config management Re: [nycbug-talk] A couple of security related questions

Steve Rieger steve.rieger
Tue Oct 5 15:55:07 EDT 2004 

> Hi George, All,
> 
> On Oct 5, 2004, at 1:15 PM, George Georgalis wrote:
> 
>> On Mon, Oct 04, 2004 at 01:33:58PM -0600, Tillman Hodgson wrote:
> 
> [... snip- lots of fun sync stuff ...]
> 
>> first off I'm thinking to use CVSup and unison [1] to resolve.
>> 
>> Three problems,
>> 1) for the purpose of NFS, sync /etc/passwd, group and mount points.
>> 2) get "root read only" (and other ownership/perms) files from golden
>>    box to production.
>> 3) sync data partitions in real or near real time for 3 or more sites
>>    with slow links. (boss says need functionality, not perfection, in
>>    practice only one site will change at a time, heh)
>> 
>> So what are people doing about #1?
>> Will CVSup do for #2? how?
>> Is unison going to work for #3? Anybody do something similar?
>> 
>> Anybody who can solve any two of above gets all their drinks on me at
>> next meeting! slosh the sysmin (tm)
> 
> Well, George, I can't say that I'm answering these very directly, but
> for everyone's edification here, there is a VERY cool distributed data
> toolkit I wanted to mention called spread-
> 
> http://www.spread.org/
> 
> I've experienced it in the context of Zope/ZEO use, basically keeping
> concurrency between object databases across hardwares, and in one case,
> across geo-diverse servers.  It's cool, simple to use, and FAST (in the
> context of what it is designed to do!).
> 
> It's darned cool stuff, and I've found it to be clean and portable
> across various open *NIX's so far.
> 
> In a nutshell, you can write shell scripts that use spread, or an app
> (with bindings likely in your language of choice), to keep concurrency
> between files across a network.  Spread does not make any assumptions
> about lower levels of the network, so you can secure it however you
> wish (stunnel or vpn perhaps?).
> 
> --
> Now, I'd imagine, that it wouldn't be all that difficult to write a
> daemon that maintains real-time (er, network real-time <g>) concurrency
> between the config files on one machine, and 'backups' on another
> machine, where hooks to spread could be used to pump each change into a
> CVS or SVN repository.
> 
> It would be the way I'd go- but I'm not doing this right now.  (Though
> this sounds fun, and I'd love to figure it into a short paying Job in
> the future, therefore enabling it to get in my current radar...).  Hrm.
> 
> But, there may be much better ways, so I'll keep lurking on this
> thread...
> 
> Rocket-
> .ike
> 
> 
> 
>> 
>> // George
>> 
>> [1] http://www.cis.upenn.edu/~bcpierce/unison/index.html
>>  Unison is a file-synchronization tool for Unix and Windows. It allows
>>  two replicas of a collection of files and directories to be stored
>>  on different hosts (or different disks on the same host), modified
>>  separately, and then brought up to date by propagating the changes in
>>  each replica to the other. like rsync but bidirectional
> 
> _______________________________________________
> % NYC*BUG (real_name)s mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> % Be sure to check out our Jobs and NYCBUG-announce lists
> % We meet the first Wednesday of the month
> 
Fbsd has clusterit in ports which is kinda cool,
-- 
Steve Rieger
Ext; 1131
Cell 646-335-8915
DC 173*101254*4

More information about the talk mailing list