[LRUG] Idempotency vs the cloud

Paul Battley pbattley at gmail.com
Wed Jul 17 15:14:10 PDT 2013


On 17 July 2013 22:22, Gareth Rushgrove <gareth at morethanseven.net> wrote:
> Running puppet/chef/whatever every x minutes doesn't just have the
> ability to change things to be how you described them, it has the
> ability to tell you that something in the world is different to how
> you think it should be.

I'm a bit sceptical of this claim. I know that's what everyone would
like their configuration management system to be doing, and if it were
true it would save a lot of problems, but what everyone really does is
start with an off the shelf distro and configure parts of the system
to meet their desired spec, leaving the bulk of it to the underlying
distro. That will tell you if the parts of the system you've
configured have diverged, but unless I've missed something, that seems
to leave a whole lot of blind spots. I'm not saying that's not useful,
but Puppet[0] isn't really an intrusion detection system.

If you were to set up Linux from Scratch using Puppet etc., then you
probably could get a pretty complete overall view of this, but I think
you'd need a combine harvester, the ability to warp time, and
near-infinite patience to shave that yak.

Paul.

[0]: For Puppet, read "configuration management system of your choice"



More information about the Chat mailing list