>>>>> "Ed" == Edmund Smith <[EMAIL PROTECTED]> writes:
Ed> Whilst I mostly agree with you, I wanted to point out that
Ed> failure in configuration file syntax is markedly less likely if
Ed> you use templating as opposed to distributing files as a whole,
Ed> and that some of the problems you go on to talk about,
Ed> e.g. valid IP addresses, valid hostnames, well formed values,
Ed> and so forth can be mostly prevented by suitable (and cheap)
Ed> source file validation; e.g. regex's on parameter values, DNS
Ed> and IP lookups at compile time. This is the approach of both
Ed> Quattor and LCFG. The overhead isn't very great because now the
Ed> values that the sysadmin is changing fall into a standard format
Ed> which you can write standard validators for ( e.g. test that
Ed> this IS a hostname of a host in my system; test that this is a
Ed> word with no punctuation in it etc etc). The templates take
Ed> care of making sure the tabs are all in the right places and
Ed> whatever other horridness is necessary.
Oddly enough, we've actually seen more problems with improperly
constructed templates and poor input validation than with semi-manual
processes. Like that study about bike helmets, I think that admins are
more careful when working in semi-manual situations.
I agree that it is possible to build quite reliable templating
mechanisms, but it is not a panacea either. If users ever need to
write their own templates (which so far appears to be a common use
case), the tools still need to deal this sort of an issue in a
reasonable way.
Ed> We agree that average sysadmins writing first order logic is a
Ed> non-starter. My concept with cfgw was that someone else (perhaps
Ed> a single senior sysadmin, perhaps a tool designer) would write
Ed> useful predicates which could then be enabled. This still seems
Ed> workable to me ("check my systems for this property, and give me
Ed> a report") from the perspective of use, but the technical
Ed> challenges are a lot harder. Simply put, I don't have time to do
Ed> it myself, and noone else seems very interested!
I think that this is really a rubber meeting the road issue. Until the
models get a _lot_ better, many of the standard sorts of failure cases
won't be detectable. (will my daemon start with this config file?)
This is probably why no one has jumped onto cfgw so far. I also think
that many administrators, particularly in smaller environments, are so
used to dealing with systemic constraints that they don't consider
them to be a big deal to work with.
-nld
_______________________________________________
lssconf-discuss mailing list
lssconf-discuss@inf.ed.ac.uk
http://lists.inf.ed.ac.uk/mailman/listinfo/lssconf-discuss
