What is this list?
This list is dedicated to discussing all aspects of practical configuration
management, including what it is, how and when to do it, and what tools to use.
Because most tools have their own mailing lists, this list generally only
covers general topics, or the integration of multiple tools.
What is "Configuration Management" as covered by this list?
There are a few definitions out there that are candidates, and Google
defines it in many ways. A good one is:
The process of identifying and defining the deliverable product set in a
system, controlling the release and change of these items throughout the
system life cycle, recording and reporting the status of product items and
change requests, and verifying the completeness and correctness of the
product items. (ASC)
One generally only discusses configuration management in the context of
providing a tool to help with it, so there is an implied level of automation
when people discuss it, even if automation isn't mentioned in the definition.
If this list is about the practice of configuration management, is there a
place to discuss its theory?
Yes, the LSSConf list. It is exactly the theory counterpart to this list,
and in fact spawned this list. Here is how Paul Anderson, the creator
of the LSSConf list, describes it:
LLSconf is a group of people who are interested in configuration
theory, and building the next generation of configuration tools.
For example, we are interested in ...
- languages for describing configurations
- architectures for deploying configurations
- applications of theory to configuration techniques
- autonomic reconfiguration
Are there any groups or meetings that focus on CM?
LISA has a configuration management workshop and an associated mailing
list, LSSConf. LSSConf is to the theory of configuration management what this
list is to its practice. There has also been a CM BoF run by Luke Kanies at
the last three LISAs -- Jim Thornton from PARC has helpfully kept notes for
the 2003 BoF and the 2004 BoF;
SAGE and USENIX have done a lot to help the continued development of this
field.
There is also a network automation list meant to cover analogous ground
but for network devices rather than servers.
What are the major components to configuration management?
- Operating System Installation
This is usually done using an OS-specific tool, which then hands off to
a more generic CM tool.
- Service Deployment and Management
Computers nearly always have some services beyond what is installed with
the operating system, and for those that don't, there are usually
configurations to be managed.
- Lifecycle Management
At some point all machines are end-of-lifed, and their services have to
be obviated or migrated.
- Change Control
Most organizations have processes for controlling how a change gets
implemented. These processes usually involve one or more test
environments (even if it's just the sysadmin's desktop), documentation,
and some ability to roll back changes that fail.
- Monitoring
This essentially verifies that the services you are managing are
actually working correctly. Monitoring systems generally either
function as a ticketing system or are integrated with a
trouble-ticketing system.
- Reporting
Management usually needs to know how many servers and workstations are
being managed, what their utilization is, what licenses are installed
and where, and who has access to the services.
- Recovery
It is paramount that a configuration management system be able to
recover failed nodes or even failed data centers.
What OSS CM tools are available? (There really should be a list of tools
per category, I know.)
- Many:
-
If there are tools not listed here, please email them to luke at
madstop.com. If one of these tools is yours, please submit a bit of text to
describe your tool here.
What commercial CM tools are available?
There are many commercial tools that can be and are used for configuration
management, although some vendors focus on solving only one portion of the
problem:
Are there tools that people are using for CM even though they might not
have been developed for it?
- Oh yes:
- rsync
- rdist
- unison
- make
- hostcap
- Package Managers (e.g., RPM)
- Package Auto-Updaters (e.g., APT/dpkg, Yum, emerge)
- System Installers (e.g., Jumpstart, NIM, and Kickstart -- links
for these products would be appreciated)
- make
Why do I (or does my group) need configuration management?
If you have computers, you are already doing configuration management. The
question is, would a tool be of any help to you? The answer to this is
largely one of scale on any number of axes. For instance, if you have many
servers, or many services, or you make many changes to your systems, then an
automation tool could probably provide significant help. Automation can
also have a significant impact
On the other hand, if you only have a few machines, they are not running
many services, and they change rarely, then it might not be worth the
investment.
What are the benefits?
- Lower maintenance costs resulting from greater consistency across all systems
because all work funnels through the tools
- Lower error rate because automated tools require a test cycle and then
perform the tested work the same way everywhere
- Faster turnaround for nearly all operations because the tools can operate in
parallel and are not limited by a human's ability to type or use a mouse
- More consistent recoverability, using the same tool that built the failed
host
- And much more
What are the costs?
- Most configuration management tools have some startup cost, at the very
least while the tool is being learned. The startup cost varies by the
tool, and the time to a positive return varies both based on the tool and
the environment.
- For commercial tools, there is essentially always a software cost, there
is usually a support cost, and there is often a professional services cost
- For open source tools, there can be a greater amount of manpower needed to
make the tool work
- Services that are working fine but are essentially unmanaged often have to
be redeployed using the CM tools to take advantage of them
- During the development and deployment of the CM tools, more people are
needed because the maintenance workload is the same but some people are
now dedicated to building the CM system.
