.
    If we can do that, do we need a central authority?
    

    View Slide

32. And what about these things?
    

    View Slide

33. Wrap up/Questions?
    

    View Slide

34. Image Credits
    - https://i.ytimg.com/vi/M-yIMgy9_2o/hqdefault.jpg
    - http://www.stratoscale.com/wp-content/uploads/AWS-Lambda.png
    - https://s3.amazonaws.com/kinlane-productions/bw-icons/bw-serverless.png
    - https://www.beautypunk.com/wp-content/uploads/2015/10/NoOps-pink.jpg
    - http://res.cloudinary.com/blog-mornati-net/image/upload/v1472668207/sz9sfw
    iji9foh0cv1v5p.png
    - https://rhelblog.files.wordpress.com/2015/11/rh_atomic_bug_2cblue_text_cmy
    k.png
    - http://www.galls.com/photos/styles/b2b/bd256.jpg
    - https://s-media-cache-ak0.pinimg.com/originals/de/a1/5f/dea15f0b0ad8c8774
    5bf0c7dac106e53.jpg
    -
    

    View Slide