Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Configuration management is a solved problem?

John Vincent
February 06, 2017

Configuration management is a solved problem?

Keynote talk at cfgmgmtcamp.eu 2017

John Vincent

February 06, 2017

More Decks by John Vincent

Other Decks in Technology


  1. About me - Operations Staff Engineer @ - @lusis on

    twitter, github and other stuff - (retired) DevOpsDays core organizer - He/Him/His - Father/Husband - All around opinionated bastard
  2. What I meant to say was... - The tools do

    what they were designed to do - Not everything is CM shaped - “Past performance is no guarantee of future results”
  3. Everything else Is (arguably) better handled by another tool -

    Orchestration - Application Lifecycle Management - Secrets Management - Binary Distribution
  4. So with that in mind…. What do I think we’re

    still missing? What does a “next gen” CM tool provide?
  5. I wrote a blog post a few years back (go

    figure) http://blog.lusis.org/blog/2012/05/24/configuration-drift-and-ne xt-gen-cm/
  6. Current Behaviour - CM is running - This file doesn’t

    look like it’s supposed to - CM changes file - CM isn’t running What happens in the 5/10/30/60 minutes/hours/days in between?
  7. Can we create a system that actively responds to (and

    optionally PREVENTS) changes to systems outside of CM policy?
  8. Consider - FSEvents - kqueue - inotify - dbus -

    kbus - dm-verity-alike Do we really want to register watches/hooks for EVERY file CM manages?
  9. Maybe the kernel needs more efficient hooks to enable this

    (think libnetfilter_queue but for files)
  10. Can we get something like this instead of a new

    init system? Asking for a friend
  11. I wrote a gist post a few years back (go

    figure) https://gist.github.com/lusis/015c7a39fa45ec38a34c
  12. “Binary CM” - Upload source to “server” component - “Server”

    compiles binary for all hosts it knows about where the code would apply (i.e. role::webserver) - Optionally for unknown clients, the binary is on-the-fly compiled when the host “checks in” (e.g. golang cross-compile) - Entire CM run is contained in single binary artifact. Use rsync or more efficient p2p mechanism for transferring
  13. I talked to someone a few years back (go figure)

    Umm….how do I link a conversation in person?
  14. This one is just sort of abstract Imagine a config

    management system This system uses a central server The central server goes down
  15. What if…. Nodes could pull state in peer ring instead

    of a central server? Habitat’s supervisor is sort of like this. If we can do that, do we need a central authority?
  16. Image Credits - https://i.ytimg.com/vi/M-yIMgy9_2o/hqdefault.jpg - http://www.stratoscale.com/wp-content/uploads/AWS-Lambda.png - https://s3.amazonaws.com/kinlane-productions/bw-icons/bw-serverless.png - https://www.beautypunk.com/wp-content/uploads/2015/10/NoOps-pink.jpg

    - http://res.cloudinary.com/blog-mornati-net/image/upload/v1472668207/sz9sfw iji9foh0cv1v5p.png - https://rhelblog.files.wordpress.com/2015/11/rh_atomic_bug_2cblue_text_cmy k.png - http://www.galls.com/photos/styles/b2b/bd256.jpg - https://s-media-cache-ak0.pinimg.com/originals/de/a1/5f/dea15f0b0ad8c8774 5bf0c7dac106e53.jpg -