Slide 1

Slide 1 text

Configuration Management is a solved problem(?)

Slide 2

Slide 2 text

I’m sorry

Slide 3

Slide 3 text

About me - Operations Staff Engineer @ - @lusis on twitter, github and other stuff - (retired) DevOpsDays core organizer - He/Him/His - Father/Husband - All around opinionated bastard

Slide 4

Slide 4 text

Story Time

Slide 5

Slide 5 text

DevOpsDays Mt. View 2011 Orchestration Panel “Configuration management is a solved problem” - me

Slide 6

Slide 6 text

“lol nope” - Andrew Clay Shafer (paraphrased)

Slide 7

Slide 7 text

What I meant to say was... - The tools do what they were designed to do - Not everything is CM shaped - “Past performance is no guarantee of future results”

Slide 8

Slide 8 text

Obviously it’s not a solved problem

Slide 9

Slide 9 text

The Dirty Secret

Slide 10

Slide 10 text

Services matter. Not Servers.

Slide 11

Slide 11 text

But we still have servers to configure…..

Slide 12

Slide 12 text

Unscientific Study - Packages - Daemons - Files - Templates - Users

Slide 13

Slide 13 text

Everything else Is (arguably) better handled by another tool - Orchestration - Application Lifecycle Management - Secrets Management - Binary Distribution

Slide 14

Slide 14 text

So with that in mind…. What do I think we’re still missing? What does a “next gen” CM tool provide?

Slide 15

Slide 15 text

Active Enforcement

Slide 16

Slide 16 text

I wrote a blog post a few years back (go figure) http://blog.lusis.org/blog/2012/05/24/configuration-drift-and-ne xt-gen-cm/

Slide 17

Slide 17 text

Inspired by….

Slide 18

Slide 18 text

Current Behaviour - CM is running - This file doesn’t look like it’s supposed to - CM changes file - CM isn’t running What happens in the 5/10/30/60 minutes/hours/days in between?

Slide 19

Slide 19 text

Can we create a system that actively responds to (and optionally PREVENTS) changes to systems outside of CM policy?

Slide 20

Slide 20 text

Consider - FSEvents - kqueue - inotify - dbus - kbus - dm-verity-alike Do we really want to register watches/hooks for EVERY file CM manages?

Slide 21

Slide 21 text

If our scope is limited to core competency, maybe?

Slide 22

Slide 22 text

Maybe the kernel needs more efficient hooks to enable this (think libnetfilter_queue but for files)

Slide 23

Slide 23 text

Can we get something like this instead of a new init system? Asking for a friend

Slide 24

Slide 24 text

“Truly Compiled Catalogs”

Slide 25

Slide 25 text

I wrote a gist post a few years back (go figure) https://gist.github.com/lusis/015c7a39fa45ec38a34c

Slide 26

Slide 26 text

“Binary CM” - Upload source to “server” component - “Server” compiles binary for all hosts it knows about where the code would apply (i.e. role::webserver) - Optionally for unknown clients, the binary is on-the-fly compiled when the host “checks in” (e.g. golang cross-compile) - Entire CM run is contained in single binary artifact. Use rsync or more efficient p2p mechanism for transferring

Slide 27

Slide 27 text

Distributed CM

Slide 28

Slide 28 text

I talked to someone a few years back (go figure) Umm….how do I link a conversation in person?

Slide 29

Slide 29 text

This one is just sort of abstract Imagine a config management system This system uses a central server The central server goes down

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

What if…. Nodes could pull state in peer ring instead of a central server? Habitat’s supervisor is sort of like this. If we can do that, do we need a central authority?

Slide 32

Slide 32 text

And what about these things?

Slide 33

Slide 33 text

Wrap up/Questions?

Slide 34

Slide 34 text

Image Credits - https://i.ytimg.com/vi/M-yIMgy9_2o/hqdefault.jpg - http://www.stratoscale.com/wp-content/uploads/AWS-Lambda.png - https://s3.amazonaws.com/kinlane-productions/bw-icons/bw-serverless.png - https://www.beautypunk.com/wp-content/uploads/2015/10/NoOps-pink.jpg - http://res.cloudinary.com/blog-mornati-net/image/upload/v1472668207/sz9sfw iji9foh0cv1v5p.png - https://rhelblog.files.wordpress.com/2015/11/rh_atomic_bug_2cblue_text_cmy k.png - http://www.galls.com/photos/styles/b2b/bd256.jpg - https://s-media-cache-ak0.pinimg.com/originals/de/a1/5f/dea15f0b0ad8c8774 5bf0c7dac106e53.jpg -