[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping

From: Eric Sorenson
Subject: Re: Bootstrapping
Date: Wed, 18 Feb 2004 14:00:27 -0800 (PST)

On Wed, 18 Feb 2004, Luke A. Kanies wrote:

> > > [ Binaries ]

> So you have a system outside of cfengine which actually installs the
> cfengine package, then?  That certainly simplifies the bootstrapping
> problem within cfengine, although I'd imagine it just moves it into the
> packaging system.

Yes. We use 'yum' with a little 
pre-processing, which pretends to be the client installing itself to get 
a kickstart.cfg, and compares the list of packages it gets with what's
currently installed, adding missing ones and updating versions as needed.
It runs nightly with an hour "splaytime" -- this works out very nicely 
as it keeps everything converged on the order of one day, and if we
reinstall a given machine or clone a group, we know they'll end up the
same as the currently-installed systems.

> > > [ Public Keys ]
> That's an option, but it's not a terribly appealing one.  It moves
> management of cfengine outside of cfengine, which I have a problem with.
> One of my main goals in all automation is to make all information
> accessible to all systems, but using a firewall to do access control
> requires that you set up two groupings of servers, one in the firewall and
> one in the cfengine configs.  This will almost definitely have duplication
> of information, and attempts at normalization of that info will likely be
> frustrated by any number of factors.

Well, I manage the firewall configs via cfengine, does that count? :-)
Honestly -- I hear ya, and in a different environment, say a uni where
everything had a real internet-routed IP address and the routers couldn't
be relied upon to filter stuff out, I doubt I would be this open
with the TrustKeysFrom/DynamicAddresses combo.  

> Similar to the NIS vs. anything else struggle, though, is security really
> worth the effort in this case, considering how much more effort it is?

And the really hard part is that to come to the right answer for a given site,
the admin has to engage in an analysis exercise for which we're just learning
the vocabulary. Geoff Halprin has a great quantification equation for threats,
along the lines of 
        (exposure) * (likelihood) = (risk)
which suggests that there's no blanket solution, just a continuum of 
effort<->payoff compromises. 


    Eric Sorenson - EXPLOSIVE Networking -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]