config management Re: [nycbug-talk] A couple of security related questions
steve.rieger at tbwachiat.com
Tue Oct 5 15:55:07 EDT 2004
> Hi George, All,
> On Oct 5, 2004, at 1:15 PM, George Georgalis wrote:
>> On Mon, Oct 04, 2004 at 01:33:58PM -0600, Tillman Hodgson wrote:
> [... snip- lots of fun sync stuff ...]
>> first off I'm thinking to use CVSup and unison  to resolve.
>> Three problems,
>> 1) for the purpose of NFS, sync /etc/passwd, group and mount points.
>> 2) get "root read only" (and other ownership/perms) files from golden
>> box to production.
>> 3) sync data partitions in real or near real time for 3 or more sites
>> with slow links. (boss says need functionality, not perfection, in
>> practice only one site will change at a time, heh)
>> So what are people doing about #1?
>> Will CVSup do for #2? how?
>> Is unison going to work for #3? Anybody do something similar?
>> Anybody who can solve any two of above gets all their drinks on me at
>> next meeting! slosh the sysmin (tm)
> Well, George, I can't say that I'm answering these very directly, but
> for everyone's edification here, there is a VERY cool distributed data
> toolkit I wanted to mention called spread-
> I've experienced it in the context of Zope/ZEO use, basically keeping
> concurrency between object databases across hardwares, and in one case,
> across geo-diverse servers. It's cool, simple to use, and FAST (in the
> context of what it is designed to do!).
> It's darned cool stuff, and I've found it to be clean and portable
> across various open *NIX's so far.
> In a nutshell, you can write shell scripts that use spread, or an app
> (with bindings likely in your language of choice), to keep concurrency
> between files across a network. Spread does not make any assumptions
> about lower levels of the network, so you can secure it however you
> wish (stunnel or vpn perhaps?).
> Now, I'd imagine, that it wouldn't be all that difficult to write a
> daemon that maintains real-time (er, network real-time <g>) concurrency
> between the config files on one machine, and 'backups' on another
> machine, where hooks to spread could be used to pump each change into a
> CVS or SVN repository.
> It would be the way I'd go- but I'm not doing this right now. (Though
> this sounds fun, and I'd love to figure it into a short paying Job in
> the future, therefore enabling it to get in my current radar...). Hrm.
> But, there may be much better ways, so I'll keep lurking on this
>> // George
>>  http://www.cis.upenn.edu/~bcpierce/unison/index.html
>> Unison is a file-synchronization tool for Unix and Windows. It allows
>> two replicas of a collection of files and directories to be stored
>> on different hosts (or different disks on the same host), modified
>> separately, and then brought up to date by propagating the changes in
>> each replica to the other. like rsync but bidirectional
> % NYC*BUG (real_name)s mailing list
> talk at lists.nycbug.org
> % Be sure to check out our Jobs and NYCBUG-announce lists
> % We meet the first Wednesday of the month
Fbsd has clusterit in ports which is kinda cool,
More information about the talk