<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div style="font-size: 12pt; font-family: helvetica,arial,sans-serif; color: #333333;">
<span style="font-family: helvetica; font-size: 12pt;">Wow, I turn my back for a few minutes and the conversation goes from "vim is the greatest text editor" to "Rust, Go and the Universe"...<br><br></span>md
</div>
<blockquote type="cite">
<div>
On 06/01/2021 3:32 PM Jerald Sheets via Ale <ale@ale.org> wrote:
</div>
<div>
</div>
<div>
</div>
<br class="">
<div>
<br class="">
<blockquote type="cite">
<div class="">
On Jun 1, 2021, at 9:34 AM, Allen Beddingfield via Ale <
<a class="" href="mailto:ale@ale.org">ale@ale.org</a>> wrote:
</div>
<div class="">
<div class="">
So, how do you get from one type of operation to another? For example, I have 500-600 SLES servers. 99% of them were loaded by booting the ISO image, stepping through the installer, bootstrapping against config management, and pushing a base configuration to them.
<br class="">That is where the "cookie cutter" setup stops. Various firewall ports have been configured, directories have been made, "stuff" installed, disks added and mounted, virtual hosts configured, nfs shares configured, local users and groups added, etc . . .
<br class="">Some of these started on SLES 11, were upgraded to 12, then 15. Our idea of config management is pushing patches, deploying rpm-based applications, pushing config files, and remote execution operations.
<br class="">I don't see a path to get from what I have to what you have, without just blowing everything away and starting with a clean slate - which will never be an option.
<br class="">Allen B.
</div>
</div>
</blockquote>
</div>
<br class="">
<div class="">
</div>
<div class="">
</div>
<div class="">
This is worlds difficult without a whiteboard with which to kibbutz this around.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
We tend to see systems as objects with many things needing configuration. The secret sauce is not in whether we automate, but in how we apply the configurations we need in that automation.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
Let me do a hyper-simplistic example consisting of a web app server, a php server, and a bare apache server and I’ll have a “base” configuration consisting of NTP, DNS, and perhaps sudo.
</div>
<div class="">
</div>
<div class="">
My presupposed framework is Puppet, but this methodology works on pretty much any config platform.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
First, let’s look at the app side. For simplicity, let’s say we use Apache everywhere. Secondarily, let’s say we use mod_proxy and let’s say we use Tomcat/Java.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
Base_config
</div>
<div class="">
NTP settings
</div>
<div class="">
DNS Settings
</div>
<div class="">
sudoers settings
</div>
<div class="">
</div>
<div class="">
Webapp_server_config
</div>
<div class="">
apache settings
</div>
<div class="">
mod_proxy config
</div>
<div class="">
java_config
</div>
<div class="">
tomcat_config
</div>
<div class="">
php_config
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
In most older design patterns, we would create a scenario where we’d create a new configuration fro every type of machine we have. This becomes unruly quickly and the larger the fleet, the more unruly and unmanageable it becomes.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
Now, in a Puppet paradigm, there is a datasource tool (Hiera) which provides not only data lookups, but hierarchical conditionals wherein you can choose complex context per machine, class of machines, or even large abstractions (like “east coast” or “Australia”)
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
So, for a fleet of web servers, I may have the following:
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
<strong class="">**BASE CONFIGS*</strong>
</div>
<div class="">
Apache_Config
</div>
<div class="">
- install and options
</div>
<div class="">
Apache_Settings
</div>
<div class="">
- configuration
</div>
<div class="">
Java_Config
</div>
<div class="">
- install and options
</div>
<div class="">
Java_settings
</div>
<div class="">
- configuration
</div>
<div class="">
PHP_Config
</div>
<div class="">
- install and options
</div>
<div class="">
PHP_Settings
</div>
<div class="">
- configuration
</div>
<div class="">
MySQL_Config
</div>
<div class="">
- install and options
</div>
<div class="">
MySQL_Settings
</div>
<div class="">
- configuration
</div>
<div class="">
Mod_proxy_config
</div>
<div class="">
- Instalation AND configuration
</div>
<div class="">
OS_Base_Config
</div>
<div class="">
- customizations looked up and specific to distro, etc.
