Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Configuration management is a solved problem?

John Vincent
February 06, 2017

Configuration management is a solved problem?

Keynote talk at cfgmgmtcamp.eu 2017

John Vincent

February 06, 2017
Tweet

More Decks by John Vincent

Other Decks in Technology

Transcript

  1. Configuration
    Management
    is a solved problem(?)

    View Slide

  2. I’m sorry

    View Slide

  3. About me
    - Operations Staff Engineer @
    - @lusis on twitter, github and other stuff
    - (retired) DevOpsDays core organizer
    - He/Him/His
    - Father/Husband
    - All around opinionated bastard

    View Slide

  4. Story Time

    View Slide

  5. DevOpsDays Mt. View 2011
    Orchestration Panel
    “Configuration management is a solved problem” -
    me

    View Slide

  6. “lol nope” - Andrew
    Clay Shafer
    (paraphrased)

    View Slide

  7. What I meant to say was...
    - The tools do what they were designed to do
    - Not everything is CM shaped
    - “Past performance is no guarantee of future results”

    View Slide

  8. Obviously it’s not a solved problem

    View Slide

  9. The Dirty Secret

    View Slide

  10. Services matter. Not
    Servers.

    View Slide

  11. But we still have servers
    to configure…..

    View Slide

  12. Unscientific
    Study
    - Packages
    - Daemons
    - Files
    - Templates
    - Users

    View Slide

  13. Everything else
    Is (arguably) better handled by
    another tool
    - Orchestration
    - Application Lifecycle
    Management
    - Secrets Management
    - Binary Distribution

    View Slide

  14. So with that in
    mind….
    What do I think we’re still missing?
    What does a “next gen” CM tool provide?

    View Slide

  15. Active Enforcement

    View Slide

  16. I wrote a blog post a few
    years back (go figure)
    http://blog.lusis.org/blog/2012/05/24/configuration-drift-and-ne
    xt-gen-cm/

    View Slide

  17. Inspired by….

    View Slide

  18. Current Behaviour
    - CM is running
    - This file doesn’t look like it’s supposed to
    - CM changes file
    - CM isn’t running
    What happens in the 5/10/30/60 minutes/hours/days in between?

    View Slide

  19. Can we create a system that actively
    responds to (and optionally
    PREVENTS) changes to systems
    outside of CM policy?

    View Slide

  20. Consider - FSEvents
    - kqueue
    - inotify
    - dbus
    - kbus
    - dm-verity-alike
    Do we really want to register watches/hooks for
    EVERY file CM manages?

    View Slide

  21. If our scope is
    limited to core
    competency,
    maybe?

    View Slide

  22. Maybe the kernel needs more
    efficient hooks to enable this
    (think libnetfilter_queue but for files)

    View Slide

  23. Can we get something
    like this instead of a
    new init system?
    Asking for a friend

    View Slide

  24. “Truly Compiled
    Catalogs”

    View Slide

  25. I wrote a gist post a few
    years back (go figure)
    https://gist.github.com/lusis/015c7a39fa45ec38a34c

    View Slide

  26. “Binary CM”
    - Upload source to “server” component
    - “Server” compiles binary for all hosts it knows about where
    the code would apply (i.e. role::webserver)
    - Optionally for unknown clients, the binary is on-the-fly
    compiled when the host “checks in” (e.g. golang
    cross-compile)
    - Entire CM run is contained in single binary artifact. Use
    rsync or more efficient p2p mechanism for transferring

    View Slide

  27. Distributed CM

    View Slide

  28. I talked to someone a few
    years back (go figure)
    Umm….how do I link a conversation in person?

    View Slide

  29. This one is just sort of
    abstract
    Imagine a config management system
    This system uses a central server
    The central server goes down

    View Slide

  30. View Slide

  31. What if….
    Nodes could pull state in peer ring instead of a central
    server?
    Habitat’s supervisor is sort of like this.
    If we can do that, do we need a central authority?

    View Slide

  32. And what about these things?

    View Slide

  33. Wrap up/Questions?

    View Slide

  34. Image Credits
    - https://i.ytimg.com/vi/M-yIMgy9_2o/hqdefault.jpg
    - http://www.stratoscale.com/wp-content/uploads/AWS-Lambda.png
    - https://s3.amazonaws.com/kinlane-productions/bw-icons/bw-serverless.png
    - https://www.beautypunk.com/wp-content/uploads/2015/10/NoOps-pink.jpg
    - http://res.cloudinary.com/blog-mornati-net/image/upload/v1472668207/sz9sfw
    iji9foh0cv1v5p.png
    - https://rhelblog.files.wordpress.com/2015/11/rh_atomic_bug_2cblue_text_cmy
    k.png
    - http://www.galls.com/photos/styles/b2b/bd256.jpg
    - https://s-media-cache-ak0.pinimg.com/originals/de/a1/5f/dea15f0b0ad8c8774
    5bf0c7dac106e53.jpg
    -

    View Slide