Save 37% off PRO during our Black Friday Sale! »

Configuration management is a solved problem?

6385d06011a9633cd45cab0662ae9eb8?s=47 John Vincent
February 06, 2017

Configuration management is a solved problem?

Keynote talk at cfgmgmtcamp.eu 2017

6385d06011a9633cd45cab0662ae9eb8?s=128

John Vincent

February 06, 2017
Tweet

Transcript

  1. Configuration Management is a solved problem(?)

  2. I’m sorry

  3. About me - Operations Staff Engineer @ - @lusis on

    twitter, github and other stuff - (retired) DevOpsDays core organizer - He/Him/His - Father/Husband - All around opinionated bastard
  4. Story Time

  5. DevOpsDays Mt. View 2011 Orchestration Panel “Configuration management is a

    solved problem” - me
  6. “lol nope” - Andrew Clay Shafer (paraphrased)

  7. What I meant to say was... - The tools do

    what they were designed to do - Not everything is CM shaped - “Past performance is no guarantee of future results”
  8. Obviously it’s not a solved problem

  9. The Dirty Secret

  10. Services matter. Not Servers.

  11. But we still have servers to configure…..

  12. Unscientific Study - Packages - Daemons - Files - Templates

    - Users
  13. Everything else Is (arguably) better handled by another tool -

    Orchestration - Application Lifecycle Management - Secrets Management - Binary Distribution
  14. So with that in mind…. What do I think we’re

    still missing? What does a “next gen” CM tool provide?
  15. Active Enforcement

  16. I wrote a blog post a few years back (go

    figure) http://blog.lusis.org/blog/2012/05/24/configuration-drift-and-ne xt-gen-cm/
  17. Inspired by….

  18. Current Behaviour - CM is running - This file doesn’t

    look like it’s supposed to - CM changes file - CM isn’t running What happens in the 5/10/30/60 minutes/hours/days in between?
  19. Can we create a system that actively responds to (and

    optionally PREVENTS) changes to systems outside of CM policy?
  20. Consider - FSEvents - kqueue - inotify - dbus -

    kbus - dm-verity-alike Do we really want to register watches/hooks for EVERY file CM manages?
  21. If our scope is limited to core competency, maybe?

  22. Maybe the kernel needs more efficient hooks to enable this

    (think libnetfilter_queue but for files)
  23. Can we get something like this instead of a new

    init system? Asking for a friend
  24. “Truly Compiled Catalogs”

  25. I wrote a gist post a few years back (go

    figure) https://gist.github.com/lusis/015c7a39fa45ec38a34c
  26. “Binary CM” - Upload source to “server” component - “Server”

    compiles binary for all hosts it knows about where the code would apply (i.e. role::webserver) - Optionally for unknown clients, the binary is on-the-fly compiled when the host “checks in” (e.g. golang cross-compile) - Entire CM run is contained in single binary artifact. Use rsync or more efficient p2p mechanism for transferring
  27. Distributed CM

  28. I talked to someone a few years back (go figure)

    Umm….how do I link a conversation in person?
  29. This one is just sort of abstract Imagine a config

    management system This system uses a central server The central server goes down
  30. None
  31. What if…. Nodes could pull state in peer ring instead

    of a central server? Habitat’s supervisor is sort of like this. If we can do that, do we need a central authority?
  32. And what about these things?

  33. Wrap up/Questions?

  34. Image Credits - https://i.ytimg.com/vi/M-yIMgy9_2o/hqdefault.jpg - http://www.stratoscale.com/wp-content/uploads/AWS-Lambda.png - https://s3.amazonaws.com/kinlane-productions/bw-icons/bw-serverless.png - https://www.beautypunk.com/wp-content/uploads/2015/10/NoOps-pink.jpg

    - http://res.cloudinary.com/blog-mornati-net/image/upload/v1472668207/sz9sfw iji9foh0cv1v5p.png - https://rhelblog.files.wordpress.com/2015/11/rh_atomic_bug_2cblue_text_cmy k.png - http://www.galls.com/photos/styles/b2b/bd256.jpg - https://s-media-cache-ak0.pinimg.com/originals/de/a1/5f/dea15f0b0ad8c8774 5bf0c7dac106e53.jpg -