config management Re: [nycbug-talk] A couple of security related questions
George Georgalis
george
Tue Oct 5 13:15:08 EDT 2004
On Mon, Oct 04, 2004 at 01:33:58PM -0600, Tillman Hodgson wrote:
>
>It was somewhat unsatisfying because RCS is specific to the local
>machine. So I went to CVS.
my best practice understanding is RCS for config files, and CVS for code
(and some people use CVS for docs). Guess you rsync /etc from a gold
server to RCS configs across hosts? Also, if it's not over engineering
for your site, cfengine may be best practice for your configs.
...enough for what I've heard...
>
>Which was somewhat unsatisfying because I still had to pull down changes
>from each box rather than centrally push them out. So I implemented a
>Kerberos realm and used ClusterIt to enable parallel network shells to
>do maintenance with.
me wants to try Kerberos someday. don't think LDAP will make it into my
systems.
>
>Which was still somewhat unsatisfying because I have a heterogenous
>environment, and the various Unixen do not make centralized
>configuration easy.
>
>So I ended up at http://www.infrastructures.org/ and starting poking at
>cfengine and other tools like that. The folks there have been working on
>this very topic for a long time, and there's a lot of value in having
>the dead-ends marked off with warning signs ;-)
nice site. they have an interesting page on pushpull issues.
Which is a decent segue to my present issues.
first off I'm thinking to use CVSup and unison [1] to resolve.
Three problems,
1) for the purpose of NFS, sync /etc/passwd, group and mount points.
2) get "root read only" (and other ownership/perms) files from golden
box to production.
3) sync data partitions in real or near real time for 3 or more sites
with slow links. (boss says need functionality, not perfection, in
practice only one site will change at a time, heh)
So what are people doing about #1?
Will CVSup do for #2? how?
Is unison going to work for #3? Anybody do something similar?
Anybody who can solve any two of above gets all their drinks on me at
next meeting! slosh the sysmin (tm)
// George
[1] http://www.cis.upenn.edu/~bcpierce/unison/index.html
Unison is a file-synchronization tool for Unix and Windows. It allows
two replicas of a collection of files and directories to be stored
on different hosts (or different disks on the same host), modified
separately, and then brought up to date by propagating the changes in
each replica to the other. like rsync but bidirectional
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
More information about the talk
mailing list