Re: [SLUG] Who looks after your stack?
[EMAIL PROTECTED] wrote: I propose that in most cases, it's been the UNIX admins who put together the systems then install and basically configure the apps that make up the suite of apps that can be called an Information System such as a httpd, php/perl plus SSL/TLS and a databases such as Mysql or Postgres. Rachel, In my experience (mostly a very large national enterprise with a well-established IT group) you're right, it's the (Unix/Windows/...) system administrators who undertake such tasks. I once found myself pursuing an almost identical question, but along network lines instead: Who does the network configuration and administration of your server infrastructure? The network administration team or the system administration team? I've seen very few cases where it isn't the system admins that do the network configuration of the server infrastructure, yet nearly all network reconfigurations are prompted as part of projects initiated and owned by the network administration team. Who manages and configures your DNS? Your resolv.conf? Is name resolution an application service or a network service? The system adminstrators usually end up performing an entirely menial task almost completely under the direction of the network administrators. Why? Allowing the network admin team to change the IP address of an ethernet port on your server usually requires giving the router jocks your root password, something you'd never do. I've found that the allocation of responsibilities has generally fallen, somewhat pragmatically perhaps, along the lines of 'who can actually do it?' ie, along identity/access-control/authority lines. If you have the root password you can install and configure software and hence usually end up doing it, because to allow others to do it necessitates providing them with the very thing you preciously preserve: your control over the relevant piece of infrastructure. I have a case in mind that further illustrates the potential truth of this: mainframe environments. In mainframe environments the system security and rights allocation mechanisms are usually sophisticated enough and fine-grained enough that you can grant the network administration team sufficient rights for them to undertake their relevant activities, without giving them rights to completely reconfigure everything. In these environments the division of labour is often more rational. Virtual machine environments will see a shift I think, especially in the scenarios in which you're most interested: application configuration. When it becomes more common for individual or clusters of related applications to be hosted in virtual hosts rather than within the same single shared operating system instance it will be easier (read: safer|more likely) for responsibilities within a particular virtual host to be shared with the people actually responsible for the applications running within them. The application support teams may be given more power over their applications and the system administration team may voluntarily relinquish the exclusivity of rights that they currently preserve. regards Terry -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Who looks after your stack?
Hi, Please help me with a debate Who looks after your stack of software - such as in a typical LAMP environment? I propose that in most cases, it's been the UNIX admins who put together the systems then install and basically configure the apps that make up the suite of apps that can be called an Information System such as a httpd, php/perl plus SSL/TLS and a databases such as Mysql or Postgres. Of course there are also support shared objects and so on to consider as well. They maintain all this when there is an upgrade required or if a new feature needs to be added. How are you all doing this? Do you build the system and give it away to the web developers so they can download nasty binaries that may or may not integrate well together, or do they get a system that has the httpd and so on locally compiled with site specific options? Or do you give the Oracle DBA's your Postgres or Mysql to install, grant and deploy apps in, with the web devs only doing PHP scripts and similar? Or have you got a UNIX systems programmer who designs the archictecture, build standard and methods to compile the binaries and localise them and looks after periodic code refreshes each time PHP gets another cross-site vulnerability or if mod_auth_ldap needs the mem cache option and so on? Where do you draw the line? - Who looks after the httpd.conf and who looks after the httpd and who looks after it's compilation? Who looks after your stack? Inquiring minds want to know. Discuss. -- Rachel Polanskis Kingswood, Greater Western Sydney, Australia [EMAIL PROTECTED]http://www.zeta.org.au/~grove/grove.html They who would give up an essential liberty for temporary security, deserve neither liberty or security - Benjamin Franklin, 1759 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Who looks after your stack?
This one time, at band camp, [EMAIL PROTECTED] wrote: Where do you draw the line? - Who looks after the httpd.conf and who looks after the httpd and who looks after it's compilation? Who looks after your stack? Vendor builds the binaries. They've put together a stable release that you can easily define, and replicate so that one can develop for it. Syadmin builds the infrastructure (configuration of httpd, ensuring necessary deps are in place). They make sure the site configuration follows policy (security, etc). They're the one corresponding with the vendor (via bug reports, mailing lists, system documentation). Web developer builds the webapp. They work with the sysadmin to define the requirements for the webapp, and in assisting the sysadmin deploy the webapp, but are ultimately responsible for everything above the DB and the webserver. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Who looks after your stack?
[EMAIL PROTECTED] wrote: Please help me with a debate Who looks after your stack of software - such as in a typical LAMP environment? I propose that in most cases, it's been the UNIX admins who put together the systems then install and basically configure the apps that make up the suite of apps that can be called an Information System such as a httpd, php/perl plus SSL/TLS and a databases such as Mysql or Postgres. Of course there are also support shared objects and so on to consider as well. They maintain all this when there is an upgrade required or if a new feature needs to be added. How are you all doing this? Interesting question, since right now myself (the app developer) and another party (the sysadmins) are working together for the same client to deliver a web-based product. In order that responsibilities are clearly known and understood from the beginning, we have agreed that the sysadmins are responsible for: (*) installing the O/S (*) installing the LAMP components (*) maintaining the system and doing upgrades (*) system backups, data backups, system monitoring (*) testing backups really work (*) assist with documenting system config (*) keep things like cron, rsync, mail, etc. up running As a programmer/analyst, I insist on thoroughly testing the fruits of their labours before I proceed to write and deploy an application. (*) I usually have to to tweak parts of the LAMP install after testing, e.g. database: incorrect permissions for users e.g. httpd.conf needs tweaking for a specific add-on, sub-system, whatever esp. mod_perl: things only the programmer can discover e.g. some security considerations may need tweaking BUT! These kinds of changes are really minimal and do not affect the overall installation of a fresh system (*) I am responsible for the source code tree of the app I am writing and maintaining it in revision control (*) I am usually responsible for writing, testing and deploying any cron jobs that are required: they are usually intricately linked to the application I am writing (*) Writing documentation (user / system / test/ configuration) (*) Ensure documentation and edited config files are stashed in the revision control system as well. (*) TESTING: I can only test so much (esp. unit test). I will write regression tests when possible. Then I leave the remainder of testing (esp. acceptance test) with the end client. They must sign off on the app and any changes to it. If they do not want to do the acceptance testing, they must hire skilled consultants who can do it. The separation of responsibilities is a practical one. If a new box needs to be cloned, the sysadmins should be able to do it in a few hours, based on the documented existing server. Then I should be able to grab a database replica, deploy the source code and test the app within another few hours. As well, once the software app has been signed off and accepted by the client, I should be able to be hit by a bus without consequence: the sysadmins can continue to run the flawless (!haha!) system with very little intervention or tweaking. HTH cheers rickw -- _ Rick Welykochy || Praxis Services Power corrupts and PowerPoint corrupts absolutely. -- Vint Cerf -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Who looks after your stack?
On Wed, May 10, 2006 10:34, Rick Welykochy wrote: The separation of responsibilities is a practical one. If a new box needs to be cloned, the sysadmins should be able to do it in a few hours, based on the documented existing server. Then I should be able to grab a database replica, deploy the source code and test the app within another few hours. This is where virtualisation, esp. with Xen, comes to the fore. The ability to clone off a copy of a server is a matter of minutes and then it can later be migrated back into production. That's the theory, at least... As well, once the software app has been signed off and accepted by the client, I should be able to be hit by a bus without consequence: the sysadmins can continue to run the flawless (!haha!) system with very little intervention or tweaking. -- Howard LANNet Computing Associates http://lannet.com.au When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html