What needs of my organization should be met by a configuration
management system? ("System" includes tools, policies, procedures, best
practices, etc., this question is about the goals of the overall
system.)
It varies dramatically by the environment. Some organizations only need help
with automation, while others require very strict change control, and still
others only care about the ability to flip servers from performing one
functiion to another very quickly.
The simplest answer is that you should hope for CM tools to meet nearly all
of your CM needs, but you should expect (at least today) there to actually
be significant gaps in functionality, and you should expect to spend a
significant amount of effort on integration if you try to solve all of your
CM problems.
Do different organizations or groups have different configuration
management goals that can be met in different ways?
See the question above; yes, definitely. Stock trading floors can lose
thousands of dollars or more for every minute of downtime but only need to
be functional 10 or so hours a day, while internet services providers must
be up 24 hours a day but can usually tolerate a few machines being down.
Some organizations are so risk-intolerant that they must be able to recover
their entire network in hours, while others are willing to risk that it will
take weeks.
If so, how do I determine which needs are most important for my organization?
This is usually an assessment of cost, when it comes down to it.
Configuration management tools cost money, but there is an expectation that
they will be worth it either directly, through making the network easier to
manage or more efficient, or they will provide a kind of insurance by making
recovery less expensive.
Thus, to determine what your CM goals should be, you must first assess what
your costs are, what your risks are, and how tolerant you are of them. If
your costs are already very low and you have no need for greater
manageability, then it might seem that you have no CM needs, but if you
absolutely must be able to recover from any failure within an hour, then
your needs might be quite stringent indeed.
What are proto-typical examples of CM goals?
- Reduce system administrator time spent on problem resolution from 95% to
25%
- Be able to recover from the loss of any server in 4 hours
- Be able to recover from the loss of any data center in 24 hours
- Decrease by an order of magnitude the time it takes to deploy a service change
- Provide for a clear separation of the administration group into roles with
completely separate functions, such as design, maintenance, and user
support
When is the best time to think about and plan for configuration
management?
Before any machines are even purchased, much less provisioned. It is
probably 10 times cheaper to build systems right the first time, using
quality CM tools and practices, then to come behind and try to clean up
later.
Now that I've missed the best time to plan CM, how do I move from my
current "system" to something better?
Cautiously. Some tools will require that you rebuild your entire
infrastructure using the new tools, while others can make it trivial to
slowly migrate to using them, allowing you to keep using your old methods
until they are unnecessary.
How can progress toward those goals be measured? How can I tell if the
money or effort is well-spent?
Unfortunately, most organizations do not have a clear idea of their current
costs, so monitoring deltas from thoses costs are impossible. Thus, the
need to monitor cost deltas can actually significantly increase the apparent
cost of the CM tools.
Either way, the best way is to have a clear understanding of where you are,
an understanding of what your specific goals are, and a plan for achieving
them. The plan should include checkpoints where you test functionality and
verify that it will meet your goals. Like any large project, it needs to be
broken into management chunks, each with their own deliverables and owners.
How do I use the various CM tools to determine, implement or maintain my
CM goals?
The answer to this question depends dramatically on both the environment and
the tools in question.
How do I know what to do when?
Your CM plan should result in some clear dependency relationships -- you
must be able to install systems before you can manage them, you must be
monitoring systems before you can get alerts on them, and you must have a
change control system before you can begin making changes.
You should have laid out your high-level functional goals during the development
of your plan and then provided a basic plan for meeting them, including the
tools you'll be using. These functional goals themselves have dependency
relationships, as do the individual tools, even across functional
boundaries.
Who can I ask for help?
Nearly all commercial vendors provide professional services for helping with
implementations, and there also many consultants who specialize in this
service. A Google search should be sufficient to find many options.
What are the right questions to ask?
Any good answers to this question would be much appreciated.
I have a great idea for a new tool, what should I do?
Join the LSSConf list and describe to them your ideas -- they should be able
to provide quick feedback. The obvious next step is to create the tool, and
you should also submit a paper on it to one of the conferences (e.g.,
LISA).
Is there a recommended suite of tools to use?
At this point, no, although cfengine has by far the largest adoption of any
open source tool.
How do I integrate CM tools?
Unfortunately, neither the open source nor commercial tools have a good
history of integration. There are some projects working on this, but it is
an area in need of much help.
The best thing you can do is work with the developers of the products to
provide the integration and then either get them to support it, or find a
community willing to work with you to do so.
I also have to support Windows, what tools can help?
Most of the CM tools available these days have some support for Windows, but
you will need to investigate the tools you are hoping to use to verify their
support.
delicious
digg
technorati