</div>
<div class="">
</div>
<div class="">
<strong class="">**ABSTRACTIONS**</strong>
</div>
<div class="">
Apache_php_stack
</div>
<div class="">
- Apache_config
</div>
<div class="">
- Apache_Settings (Values for settings looked up from datastore)
</div>
<div class="">
- PHP_Config
</div>
<div class="">
- PHP_Settings (Values looked up from datastore)
</div>
<div class="">
- MySQL_Config
</div>
<div class="">
- MySQL_Settings (Values looked up)
</div>
<div class="">
</div>
<div class="">
HR PHP Server
</div>
<div class="">
OS_Base_config
</div>
<div class="">
Apache_PHP_Stack
</div>
<div class="">
HR codebase
</div>
<div class="">
HR configuration (SIDs, DB names, tables, authentication, etc. all looked up)
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
Static Webserver
</div>
<div class="">
OS_Base_config
</div>
<div class="">
Apache_Config
</div>
<div class="">
Apache_Settings (Looked up)
</div>
<div class="">
</div>
<div class="">
Java Web Server
</div>
<div class="">
OS_Base_Config
</div>
<div class="">
Apache_Config
</div>
<div class="">
Apache_Settings
</div>
<div class="">
Java_Config
</div>
<div class="">
Java_Settings
</div>
<div class="">
Mod_proxy config
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
As you can see, the more “building blocks” you create, the more things you can build. You can mix & match all the various configurations and installations to put together highly customized configurations depending on what you’ve chosen to identify a system to the “collective”.
</div>
<div class="">
</div>
<div class="">
For instance, if you have a hostname
<a class="" href="http://wwwdevhr3129.foo.com">wwwdevhr3129.foo.com</a>, that is one highly information packed name you can parse to tell the system just what it’s dealing with. So, to not go into stupid details, imagine just a dev/testprod scenario. If your data lookup engine has values for things differing between each environment and then can structurally decide whether to apply a value and which one to apply based on the context of the machine itself, you’ve started to institutionalize how you deal with servers with “special needs” and have now created a way to manage all this in ways that the team works all the while storing it in code, moving the config out of the realm of “cowboy sysadmins” and into the realm of managed configs (no matter how gnarly they may be.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
As I said, this is a terrible way to explain it, and white boarding is much better. I have one puppet-centric video tha;t describes this design pattern in a Puppet context, but does a considerably better job than I because 1) I’m trying to type it all out and 2) I’m trying to remain config platform agnostic. The principle carries, and it’s an entertaining video. I’d recommend watching the entire thing to get the full gist:
</div>
<div class="">
</div>
<div class="">
<a class="" href="https://www.youtube.com/watch?v=v9LB-NX4_KQ">https://www.youtube.com/watch?v=v9LB-NX4_KQ</a>
</div>
<div class="">
</div>
<div class="">
I’ve done this for several companies as a Puppet consultant and as a Puppet partner as well as in my own DevOps consulting company. Last count, I think I’ve helped along or completed DevOps journeys for over 100 companies now. The stuff works. You just have to be able to get the concepts across better which I still feel as though I’m failing at through email.
</div>
<div class="">
</div>
<div class="">
Happy to meetup for pizza and beer and a whiteboard if anyone has interest, I just don’t know when everyone will feel comfy getting together in public again.
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
Let me know. Happy to help.
</div>
<div class="">
</div>
<div class="">
—jms
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div>
<div class="">
</div> _______________________________________________
<br>Ale mailing list
<br>Ale@ale.org
<br>https://mail.ale.org/mailman/listinfo/ale
<br>See JOBS, ANNOUNCE and SCHOOLS lists at
<br>http://mail.ale.org/mailman/listinfo
</blockquote>
</body>
</html>