----- Original Message ----- > A self reply, as I think my knee-jerk vitriol wound up obscuring the > point I was trying to make. > > On Jul 1, 2013, at 12:23 PM, Corey Quinn <[email protected]> > wrote: > > The picture he paints of the uninvolved sysadmin who forms the > > "Department of No" is *exactly* the kind of admins I've known in > > my career who recommend CFengine for deployment. > > > > The folks who "get it," the folks who are more disciplined in their > > approach, who learned to adapt? They're all deploying > > Chef/Puppet/Salt/Ansible and run screaming from CFengine. I'm not > > saying it's a causal relationship, but the correlation is > > definitely there. > > If I can turn the simmering rage down to about a 4, the real problem > I've seen around this is a number of admins who knew CF2 very well, > and didn't want to learn about 3-- so despite the former's > deprecation, still insist upon deploying it. This is precisely the > kind of unadaptable mindset that results in the type of admin that > was referenced in Mr. Burgess's comments. > > What I'm trying to convey more clearly is that it's not the tool > itself, it's what goes into the tool selection. > > Thanks to Mark Bergman for helping me to clarify what I was going > for. > > -- Corey > _______________________________________________
On that subject...we're holding at CF2. First because the $admin1 that threw us into CF2 didn't want to learn CF3, etc. After $admin1 left, there was a knowledge gap preventing change. But, then comes $admin2 who kicks all sorts of improvements to our current CF2 and does all the ground work for a forklift upgrade to CF3. Just as he's almost done, some of the more complex promises in CF2 haven't been converted into CF3 form....meanwhile I've gone to managing my $home systems with CF3. So, I have some ideas on how to rewrite those areas (scripting standard for our group is/was Perl, but there was an $admin3 that refused to do anything except python, for which he proclaimed to be a 'python god'...wasn't interested in doing sysadmin work either. Left us with massive python scripts that we had little knowledge (though I've been learning)...poorly documented and with hidden bugs (one of which wiped out most of the passwd files in our datacenter, good thing previous $boss had mandated that all servers must have a DVD drive....though of the 4 computers in my cube, only one has a DVD drive, and it isn't a burner.) Anyways...$admin2 is ready to reveal the work he's done with the CF3 conversion to us (he's got a Jenkins backend to test all commits, which is probably way better than create a promise, commit, update, run cf-promises. fix typos, commit, update, run cf-promises. fix more typos, until its good, meanwhile other hosts are angry....but so far they recover. Though at $work there have been times where a typo disables cfengine on a host, and we don't find out until a change doesn't get made on it (broke update.cf - probably have stuff in update.cf that should've gone somewhere else? Or was that a CF3 improvement?) Other times machines stop running cfengine because cron has stopped. $admin1 had decided to be entirely cron driven on the hosts, whereas policyserver has both cfexecd and cron scheduling cfagent runs. cron for CF2 managing its host configs, cfexecd to run scripts that generate output into masterfiles (IE: our IDM system is a Oracle DB, where we have a process to gen erate passwd/shadow files for all our hosts (in triplicate)....different OSs have different system accounts, which we prepend to output from IDM....Originally CF2 only managed Solaris, later when we added RedHat $admin3 just had his process run twice creating a redhat branch of all the same passwd/shadow files with redhat's passwd header. And, then we added FreeBSD....so another branch. Which wouldn't be so bad, except its taking longer and longer to run the whole thing, and bad things happen if it overlaps itself. And, of course, users expect password changes to be near instantaneous. Ok...so $admin2 is ready to reveal or starting to reveal what he's been working on for the CF3 upgrade. When $boss decides that he wants chef (he went to a devops conference...) So, there has been work on new chef based system, but its for new servers which will live and die under the devops way. Which I'm not convinced is the right direction. When our online classroom system is slow or down, the fix usually always been "we restarted some services". Now they are talking about where they can spin up more VM instances or replace VM instances with fresh ones to deal with outages or slow downs. Going with SmartOS, and ubuntu guests in KVM. Though $boss and $admin2 and $admin4 are all busy working on chef stuff...where I've largely been sucked into yet another email migration. Though I might finally be free of email, which they had said we would be when we first outsourced it. Because our director says EST has traditionally been tier 3 email support, because email used to run on Unix (we first went onsite to Zimbra, then a Zimbra to Zimbra, and now Zimbra to O365) So, with the switch to Office 365...and being Microsoft, tier 3 should get done by the Windows group. Not sure what troubleshooting email delivery issues or contacting the service provider have anything to do with operating systems. I had been dealing with Email before I had Unix systems to deal with. But $boss says the less we have to deal with email the better, once I'm done I'll have to catch up on learning chef and ruby and the other new technologies. Guess he's decided to skip the first thing he said he would do if hired -- understand what it is what the EST and LAN groups do...since first goal of the position is promote what EST and LAN does to the rest of ITS and campus. Sin ce leadership know we do important stuff, but think that people need to know about us not just when something is broken. Especially as the CIO is tasked with Centralizing IT and eliminating redundancies (though the state wants even more reductions....like can't one University's HR system handle all the Regent Universities.... Though our University just had an outside assessment of our HR system/organization/policies.... Meanwhile we still have to keep the CF2 around for the existing systems and to continue to support other groups. In fact, I'm working on backporting some promises from my $home CF3 system to manage a new server I'm setting up at $work. If only there was an invisible way to drop CF3 on to policy server and all the existing CF2 just continued to work.... we try managing up into CF3 (something our new director says is part of his job...he's managing up our CIO.) -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: [email protected] Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
