How Should You Use System Configuration Management?

Perhaps you are in the position of feeling that there must be a better way of managing systems and that the way must be through automation, but you don't see how or where to begin. Using a tool like cfengine can be daunting and it takes time to build up trust.

What does configuration mean? The configuration of resources (like disk contents and process tables) is the "state of repair" of your system. It's like tending a flower garden: knowing what to plant, when to water the flowers, etc. We do not recommend pouring water on your systems, but sprinkling them with updates and improvements is always worthwhile!

Using a configuration management facility can help you solve problems like these:

  • How do I manage my Apache configuration files?
  • How do I get maintenance jobs like backup, database updates, and so on, done at the right times in the right places?
  • How do I ensure that important system files are properly protected against unauthorized access and modification.

How is a configuration managed?

When you use cfengine, each host in a network works independently and has the last word about what happens on the system. However, many people choose to subordinate their machines to a command authority -- a "master server". Doing so has many advantages:

    Central control?

    You can make your changes all in a single location and ask clients to follow instructions from that central authoratative source. Even if you centralize your configuration policy, you can arrange for as much or as little diversity of hosts as you like.

    Individual system autonomy?

    You keep some or all of your hosts independent, accepting no instructions from outside. Usually some level of this is desirable, because there is never "one single size that fits all". If you don't maintain a basic possibility for autonomy then you run the risk of steam-rollering systems with mistakes. A good principal of management is to let specialists do their jobs. That means giving a basic level of autonomous freedom.

    Cooperation among systems?

    You can make some hosts exchange information and still maintain partial autonomy.

What do you do with a configuration management tool?

A configuration management systems provides many benefits for system administration. You can:

  • Use it to standardize the properties of hosts in your local or world-wide networks.
  • Use it to verify the permissions and owners of important files for security or management purposes.
  • Use it to distribute simplifying templates of important configuration files and verify their owners and permissions.
  • Use it easily control batch jobs and custom script execution around a network from a simple integrated interface.
  • Use it to check that versioned software packages are installed (or install them).
  • Use it to ensure that files altered by package managers are correctly adjusted to work in your environment.
  • Use it to verify that key processes are (or are not) running.
  • Use it to monitor disk usage and warn about full file-systems before a problem gets serious.
  • Use it to look for file changes using cryptographic hash checking, for security purposes or for locating human error.
  • Use it to warn about resource and capacity anomalies in your systems that might affect the performance of your system. (Integrate monitoring with change management.)

Why not buy a commerical product?

The primary commercial vendors for server configuration are BladeLogic and OpsWare, both of which have hefty license fees. These commercial vendors pander to market dsires by writing GUI applications, but Web or GUI based solutions are fundamentally opposed to the idea of autonomic management. This is contrary to cfengine's determined approach.

Cfengine's principal promise is to be based on the very best and latest research. It does not aim to be user-friendly, but user-invisible. You cannot buy cfengine, but you can still get support from active enthusiasts.

Getting Started Practicum