config management Re: [nycbug-talk] A couple of security related questions
Tue Oct 5 15:40:12 EDT 2004
Hi George, All,
On Oct 5, 2004, at 1:15 PM, George Georgalis wrote:
> On Mon, Oct 04, 2004 at 01:33:58PM -0600, Tillman Hodgson wrote:
[... snip- lots of fun sync stuff ...]
> first off I'm thinking to use CVSup and unison  to resolve.
> Three problems,
> 1) for the purpose of NFS, sync /etc/passwd, group and mount points.
> 2) get "root read only" (and other ownership/perms) files from golden
> box to production.
> 3) sync data partitions in real or near real time for 3 or more sites
> with slow links. (boss says need functionality, not perfection, in
> practice only one site will change at a time, heh)
> So what are people doing about #1?
> Will CVSup do for #2? how?
> Is unison going to work for #3? Anybody do something similar?
> Anybody who can solve any two of above gets all their drinks on me at
> next meeting! slosh the sysmin (tm)
Well, George, I can't say that I'm answering these very directly, but
for everyone's edification here, there is a VERY cool distributed data
toolkit I wanted to mention called spread-
I've experienced it in the context of Zope/ZEO use, basically keeping
concurrency between object databases across hardwares, and in one case,
across geo-diverse servers. It's cool, simple to use, and FAST (in the
context of what it is designed to do!).
It's darned cool stuff, and I've found it to be clean and portable
across various open *NIX's so far.
In a nutshell, you can write shell scripts that use spread, or an app
(with bindings likely in your language of choice), to keep concurrency
between files across a network. Spread does not make any assumptions
about lower levels of the network, so you can secure it however you
wish (stunnel or vpn perhaps?).
Now, I'd imagine, that it wouldn't be all that difficult to write a
daemon that maintains real-time (er, network real-time <g>) concurrency
between the config files on one machine, and 'backups' on another
machine, where hooks to spread could be used to pump each change into a
CVS or SVN repository.
It would be the way I'd go- but I'm not doing this right now. (Though
this sounds fun, and I'd love to figure it into a short paying Job in
the future, therefore enabling it to get in my current radar...). Hrm.
But, there may be much better ways, so I'll keep lurking on this
> // George
>  http://www.cis.upenn.edu/~bcpierce/unison/index.html
> Unison is a file-synchronization tool for Unix and Windows. It allows
> two replicas of a collection of files and directories to be stored
> on different hosts (or different disks on the same host), modified
> separately, and then brought up to date by propagating the changes in
> each replica to the other. like rsync but bidirectional
More information about the talk