[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-elitists] Congruent Infrastructure (was: Re: Surveillance)



----- Forwarded message from Andy Bennett <[email protected]> -----

Date: Sun, 08 Sep 2013 17:14:01 +0100
From: Andy Bennett <[email protected]>
To: Marc MERLIN <[email protected]>
Cc: [email protected]
Subject: [linux-elitists] Congruent Infrastructure (was: Re: Surveillance)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12

Hi,

>> Which means I need to set up that build the source
>> package and check that the binaries match thing.
>> Anyone doing this already for your favorite
>> distribution?
>  
> I did that at google for our distribution that runs in production,
> well more specifically we don't run upstream binaries at all. We've
> re-bootstrapped our own distribution, maintain and compile our own openssl,
> openssh and so forth.
> 
> We also have mostly binary invariant builds, and yes that was work, we had
> to patch stuff for sure.
> However, that process didn't tell us if the upstream binaries were the same
> because we modified most of our source to be leaner and compiled differently
> than upstream.

> Home page: http://marc.merlins.org/

I notice you did this:

http://marc.merlins.org/linux/talks/getupdates/


I'd be very interested in your views on things such as Puppet or Chef: I
myself have been very skeptical of them. Some of the issues are outlined
in this blog post (not by me):

http://blog.thestateofme.com/2013/04/30/an-adventure-with-chef/


It seems that all the evangelists for such things have never heard of
things like MIT Athena and http://www.infrastructures.org/ and don't
seem to know much about the underlying theory.

infrastructures.org describes a system similar to the one in your
slides, albeit using slightly older technology.


I'd be interested in your thoughts on "congruent infrastructure
management" especially around the issues of avoiding divergence, proving
convergence and recovery from failure that doesn't involve wiping the
machine.







Regards,
@ndy

-- 
[email protected]
http://www.ashurst.eu.org/
0x7EBA75FF

_______________________________________________
Do not Cc: anyone else on mail sent to this list.  The list server is set for maximum one recipient.
linux-elitists mailing list
[email protected]
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5